A very [very] simple and pipe-able script for finding subdomains based on [free] online services without any dependency to API-keys for penetration testers and bug bounty hunters.
./Sub-Drill.sh [Domain.Com] [optional-output-file]
- threatcrowd
- hackertarget
- crt.sh
- certspotter
- spyse.com
- bufferover.run
- urlscan.io
- synapsint.com
- jldc.me (anubis)
- omnisint.io (SonarSearch)
- Curl
jq