Aquatone is a great tool, developed by user @michenriksen, used for subdomain takeovers. The reason that I specifically like this tool is because it helps you enumerate subdomains easily, giving you IPs with Open Ports and their matching subdomain.
How it works
Aquatone is divided in 4 different scripts,
discover– Collects the subdomains of the domain specified
scan– Enumerate Open Ports of hosts identified previously
gather– Enumerate Web Servicies found on those hosts and take screenshots
takeover– Based on standard error messages it will report if a domain is vulnerable or not.
npm executable not found
This error pops up when some is on the gather script. The message is pretty clear to be honest, that npm executable is not present.
npm from their official Github https://github.com/npm/cli (Note is was recently moved from https://github.com/npm/npm) and install it using
git clone https://github.com/npm/cli.git cd cli make install