HostileSubBruteforcer (https://github.com/nahamsec/HostileSubBruteforcer) is a command-line tool that works very similar to Knockpy. It sends requests to a domain, using common names to create subdomains, in order to discover new ones and also servers that you did not know about. Remember that, if you are assessing a public bug bounty, there are a lot of probabilities that you will be banned or blocked, owing to a lot of requests.