One liner to scrape subdomains from SSL certificates

censys-scrape.sh

curl -s -X POST https://search.censys.io/api/v1/search/certificates -u $API_KEY:$SECRET -d "{\"query\":\"$TARGET\"}" | jq .results[] | grep subject_dn | grep -oE "CN=.*" | awk -F\" '
{print $1}' | awk -F\= '{print $2}' | grep -v "*" | sort -u | grep -i "$TARGET" > subs.txt