Is brute forcing domains really necessary? With tools like theHarvester.py you can crawl through Google or Bing and use their resources to find the subdomains.  For example, the example that was used was for this domain, theHarvester would produce:
173.246.100.57:forum.evilzone.org
173.246.100.57:www.evilzone.org
173.246.101.14:irc.evilzone.org
173.246.100.57:vuln.evilzone.org
173.246.100.57:23irc.evilzone.org
173.246.100.57:2523irc.evilzone.org
173.246.100.57:Forum.evilzone.org
173.246.100.57:upload.evilzone.org
173.246.100.57:Vuln.evilzone.org
173.246.100.57:ns1.evilzone.org
173.246.100.57:www.forum.evilzone.org
173.246.100.57:Upload.evilzone.org
173.246.101.14:Irc.evilzone.org
173.246.100.57:www.upload.evilzone.org
173.246.100.57:archives.evilzone.org
173.246.100.57:Archives.evilzone.org

It also gave known emails. It spiders linkedin, pgp server listings, ect. TheHarvester also gives a bruteforce option as well.

A side note is that it is a violation of Google's terms of use to electronically scan their stuff.... And they will let you know

Kudos for the tutorial. No sarcasm, I love to see people taking the time to share their knowledge!!