CertCrunchy
Uses data from SSL Certificates to find potential host names.
It just a silly Python script that either retrieves SSL Certificates based data from online sources (censys,crt.sh,certspotter...). It will attempt to extract host information from SSL Certificates.