Scribd Logo
Upload

Welcome to Scribd!

  • AMASS

    Uploaded by

    shubham choudhary
    45 views6 pages
    The document discusses how to use the Amass tool to perform domain enumeration and OSINT. It provides the command syntax and options for the Amass subcommands: intel, enum, viz, track, and db. The intel subcommand discovers targets, enum performs enumerations and network mapping, viz visualizes results, track tracks differences between enumerations, and db manipulates the Amass graph database.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    ODT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses how to use the Amass tool to perform domain enumeration and OSINT. It provides the command syntax and options for the Amass subcommands: intel, enum, viz, track, and db. The intel subcommand discovers targets, enum performs enumerations and network mapping, viz visualizes results, track tracks differences between enumerations, and db manipulates the Amass graph database.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as odt, pdf, or txt
    45 views6 pages

    AMASS

    Uploaded by

    shubham choudhary
    The document discusses how to use the Amass tool to perform domain enumeration and OSINT. It provides the command syntax and options for the Amass subcommands: intel, enum, viz, track, and db. The intel subcommand discovers targets, enum performs enumerations and network mapping, viz visualizes results, track tracks differences between enumerations, and db manipulates the Amass graph database.

    Copyright:

    © All Rights Reserved
    Download as ODT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as odt, pdf, or txt
    of 6

    https://bgp.he.net/ to find ASN number.

    ASN refers to annonymous number


    it is assigned to a organisation.
    It is connected to various other ASNs
    enum --- Enumerate
    scans: active and passive

    MASK-DNS
    checks the domains wether the domains are working or not.
    massdns -r /home/eilaka/TOOLS/massdns/lists/resolvers.txt -t A -o
    /home/eilaka/Documents/dem1o.txt -w /home/eilaka/Desktop/subdomains.txt

    then use
    sed ‘s/A.*//’livehosts.txt | sed ‘s/CN.*//’ | sed ‘s/\..$//’ > live_subdomains.txt
    sed ‘s/A.*//’livehosts.txt --- removes everything after A
    sed ‘s/CN.*//’ --- removes everything after CN
    sed ‘s/\..$//’ > live_subdomains.txt --- removes . At the end of domains

    AMASS
    amass -help
    Usage: amass intel|enum|viz|track|db [options]

    Subcommands:
    a. amass intel - Discover targets for enumerations
    Usage: amass intel [options] [-whois -d DOMAIN] [-addr ADDR -asn ASN -cidr CIDR]

    -active
    Attempt certificate name grabs
    -addr value
    IPs and ranges (192.168.1.1-254) separated by commas
    -asn value
    ASNs separated by commas (can be used multiple times)
    -cidr value
    CIDRs separated by commas (can be used multiple times)
    -config string
    Path to the INI configuration file. Additional details below
    -d value
    Domain names separated by commas (can be used multiple times)
    -demo
    Censor output to make it suitable for demonstrations
    -df value
    Path to a file providing root domain names
    -dir string
    Path to the directory containing the output files
    -ef string
    Path to a file providing data sources to exclude
    -exclude value
    Data source names separated by commas to be excluded
    -h Show the program usage message
    -help
    Show the program usage message
    -if string
    Path to a file providing data sources to include
    -include value
    Data source names separated by commas to be included
    -ip
    Show the IP addresses for discovered names
    -ipv4
    Show the IPv4 addresses for discovered names
    -ipv6
    Show the IPv6 addresses for discovered names
    -list
    Print additional information
    -log string
    Path to the log file where errors will be written
    -max-dns-queries int
    Maximum number of concurrent DNS queries
    -o string
    Path to the text file containing terminal stdout/stderr
    -org string
    Search string provided against AS description information
    -p value
    Ports separated by commas (default: 80, 443)
    -r value
    IP addresses of preferred DNS resolvers (can be used multiple times)
    -rf value
    Path to a file providing preferred DNS resolvers
    -src
    Print data sources for the discovered names
    -timeout int
    Number of minutes to let enumeration run before quitting
    -v Output status / debug / troubleshooting info
    -whois
    All provided domains are run through reverse whois

