mkdir -p subs assets
subfinder -d example.com -all -nW -o subs/subfinder.txt
assetfinder -subs-only -d example.com | tee subs/assetfinder.txt
amass enum -d example.com -o subs/amass.txt
#run other subdomain tools if you want.
cat subs/*txt | sort -u > subs/all.txt
#Look for alive subdomains.
cat subs/all.txt | httpx -o assets/subs.txt
#Now let's find more assets.
cat assets/subs.txt | feroxbuster --stdin -e -w {put some good wordlist here} | tee assets/feroxbuster.txt
#For the wordlist i recomend OneListForAll: https://github.com/six2dez/OneListForAll
DNS Recon and Fuzzing with FFUF in one line Fisted hand
curl -s https://crt.sh\?q\=\%.$1\&output\=json | jq -r '.[].name_value' | gsed 's/^/https:\/\//' | sort -u | xargs -n 1 -I{} ffuf -w ~/common.txt -u {}/FUZZ -t 70 > fuzzing_domain.txt