Zigbee AT ND command can discover nearby modules if they are in same network (same PAN ID). So in order to find a module that I do not know about its pan id, the only thing came up to my mind was brute forcing pan id. Is there a better way to find out a module other than brute forcing pan id and repeatedly query ND command? I'm currently using libxbee library in c.
You can find nearby nodes by doing an "Active Scan" (ATAS). You'll get the beacons sent by nearby routers and coordinators, with their addresses and PAN IDs. You won't see responses from end devices, and you might not see responses from devices that aren't allowing joining (I can't recall whether they send beacons or not).
This ANSI C XBee Host Library on GitHub has sample code for doing a scan and parsing the results. You can either try that library, or use it to learn the structure of the responses.