DNS Enumeration
https://github.com/anshumanbh/brutesubs
https://github.com/TheRook/subbrute
https://github.com/infosec-au/altdns
https://0xffsec.com/handbook/information-gathering/subdomain-enumeration/
Achar subdomains e domains
guia foda: https://0xffsec.com/handbook/discovery-and-scanning
primeira coisa roda as tools para achar em OSINT
amass, knock, etc.
usar GAU para pegar urls da internet e extrair subs usando GFPATTERN
usar dork para achar mais subdomains
brute forces de well-known wordlists usando o massdns ou dnsx
https://gist.github.com/jhaddix/86a06c5dc309d08580a018c66354a056
https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS
https://github.com/assetnote/commonspeak2-wordlists
Zone Transfer using `dnsrecon -a -d tesla.com`