IonBazan · June 9, 2025 08:12
diff --git a/subdomains.sh b/subdomains.sh
 #!/bin/bash

 # Enumerate subdomains using HTTPS Certificate Transparency logs.
 # In most cases it's faster and more reliable than brute-force attack, especially when targeting HTTP(S) services.
 # Read more at https://certificate.transparency.dev/
 #
 # Usage: ./subdomains.sh x.com
 #
 # Prerequisites: curl, jq

 if [ -z "$1" ]; then
  echo "Usage: $0 <domain>"
  exit 1
 fi

 DOMAIN=$1

 curl -s "https://crt.sh/?q=%25.$DOMAIN&output=json" |
  jq -r '.[].name_value' |
  tr '\n' ',' |
  tr ',' '\n' |              # Flatten multiline name_values
  sed 's/^\*\.\?//' |        # Remove leading "*." if present
  sort -u                    # Sort and deduplicate
	#!/bin/bash

	# Enumerate subdomains using HTTPS Certificate Transparency logs.
	# In most cases it's faster and more reliable than brute-force attack, especially when targeting HTTP(S) services.
	# Read more at https://certificate.transparency.dev/
	#
	# Usage: ./subdomains.sh x.com
	#
	# Prerequisites: curl, jq

	if [ -z "$1" ]; then
	echo "Usage: $0 <domain>"
	exit 1
	fi

	DOMAIN=$1

	curl -s "https://crt.sh/?q=%25.$DOMAIN&output=json" \|
	jq -r '.[].name_value' \|
	tr '\n' ',' \|
	tr ',' '\n' \| # Flatten multiline name_values
	sed 's/^\\.\?//' \| # Remove leading "." if present
	sort -u # Sort and deduplicate