    b. amass enum - Perform enumerations and network mapping ***********


    Usage: amass enum [options] -d DOMAIN

    -active
    Attempt zone transfers and certificate name grabs
    -addr value
    IPs and ranges (192.168.1.1-254) separated by commas
    -alts
    Enable generation of altered names
    -asn value
    ASNs separated by commas (can be used multiple times)
    -aw value
    Path to a different wordlist file for alterations
    -awm value
    "hashcat-style" wordlist masks for name alterations
    -bl value
    Blacklist of subdomain names that will not be investigated
    -blf string
    Path to a file providing blacklisted subdomains
    -brute
    Execute brute forcing after searches
    -cidr value
    CIDRs separated by commas (can be used multiple times)
    -config string
    Path to the INI configuration file. Additional details below
    -d value
    Domain names separated by commas (can be used multiple times)
    -demo
    Censor output to make it suitable for demonstrations
    -df value
    Path to a file providing root domain names
    -dir string
    Path to the directory containing the output files
    -dns-qps int
    Maximum number of DNS queries per second across all resolvers
    -ef string
    Path to a file providing data sources to exclude
    -exclude value
    Data source names separated by commas to be excluded
    -h Show the program usage message
    -help
    Show the program usage message
    -if string
    Path to a file providing data sources to include
    -iface string
    Provide the network interface to send traffic through
    -include value
    Data source names separated by commas to be included
    -ip
    Show the IP addresses for discovered names
    -ipv4
    Show the IPv4 addresses for discovered names
    -ipv6
    Show the IPv6 addresses for discovered names
    -json string
    Path to the JSON output file
    -list
    Print the names of all available data sources
    -log string
    Path to the log file where errors will be written
    -max-depth int
    Maximum number of subdomain labels for brute forcing
    -max-dns-queries int
    Deprecated flag to be replaced by dns-qps in version 4.0
    -min-for-recursive int
    Subdomain labels seen before recursive brute forcing (Default: 1) (default 1)
    -nf value
    Path to a file providing already known subdomain names (from other tools/sources)
    -noalts
    Deprecated flag to be removed in version 4.0 (default true)
    -nocolor
    Disable colorized output
    -nolocaldb
    Deprecated feature to be removed in version 4.0
    -norecursive
    Turn off recursive brute forcing
    -o string
    Path to the text file containing terminal stdout/stderr
    -oA string
    Path prefix used for naming all output files
    -p value
    Ports separated by commas (default: 80, 443)
    -passive
    Disable DNS resolution of names and dependent features
    -r value
    IP addresses of untrusted DNS resolvers (can be used multiple times)
    -rf value
    Path to a file providing untrusted DNS resolvers
    -rqps int
    Maximum number of DNS queries per second for each untrusted resolver
    -scripts string
    Path to a directory containing ADS scripts
    -share
    Deprecated feature to be removed in version 4.0
    -silent
    Disable all output during execution
    -src
    Print data sources for the discovered names
    -timeout int
    Number of minutes to let enumeration run before quitting
    -tr value
    IP addresses of trusted DNS resolvers (can be used multiple times)
    -trf value
    Path to a file providing trusted DNS resolvers
    -trqps int
    Maximum number of DNS queries per second for each trusted resolver
    -v Output status / debug / troubleshooting info
    -w value
    Path to a different wordlist file for brute forcing
    -wm value
    "hashcat-style" wordlist masks for DNS brute forcing

    c. amass viz - Visualize enumeration results


    Usage: amass viz -d3|-dot||-gexf|-graphistry|-maltego [options]

    -config string
    Path to the INI configuration file. Additional details below
    -d value
    Domain names separated by commas (can be used multiple times)
    -d3
    Generate the D3 v4 force simulation HTML file
    -df string
    Path to a file providing root domain names
    -dir string
    Path to the directory containing the graph database
    -dot
    Generate the DOT output file
    -enum int
    Identify an enumeration via an index from the listing
    -gexf
    Generate the Gephi Graph Exchange XML Format (GEXF) file
    -graphistry
    Generate the Graphistry JSON file
    -h Show the program usage message
    -help
    Show the program usage message
    -i string
    The Amass data operations JSON file
    -maltego
    Generate the Maltego csv file
    -nocolor
    Disable colorized output
    -o string
    Path to the directory for output files being generated
    -oA string
    Path prefix used for naming all output files
    -silent
    Disable all output during execution

    d. amass track - Track differences between enumerations


    Usage: amass track [options] -d domain

    -config string
    Path to the INI configuration file. Additional details below
    -d value
    Domain names separated by commas (can be used multiple times)
    -df string
    Path to a file providing root domain names
    -dir string
    Path to the directory containing the graph database
    -h Show the program usage message
    -help
    Show the program usage message
    -history
    Show the difference between all enumeration pairs
    -last int
    The number of recent enumerations to include in the tracking
    -nocolor
    Disable colorized output
    -silent
    Disable all output during execution
    -since string
    Exclude all enumerations before (format: 01/02 15:04:05 2006 MST)
    e. amass db - Manipulate the Amass graph database
    Usage: amass db [options]

    -config string
    Path to the INI configuration file. Additional details below
    -d value
    Domain names separated by commas (can be used multiple times)
    -demo
    Censor output to make it suitable for demonstrations
    -df string
    Path to a file providing root domain names
    -dir string
    Path to the directory containing the graph database
    -enum int
    Identify an enumeration via an index from the listing
    -h Show the program usage message
    -help
    Show the program usage message
    -ip
    Show the IP addresses for discovered names
    -ipv4
    Show the IPv4 addresses for discovered names
    -ipv6
    Show the IPv6 addresses for discovered names
    -json string
    Path to the JSON output file
    -list
    Numbered list of enums filtered on provided domains
    -names
    Print Just Discovered Names
    -nocolor
    Disable colorized output
    -o string
    Path to the text file containing terminal stdout/stderr
    -show
    Print the results for the enumeration index + domains provided
    -silent
    Disable all output during execution
    -src
    Print data sources for the discovered names
    -summary
    Print Just ASN Table Summary

    You might also like