Scribd
Upload
180 views6 pages

AMASS

The document discusses how to use the Amass tool to perform domain enumeration and OSINT. It provides the command syntax and options for the Amass subcommands: intel, enum, viz, track, and db. The intel subcommand discovers targets, enum performs enumerations and network mapping, viz visualizes results, track tracks differences between enumerations, and db manipulates the Amass graph database.

Uploaded by

shubham choudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
180 views6 pages

AMASS

The document discusses how to use the Amass tool to perform domain enumeration and OSINT. It provides the command syntax and options for the Amass subcommands: intel, enum, viz, track, and db. The intel subcommand discovers targets, enum performs enumerations and network mapping, viz visualizes results, track tracks differences between enumerations, and db manipulates the Amass graph database.

Uploaded by

shubham choudhary
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 6

https://bgp.he.net/ to find ASN number.

ASN refers to annonymous number


it is assigned to a organisation.
It is connected to various other ASNs
enum --- Enumerate
scans: active and passive

MASK-DNS
checks the domains wether the domains are working or not.
massdns -r /home/eilaka/TOOLS/massdns/lists/resolvers.txt -t A -o
/home/eilaka/Documents/dem1o.txt -w /home/eilaka/Desktop/subdomains.txt

then use
sed ‘s/A.*//’livehosts.txt | sed ‘s/CN.*//’ | sed ‘s/\..$//’ > live_subdomains.txt
sed ‘s/A.*//’livehosts.txt --- removes everything after A
sed ‘s/CN.*//’ --- removes everything after CN
sed ‘s/\..$//’ > live_subdomains.txt --- removes . At the end of domains

AMASS
amass -help
Usage: amass intel|enum|viz|track|db [options]

Subcommands:
a. amass intel - Discover targets for enumerations
Usage: amass intel [options] [-whois -d DOMAIN] [-addr ADDR -asn ASN -cidr CIDR]

-active
Attempt certificate name grabs
-addr value
IPs and ranges (192.168.1.1-254) separated by commas
-asn value
ASNs separated by commas (can be used multiple times)
-cidr value
CIDRs separated by commas (can be used multiple times)
-config string
Path to the INI configuration file. Additional details below
-d value
Domain names separated by commas (can be used multiple times)
-demo
Censor output to make it suitable for demonstrations
-df value
Path to a file providing root domain names
-dir string
Path to the directory containing the output files
-ef string
Path to a file providing data sources to exclude
-exclude value
Data source names separated by commas to be excluded
-h Show the program usage message
-help
Show the program usage message
-if string
Path to a file providing data sources to include
-include value
Data source names separated by commas to be included
-ip
Show the IP addresses for discovered names
-ipv4
Show the IPv4 addresses for discovered names
-ipv6
Show the IPv6 addresses for discovered names
-list
Print additional information
-log string
Path to the log file where errors will be written
-max-dns-queries int
Maximum number of concurrent DNS queries
-o string
Path to the text file containing terminal stdout/stderr
-org string
Search string provided against AS description information
-p value
Ports separated by commas (default: 80, 443)
-r value
IP addresses of preferred DNS resolvers (can be used multiple times)
-rf value
Path to a file providing preferred DNS resolvers
-src
Print data sources for the discovered names
-timeout int
Number of minutes to let enumeration run before quitting
-v Output status / debug / troubleshooting info
-whois
All provided domains are run through reverse whois

