The OWASP Amass project is focused on DNS enumeration and network infrastructure
mapping techniques. These techniques include: obtaining subdomain names by
scraping web pages, accessing web APIs, recursive brute forcing, crawling web
archives, permuting/altering names, reverse DNS sweeping, and querying ASNs and
netblocks associated with IP addresses. The information collected during an
enumeration is used to build a network map of an organization's presence on the
Internet.

Amass reaches out to over 30 passive data sources to learn about the DNS
namespace of a target domain. By default, Amass validates all the names by
performing DNS queries across a pool of resolver servers, which spreads out the
activity generated by the enumeration. For all IP addresses collected during
this process, Amass queries for associated netblocks and ASNs. As additional
data sources become available to provide visibility of the Internet,
implementations can quickly be developed within Amass due to the simple
interfaces worked into the design.

WWW: https://owasp.org/www-project-amass/