Find Subdomains

Finding subdomains is fundamental. The more subdomains you find, the bigger attack surface you have. Which means bigger possibility of success.

For now this seems to be a very comprehensive list of tools to find subdomains.

Subdomain Finder - C99.nl

ShodanShodan

URL and website scanner - urlscan.io

VirusTotalVirusTotal

https://dnsdumpster.com/dnsdumpster.com

Domain Security, DNS Trails and IP Tools | SecurityTrailssecuritytrails

Reverse IP Lookup - Find Other Web Sites Hosted on a Web Server