Indexing all major CT logs

Certificate Transparency,
structured.

Query CT logs by domain, subdomain, keyword or validity window. Structured search across billions of certificate records.

PARALLEL
Half-year table scan
Certificates split by half-year tables, queried in parallel from newest to oldest.
STRUCTURED
Typed search syntax
Pivot on domain, SAN, issuer, serial, fingerprint or validity window. No regex over raw entries.
MONITOR
Shadow IT detection
Discover unknown subdomains, rogue certificates and phishing lookalikes across your entire domain portfolio.
Results for *.acme-corp.com
1,284 certificates · 47 logs · query took 10.9s
Common Name / SANsIssuerNot BeforeNot AfterStatus

About CTlogs.io

CTlogs.io indexes Certificate Transparency logs and makes them queryable with structured, typed search. Instead of scraping raw log entries, security teams can pivot on domains, subdomains, keywords and validity windows across billions of records.

Why Certificate Transparency

Every publicly-trusted TLS certificate is recorded in append-only CT logs. That record is a goldmine for security teams: shadow IT discovery, phishing-domain detection, expiry monitoring and incident forensics all start with knowing what certificates exist for your names.

Structured, not scraped

CTlogs.io continuously ingests entries from all usable CT logs, parses each certificate, and indexes every field: subject, SANs, issuer, serial, fingerprints, validity. You query fields, not text blobs.

Architecture

The frontend is served via Cloudflare Pages. API queries are processed by a dedicated backend that scans half-year certificate tables in parallel, from newest to oldest.

6
Half-year tables
7+
CT log operators
5
Search endpoints