google.com Subdomain Discovery

Discover subdomains of google.com by searching Certificate Transparency (CT) logs. This passive reconnaissance technique finds subdomains that have had SSL/TLS certificates issued for them.

//01

google.com Subdomains from CT Logs

Certificate Transparency logs are public, append-only databases of all SSL/TLS certificates issued by participating Certificate Authorities. By searching these logs for google.com, we can discover subdomains that have had certificates issued for them.

This approach is passive — it doesn't send any traffic to google.com's servers. It only queries the public crt.sh database, making it safe and non-intrusive.

//02

How Subdomain Discovery Works for google.com

When a Certificate Authority issues an SSL/TLS certificate for any subdomain of google.com, the certificate details are recorded in Certificate Transparency logs. These logs are publicly searchable.

By querying crt.sh for %.google.com, we find all certificates ever issued for google.com and its subdomains. The name_value fields from these certificates reveal subdomain names that may not be discoverable through other means.

//03

Using google.com's Subdomain Data

Discovered subdomains of google.com can help identify forgotten services, development environments, or unauthorized infrastructure. Domain administrators should regularly audit their subdomain footprint.

Note that CT log discovery only finds subdomains that have had SSL/TLS certificates issued. Subdomains using only HTTP or internal DNS records without certificates will not appear in these results.

More tools for google.com

A Record Lookup

IPv4 addresses

NS Lookup

DNS hosting & delegation

MX Lookup

Mail servers & email delivery

TXT Record Lookup

SPF, verification & more

IP Lookup

IPv4 & IPv6 addresses

DNS Lookup

Complete DNS record lookup

Email Security Checker

Full email security analysis