Agent402 / tools / cert-transparency

Certificate transparency search

$0.005 per call · USDC via x402 · POST /api/cert-transparency

Search public Certificate Transparency logs (via crt.sh) for every cert issued to a domain. Returns the cert list plus a deduped subdomain set extracted from the SANs — the fastest way to enumerate subdomains for a security audit. Free upstream, no key required.

Input

FieldTypeDescription
domain *stringDomain to search (also accepts host/hostname/url/email)
includeExpiredbooleanInclude expired certs (default false)
limitintegerMax certs to return (1–500, default 50)

Example output

{
  "domain": "example.com",
  "count": 2,
  "truncated": false,
  "subdomains": [
    "www.example.com"
  ],
  "certs": [
    {
      "id": 1234567890,
      "serial": "0a:1b:2c",
      "issuer": "C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1",
      "commonName": "example.com",
      "sans": [
        "example.com",
        "www.example.com"
      ],
      "notBefore": "2026-01-15T00:00:00",
      "notAfter": "2027-02-14T23:59:59"
    }
  ],
  "queriedAt": "2026-06-19T22:00:00.000Z"
}

Try it — see the 402 challenge (free)

curl -i -X POST https://agent402.tools/api/cert-transparency \
  -H "Content-Type: application/json" \
  -d '{"domain":"example.com"}'

The response is HTTP 402 Payment Required with exact payment requirements. Any x402 v2 client pays automatically and retries:

Paid call (JavaScript agent)

import { wrapFetchWithPayment } from "@x402/fetch";
import { x402Client } from "@x402/core/client";
import { registerExactEvmScheme } from "@x402/evm/exact/client";
import { privateKeyToAccount } from "viem/accounts";

const client = new x402Client();
registerExactEvmScheme(client, { signer: privateKeyToAccount(KEY) });
const payFetch = wrapFetchWithPayment(fetch, client);

const res = await payFetch("https://agent402.tools/api/cert-transparency", {
  method: "POST",
  headers: { "Content-Type": "application/json" },
  body: JSON.stringify({
    "domain": "example.com"
  }),
});

Wallet-only. This tool reaches the network/browser/storage, so it is paid in USDC via x402 (no proof-of-work tier).

Related tools

DNS lookup

USDC $0.001 · GET /api/dns

DNS lookup for a domain. Supported record types: A, AAAA, MX, TXT, NS, CNAME.

HTTP check

USDC $0.003 · POST /api/http-check

Check any public URL: status code, latency, final URL after redirects, and response headers. The uptime primitive for ag…

TLS certificate

USDC $0.003 · POST /api/tls-cert

Inspect the TLS certificate of any public host: subject, issuer, validity window, days remaining, SANs, and SHA-256 fing…