subdomains_oneliners.sh

#!/bin/bash

echo 'Usage : bash subdomains_oneliners.sh target.com'

curl -s "https://rapiddns.io/subdomain/$1?full=1#result" |grep '<td>' |grep "$1" |cut -d '>' -f 2 |cut -d '<' -f 1 |sort -u

curl -s "https://api.certspotter.com/v1/issuances?domain=$1&include_subdomains=true&expand=dns_names" | jq .[].dns_names | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

curl -s "http://web.archive.org/cdx/search/cdx?url=*.$1/*&output=text&fl=original&collapse=urlkey" | sed -e 's_https*://__' -e "s/\/.*//" | sort -u

curl -s "https://jldc.me/anubis/subdomains/$1" | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sort -u

curl -s "https://crt.sh/?q=%25.$1&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u

curl -s "https://api.threatminer.org/v2/domain.php?q=$1&rt=5" | jq -r '.results[]' |grep -o "\w.*$1" | sort -u

curl -s "https://www.threatcrowd.org/searchApi/v2/domain/report/?domain=$1" | jq -r '.subdomains' | grep -o "\w.*$1"

curl -s "https://api.hackertarget.com/hostsearch/?q=$1"

#curl -s "https://otx.alienvault.com/api/v1/indicators/domain/$1/url_list?limit=100&page=1" | grep -o '"hostname": *"[^"]*' | sed 's/"hostname": "//' | sort -u

Great work.

Check mine as well:
https://github.com/Fadavvi/Sub-Drill