Use active recon methods

amass intel

  • Collect open source intel on an organisation like root domains and ASNs.
    More information: <https://github.com/OWASP/Amass/blob/master/doc/user_guide.md#the-intel-subcommand>.
  • Trick copyright: tl;dr; <https://github.com/tldr-pages/tldr>

amass intel -active -addr {{192.168.0.1-254}}

click the source code to copy