amass usefully command

amass enum -d domain.com

Amass has a lot of data sources, but the ones that require API keys are: AlienVault, BinaryEdge, BufferOver, BuiltWith, C99, Censys, Chaos, CIRCL, DNSDB, DNSTable, FacebookCT, GitHub, HackerOne, HackerTarget, NetworksDB, PassiveTotal, RapidDNS, Riddler, SecurityTrails, Shodan, SiteDossier, Spyse, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML, ZETAlytics, Cloudflare

using Config.ini file

https://github.com/OWASP/Amass/blob/master/examples/config.ini

amass enum -d domain.com -config ./myconfigfile.ini

The 5 Holy Sub-commands

  • amass intel — Discover targets for enumerations
  • amass enum — Perform enumerations and network mapping
  • amass viz — Visualize enumeration results
  • amass track — Track differences between enumerations
  • amass DB — Manipulate the Amass graph database

Reverse Whois amass intel -d domain.com -whois

SSL Certificate Grabbing amass intel -active -cidr 0.0.0.0/24

Using ASNs amass intel -org “organization name”

using ASNs Number amass intel -active -asn 000000

Putting Amass intel techniques together recursively amass intel -asn 000000 -whois -d domain.com

Amass enum Get some subdomains amass enum -d domain.com

Get more subdomains amass enum -d domain.com -active -cidr 2.2.2.2/24,1.1.1.1/24 -asn 123456

Tracking things in amass Shows differences between enumerations that included the same target(s) for monitoring a target’s attack surface. This subcommand only leverages the ‘output_directory’ and remote graph database settings from the configuration file. Flags for performing Internet exposure monitoring across the enumerations in the graph database: e.g. amass track -d domain.com

Visualization amass viz to create awesome-looking graphs of your recon data

Amass DB Performs viewing and manipulation of the graph database. This subcommand only leverages the ‘output_directory’ and remote graph database settings from the configuration file. Flags for interacting with the enumeration findings in the graph database include: e.g. amass DB -show -d domain.com

The documentation for the scripting engine can be found here

https://github.com/OWASP/Amass/blob/master/doc/user_guide.md

You guys have any other useful command in your mind.Please tell us in comment

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store