crt.sh
crt.sh is best website to fetch domains or subdomains with the help of Domain name, Organisation Name, SSL Certificate Fingerprint, etc.
You can directly search domain name on this website to fetch subdomains
Use this to find Domains of an Organisation in json format
https://crt.sh/?O=Sony&output=json
https://crt.sh/?q=Sony&output=jsonSearch SSL Certificates Thumbprint:-
You can get SSL Certificate Thumbprint value from Virustotal Relations tab
https://crt.sh/?q=f3cd41a6035ba1b1be1670386918893734363e53Google Certificate Transparency Monitoring
This is also a best website to search for all domains related to SSL Certificates. It will return so many domains including duplicates, so you will have to remove duplicates. I have created a python tool to fetch all domains/subdomains of a domain from this website and gives you unique result.
Python Script:-
https://github.com/rook1337/googlecertfarm
Facebook Certificate Transparency Monitoring
Facebook also provides this service and it provides email notification feature which mean if any new domain/subdomain is added to any SSL certificate, it will notify you through your email.
Search any domain in the search field
You can subscribe to any domain for email notification in subscriptions tab
Censys
This is web based and cli-based service which can be used to find new domains/subdomains of any domain or Organisation name.
Use this query in Search field to search for domains based on organisation name:-
parsed.issuer.organization.raw: "Apple Inc."
Enter domain name in search field for normal result:-
For Cli-based queries, check this post
Follow me on twitter for updates
https://twitter.com/imrook1337