One liners

#Get CIDR & Org Information from Target Lists

for HOST in $(cat subs.txt);do echo $(for ip in $(dig a $HOST +short); do whois $ip | grep -e "CIDR\|Organization" | tr -s " " | paste - -; done | uniq); done

subfinder -d ibm.com -all -silent | httpx --title -mc 200 --threads 300

#Find Every domain for a target company using crt.sh

curl -s https://crt.sh/\?o\=Tesla\&output\=json > tesla.txt

cat testa.txt | jq -r '.[].common_name'

#parse out wildcard domains

cat tesla.txt | jq -r '.[].common_name' | sed 's/\*//g'

#parse unique values
cat tesla.txt | jq -r '.[].common_name' | sed 's/\*//g' | sort -u | wc -l

#Check reverse DNS with REV

cat tesla.txt | jq -r '.[].common_name' | sed 's/\*//g' | sort -u | rev | cut -d '.' -f 1,2 | rev

#Subdomains

curl -s https://crt.sh/\?q\=target.com\&output\=json | jq -r '.[].name_value' | grep -Po '(\w+\.\w+\.\w+)$' | anew > subdomains.txt

Use crt.sh against a domain list with a bash script

#!/bin/bash

# Check if the domains.txt file exists
if [ ! -f "domains.txt" ]; then
    echo "domains.txt not found."
    exit 1
fi

# Loop through each domain in domains.txt
while IFS= read -r domain; do
    # Execute the curl command for the current domain
    curl_output=$(curl -s "https://crt.sh/?q=${domain}&output=json")

    # Extract subdomains using jq
    subdomains=$(echo "$curl_output" | jq -r '.[].name_value' | grep -Po '(\w+\.\w+\.\w+)$')

    # Save subdomains to subdomains.txt
    echo "$subdomains" >> subdomains.txt

done < "domains.txt"

# Remove duplicate subdomains
sort -u -o subdomains.txt subdomains.txt