Now enumerate the found subdomains with dirsearch:
dirsearch -u "http://domain.com" -i200 -w '/usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt'# You can also use gobuster:gobuster dir -u http://domain.com/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50