A very [very] simple and pipe-able script for finding subdomains based on [free] online services without any dependency to API-keys for penetration testers and bug bounty hunters.
chmod +x Sub-Drill.sh
./Sub-Drill.sh [Domain.Com] [optional-output-file]- threatcrowd
- hackertarget
- crt.sh
- certspotter
- spyse.com
- bufferover.run [tls,dns]
- urlscan.io
- synapsint.com
- jldc.me (anubis)
- omnisint.io (SonarSearch)
- alienvault [otx]
- riddler.io
- suip.biz [Amass,Subfinder]
- rapiddns.io
- web.archive.org
- securitytrails.com
- certificatedetails.com
- columbus.elmasy.com
- webscout.io
- api.subdomain.center
- Curl
jq