# Simple whois scan
whois $domain
# DNS records
dig $domain +short # A records -> DNS IP lookup
dig $domain -t mx +short # MAIL records
dig $domain -t ns +short # NS, CNAME
subdomains
dig avfr $domain @10.10.10.10 # Zone transfer
dig -t axfr $domain @$IP
sublist3r -d $domain