sublist3r
Fast subdomains enumeration tool for penetration testers.
TLDR
Find subdomains for a domain
$ sublist3r --domain [domain_name]
Find subdomains for a domain, also enabling brute force search
$ sublist3r --domain [domain_name] --bruteforce
Save the found subdomains to a text file
$ sublist3r --domain [domain_name] --output [path/to/output_file]
Display help
$ sublist3r --help