The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping.
Additionally, it uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.
Information Gathering Techniques Used:
Also Read – SSHD Poison : A Tool To Get Creds Of Pam Based SSHD Authentication
Installation
sudo docker build -t amass https://github.com/OWASP/Amass.git
sudo docker run amass –passive -d example.com
The wordlists maintained in the git repository are available in /wordlists/
within the docker container. For example, to use all.txt
:
sudo docker run amass -w /wordlists/all.txt -d example.com
If you prefer to build your own binary from the latest release of the source code, make sure you have a correctly configured Go >= 1.10 environment. More information about how to achieve this can be found on the golang website.Then, take the following steps:
go get -u github.com/OWASP/Amass/…
cd $GOPATH/src/github.com/OWASP/Amass
go install ./…
At this point, the binaries should be in $GOPATH/bin.
ls $GOPATH/src/github.com/OWASP/Amass/wordlists/
Packages Maintained by the Amass Project
For Homebrew on Mac, the following two commands will install it into your macOS environment:
brew tap caffix/amass
brew install amass
If your operating environment supports Snap, you can click here to install, or perform the following from the command-line:
sudo snap install amass
On Kali, follow these steps to install Snap and it + use AppArmor (for autoload):
sudo apt install snapd
sudo systemctl start snapd
sudo systemctl enable snapd
sudo systemctl start apparmor
sudo systemctl enable apparmor
Add the Snap bin directory to your PATH:
export PATH=$PATH:/snap/bin
Periodically, execute the following command to update all your snap packages:
sudo snap refresh
Packages Maintained by a Third-party
cd /usr/ports/dns/amass/ && make install clean
pkg install amass
nix-env -f ‘<nixpkgs>’ -iA amass
sudo emerge net-analyzer/amass
Periodically, execute the following command to update all packages:
sudo pentoo-updater
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…