Turbolist3r is a subdomain enumeration tool which can identify subdomain takeovers. It is heavily based on sublist3r: https://latesthackingnews.com/2016/01/27/sublist3r-free-tool-to-enumerate-subdomains-for-pentester/
Installation and usage
git clone https://github.com/fleetcaptain/Turbolist3r cd Turbolist3r/ pip3 install -r requirements.txt
There are various options such as port scanning, brute force on subdomains, input and output files, dns resolvers:
The following command shows how a typical subdomain scan would look like:
python3 turbolist3r.py -d latesthackingnews.com -a
Turbolist3r is a great tool for finding hidden subdomains, it can reveal interesting A and CNAME records.