Sub-domain enumeration is one of the techniques used in penetration testing. The following article gives a good guide on how to start.
As a penetration tester or a bug bounty hunter, most of the times you are given a single domain or a set of domains when you start a…
Source: A penetration tester’s guide to sub-domain enumeration