A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. It's fast. Benchmarks on small VPS hosts put around 100k DNS resolutions at 1.5-2mins. An amazon M3 box was used to make 1 mil requests in just over 3 minutes. Your mileage may vary. It's probably best to avoid using Google's resolvers if you're purely interested in speed. Trickest currently supports only json output for aiodnsbrute.

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. This version produces JSON output

Find domains and subdomains potentially related to a given domain.

Extracting URLs of a specific target based on the results of "commoncrawl.org".

Scrape domain names from SSL certificates of arbitrary hosts

Extract pieces of info from a web page's Wayback Machine history

Multi-cloud enumeration utility

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping

A tool written in golang to perform permutations, mutations and alteration of subdomains and brute force the result.

DNS enumeration script

dnsx is a fast and multi-purpose DNS toolkit allow to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied resolvers.

List all public repositories for (valid) Github usernames

The complete solution for domain recognition. Supports screenshotting, port scan, HTTP check, data import from other tools, subdomain monitoring.

GET-ACQ is a python tool used to gather all companies acquired by a given company domain name. It is done by calling SecurityTrails API.

Find endpoints on GitHub

GoAltdns is a permutation generation tool that can take a list of subdomains, permute them using a wordlist, insert indexes, numbers, dashes and increase your chance of finding that estoeric subdomain that no-one found during bug-bounty or pentest.

A tool used to brute-force DNS subodmains(with wildcard support)

Gotator is a tool to generate DNS wordlists through permutations.

Small, fast, simple tool for performing reverse DNS lookups en masse. You feed it IP addresses, it returns hostnames. This can be a useful way of finding domains and subdomains belonging to a company from their IP addresses.