OWASP Directory Access scanner, OpenDoor, scan a website for all possible ways it can find in order to find some "juicy" information or pages. It is also capable to scan sub-domains of a website. OpenDoor is very easy and simple to work with. It can easily install on a linux box. Just use the following commands
OpenDoor uses a list of dictionary of for guessing hidden directories and pages and subdomain. One can use there own dictionaries in conjunction with the supplied one. Dictionaries for directories is in Data/directories.dat, Data/proxy.dat for additional/own proxy servers, Data/subdomains.dat for sub-domain and useragents.dat if you want additional browser user agent.
OpenDoor provides a nice way to use threads and delay between scan timing with proxies in order to avoid detecting by potential firewalls or any other protection mechanism.
There is some issues with OpenDoor it only check a HTTP HEAD request which produces lot of false positives especially website that have custom 404 pages. Same is the case with sub-domain scanning. It basically check if the HTTP HEAD request results with a HTTP status code of 200 it mark the URL as present. Another problem i have faced with OpenDoor that it does not scan HTTPS. Having said this, it is still a useful tool in penetration tester's arsenal.