→Tools you should go for
GitHub - trickest/inventory: Asset inventory on public bug bounty programs.
→Best place for start recon
- [ ] tld scanner
- [ ] look for acquisitions
—>Crunchbase.com
- sublist3r
- assetfinder
- crt
- Subdomainer
- amass
- Findomain
- github subdomains
- puredns bruteforcing
- subdomain scrapping of cloud ranges
- asn enum with amass
- asn enum
- amass subdomain bruteforce
- probing
- [ ] https://subdomainfinder.c99.nl/