Avoid useless requests with regexp

[gwen001]

Hi,

As far as I see when the option -a is not setted, a request to the host is performed when there is a match between the cname fingerprint and the host alias. However, sometimes (I think) those requests are useless.

Example: I am currently working on a bug bounty program where dozen of hosts are alias to blabla-0708-427040690.us-east-1.elb.amazonaws.com, this trigger the s3 bucket fingerprint performing hundreds of useless requests.

A minor change could highly improved the tool. If the cname fingerprint would be a regexp like this: \.s3[a-zA-Z0-9\-\._]*\.amazonaws\.com$

Same for heroku, could be: \.herukapp\.com$ and all others. I think this could also avoid some false positive.

Best regards,