ctfr: get the subdomains from a HTTPS website in a few seconds

CTFR Do you miss AXFR technique? This tool allows getting the subdomains from an HTTPS website in a few seconds. How does it work? CTFR does not use neither dictionary attack...