OWASP - Amass

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.

Test Infrastructure

This domain hosts a BIND9 server which exposes several test endpoints used by the Amass build process to identify any issues with domain enumeration during development.
Here are the subdomains currently in use:

axfr.owasp-amass.com: Used to test zone transfer
letsencrypt.owasp-amass.com - Used to test passive data sources such as crt.sh
bruteforce.owasp-amass.com - Used to test the brute-force module
wildcard.owasp-amass.com - Used to detect wildcards

Examples

Donec imperdiet consequat consequat. Suspendisse feugiat congue
posuere. Nulla massa urna, fermentum eget quam aliquet.

Get started!

It's super straight forward to get started - you can either download a pre-compiled release or build from source; the choice is yours.