diff --git a/programming_and_scripting_for_cybersecurity/recon_scripts/dns-recon2.sh b/programming_and_scripting_for_cybersecurity/recon_scripts/dns-recon2.sh
new file mode 100644
index 0000000..c79a799
--- /dev/null
+++ b/programming_and_scripting_for_cybersecurity/recon_scripts/dns-recon2.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# bruteforce subdomains
+# Use a wordlist of your choice. I am using dnscan's wordlist in this example
+
+for domain in $(cat /usr/share/wordlists/dnscan/subdomains-100.txt);
+do host $domain.h4cker.org;sleep 2;done | grep has | sort -u