Previously, users of #owasp @amass found this helpful:

1) amass intel -whois -config amass.ini -d domain.tld -o domains.txt

2) amass enum -config amass.ini -df domains.txt

3) amass db -names -df domains.txt -o hosts.txt

4) nmap -Pn -sV -A -iL hosts.txt -oN results.txt

#osint #recon #attacksurface #redteam #bugbounty #securityassessments #AttackSurfaceMapping #attacksurfacemgmt #opensource #opensourceintelligence