TL;TR; @jhaddix bug hunter methodology v4 Youtube: https://www.youtube.com/watch?v=p4JgIu1mceI
crunchbase.com
google.com
bgp.he.net
echo 'tesla' | metabigor net --org -v
amasss intel -asn 46489
http://api.whoxy.com/?key=APIkeyHERE&reverse=whois&name=Twich+Hostmaster
python ./domLink.py -d vip.com -o vip.txt
builtwith.com
https://www.shodan.io/search?query=twitch.tv
https://github.com/jaeles-project/gospider
gospider -s https://twitch.tv
https://github.com/hakluke/hakrawler
gospider -s "https://google.com/" -o output -c 10 -d 1
https://github.com/nsonaniya2010/SubDomainizer
python3 SubDomainizer.py -u http://www.example.com
https://github.com/m8r0wn/subscraper
subscraper --enum 2 example.com
site:twitch.tv -www.twitch.tv
amass -d twitch.tv
https://github.com/projectdiscovery/subfinder
subfinder -d hackerone.com -v
https://github.com/gwen001/github-search/blob/master/github-subdomains.py
python3 github-subdomain.py -t "$GIT_TOKEN" -d twitch.tv
https://github.com/incogbyte/shosubgo
go run main.go -d target.com -s YourAPIKEY
amass enum -brute -d twitch.tv -src
amass enum -brute -d twitch.tv -rf resolvers.txt -w bruteforce.list
https://github.com/projectdiscovery/shuffledns
shuffledns -d hackerone.com -w words.txt -r resolvers-excellent.txt
https://github.com/assetnote/commonspeak2
masscan -p1-65535 -iL $ipFile --max-rate 1800 -oG $outPut.log
Masscan wrapper which resolve hostnames.
dnmasscan example.txt dns.log -p80,443 -oG masscan.log
https://github.com/x90skysn3k/brutespray masscan-> nmap service scan -oG -> brutespray
python brutespray.py --file nmap.gnmap
https://www.youtube.com/watch?v=l0YsEk_59fQ
Eyewitness Aquatone httpscreenshot
https://github.com/EdOverflow/can-i-take-over-xyz
https://github.com/Ice3man543/SubOver
SubOver -l subdomains.txt -v
https://github.com/projectdiscovery/nuclei
nuclei -l urls.txt -t files/git-core.yaml -o results.txt
https://github.com.haddix/tbhm/blob/master/v4/all2.txt
https://github.com/AdmiralGaust/bountyRecon
https://github.com/offhourscoding/recon