CT Watch

Watch every certificate
the moment it's logged.

CT Watch tails the public Certificate Transparency logs, archives them, and alerts you when a new certificate matches a domain or keyword you care about. Search it now, or wire up a webhook.

e.g. example.com · cloudflare.com

Sign in Install the CLI

search

Query the log stream

Search Certificate Transparency by domain or subdomain. CT Watch serves matches from a local archive and lazily backfills from crt.sh on a miss — no account needed to try it.

watch

Get alerted on new certs

Add a domain or keyword rule and CT Watch tails the logs for you. The moment a matching certificate is issued, it fires a signed webhook at your endpoint.

recon

Map an attack surface

New subdomains show up in CT before they show up anywhere else. Point CT Watch at a target and watch the surface expand in real time — built for bug-bounty and pentest recon.

command line

Drive it from the terminal

The ctw CLI runs the same search and manages your watch rules. Sign in once with a device code — no API keys to mint or rotate.

ctw CLI reference → 
$ ctw login
  open https://… and enter CODE-1234

$ ctw query example.com
  3 certs (local)

$ ctw watch add example.com --kind domain
  + rule 1 [domain] example.com