gobuster -m dns -w /path/to/wordlist.txt -u domain.com -i -q >> Subdomains.tmpcat Subdomains.tmp | grep Found |x cut -d " " -f 2 > Subdomains.txtrm Subdomains.tmp
for i in $(cat wildcards.txt); do sslscan --no-colour --show-certificate $i | grep -E "Altnames:" | tee -a ssldomains.txt; donecat ssldomains.txt | sed 's/DNS:/&\n/g' | cut -d "," -f 1 | sort -u > ssldomains.tmpcat wildcards.txt >> ssldomains.tmpcat ssldomains.tmp | sort -u > ssldomains.txtrm ssldomains.tmp
amass --passive -d DOMAIN.com
./bin/massdns -r resolvers.txt -t AAAA -w results.txt domains.txt
​https://github.com/PaulSec/API-dnsdumpster.com​
​