b. amass enum - Perform enumerations and network mapping ***********


Usage: amass enum [options] -d DOMAIN

-active
Attempt zone transfers and certificate name grabs
-addr value
IPs and ranges (192.168.1.1-254) separated by commas
-alts
Enable generation of altered names
-asn value
ASNs separated by commas (can be used multiple times)
-aw value
Path to a different wordlist file for alterations
-awm value
"hashcat-style" wordlist masks for name alterations
-bl value
Blacklist of subdomain names that will not be investigated
-blf string
Path to a file providing blacklisted subdomains
-brute
Execute brute forcing after searches
-cidr value
CIDRs separated by commas (can be used multiple times)
-config string
Path to the INI configuration file. Additional details below
-d value
Domain names separated by commas (can be used multiple times)
-demo
Censor output to make it suitable for demonstrations
-df value
Path to a file providing root domain names
-dir string
Path to the directory containing the output files
-dns-qps int
Maximum number of DNS queries per second across all resolvers
-ef string
Path to a file providing data sources to exclude
-exclude value
Data source names separated by commas to be excluded
-h Show the program usage message
-help
Show the program usage message
-if string
Path to a file providing data sources to include
-iface string
Provide the network interface to send traffic through
-include value
Data source names separated by commas to be included
-ip
Show the IP addresses for discovered names
-ipv4
Show the IPv4 addresses for discovered names
-ipv6
Show the IPv6 addresses for discovered names
-json string
Path to the JSON output file
-list
Print the names of all available data sources
-log string
Path to the log file where errors will be written
-max-depth int
Maximum number of subdomain labels for brute forcing
-max-dns-queries int
Deprecated flag to be replaced by dns-qps in version 4.0
-min-for-recursive int
Subdomain labels seen before recursive brute forcing (Default: 1) (default 1)
-nf value
Path to a file providing already known subdomain names (from other tools/sources)
-noalts
Deprecated flag to be removed in version 4.0 (default true)
-nocolor
Disable colorized output
-nolocaldb
Deprecated feature to be removed in version 4.0
-norecursive
Turn off recursive brute forcing
-o string
Path to the text file containing terminal stdout/stderr
-oA string
Path prefix used for naming all output files
-p value
Ports separated by commas (default: 80, 443)
-passive
Disable DNS resolution of names and dependent features
-r value
IP addresses of untrusted DNS resolvers (can be used multiple times)
-rf value
Path to a file providing untrusted DNS resolvers
-rqps int
Maximum number of DNS queries per second for each untrusted resolver
-scripts string
Path to a directory containing ADS scripts
-share
Deprecated feature to be removed in version 4.0
-silent
Disable all output during execution
-src
Print data sources for the discovered names
-timeout int
Number of minutes to let enumeration run before quitting
-tr value
IP addresses of trusted DNS resolvers (can be used multiple times)
-trf value
Path to a file providing trusted DNS resolvers
-trqps int
Maximum number of DNS queries per second for each trusted resolver
-v Output status / debug / troubleshooting info
-w value
Path to a different wordlist file for brute forcing
-wm value
"hashcat-style" wordlist masks for DNS brute forcing

c. amass viz - Visualize enumeration results


Usage: amass viz -d3|-dot||-gexf|-graphistry|-maltego [options]

-config string
Path to the INI configuration file. Additional details below
-d value
Domain names separated by commas (can be used multiple times)
-d3
Generate the D3 v4 force simulation HTML file
-df string
Path to a file providing root domain names
-dir string
Path to the directory containing the graph database
-dot
Generate the DOT output file
-enum int
Identify an enumeration via an index from the listing
-gexf
Generate the Gephi Graph Exchange XML Format (GEXF) file
-graphistry
Generate the Graphistry JSON file
-h Show the program usage message
-help
Show the program usage message
-i string
The Amass data operations JSON file
-maltego
Generate the Maltego csv file
-nocolor
Disable colorized output
-o string
Path to the directory for output files being generated
-oA string
Path prefix used for naming all output files
-silent
Disable all output during execution

d. amass track - Track differences between enumerations


Usage: amass track [options] -d domain

-config string
Path to the INI configuration file. Additional details below
-d value
Domain names separated by commas (can be used multiple times)
-df string
Path to a file providing root domain names
-dir string
Path to the directory containing the graph database
-h Show the program usage message
-help
Show the program usage message
-history
Show the difference between all enumeration pairs
-last int
The number of recent enumerations to include in the tracking
-nocolor
Disable colorized output
-silent
Disable all output during execution
-since string
Exclude all enumerations before (format: 01/02 15:04:05 2006 MST)
e. amass db - Manipulate the Amass graph database
Usage: amass db [options]

-config string
Path to the INI configuration file. Additional details below
-d value
Domain names separated by commas (can be used multiple times)
-demo
Censor output to make it suitable for demonstrations
-df string
Path to a file providing root domain names
-dir string
Path to the directory containing the graph database
-enum int
Identify an enumeration via an index from the listing
-h Show the program usage message
-help
Show the program usage message
-ip
Show the IP addresses for discovered names
-ipv4
Show the IPv4 addresses for discovered names
-ipv6
Show the IPv6 addresses for discovered names
-json string
Path to the JSON output file
-list
Numbered list of enums filtered on provided domains
-names
Print Just Discovered Names
-nocolor
Disable colorized output
-o string
Path to the text file containing terminal stdout/stderr
-show
Print the results for the enumeration index + domains provided
-silent
Disable all output during execution
-src
Print data sources for the discovered names
-summary
Print Just ASN Table Summary

You might also like