#whois
Find owner/contact of domain address
- whois koknet.xyz
#dig
Get nameserver and test for DNS transfer
- dig koknet.xyz
#nmap
Network mapping across IP/domain name
- nmap -A koknet.xyz //can use any other options
#amass
Combine various source for subdomains enumation
- amass enum -src -brute -min-for-recursive 2 -d koknet.xyz