A Go tool for discovering subdomains from Certificate Transparency (CT) logs using crt.sh.
rootf queries the crt.sh Certificate Transparency database to find subdomains for given root domains. It extracts subdomain information from SSL certificate entries and filters them to only include valid subdomains of the specified root domains.
- Query crt.sh CT logs for subdomain discovery
- Accept input from file or stdin (piping)
- Automatic retry mechanism for failed requests
- Deduplication of results
- Sorted output
- Rate limiting to avoid overwhelming the API
Install directly from GitHub:
go install github.com/hackruler/rootf@latestClone the repository and build:
git clone https://github.com/hackruler/rootf.git
cd rootf
go build -o rootf rootf.goOr build directly:
go build -o rootf rootf.gogo run rootf.go [options]Note: Make sure you have Go 1.16 or higher installed for go install to work properly.
rootf -l domains.txtecho "example.com" | rootfOr with multiple domains:
cat domains.txt | rootf-h: Show help menu-l <file>: Specify the domain file. If not provided, input can be piped from stdin.
echo "example.com" > domains.txt
rootf -l domains.txtcat > domains.txt << EOF
example.com
github.com
google.com
EOF
rootf -l domains.txtecho -e "example.com\ngithub.com" | rootfThe tool outputs unique, sorted subdomains to stdout, one per line:
subdomain1.example.com
subdomain2.example.com
subdomain3.example.com
- If a request fails or returns no results, the tool will retry once after a 20-second delay
- If the retry also fails, a warning is printed to stderr and the domain is skipped
- The tool includes a 1-second delay between domain queries to avoid rate limiting
- Go 1.11 or higher
- Internet connection (to query crt.sh API)
This tool is provided as-is for educational and security research purposes.