Amass is a subdomain enumeration tool and works with active and passive enumeration.
DESCRIPTION:
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
First of all Setting an DNSValidator and getting a list of 50 resolvers, save it as 50resolvers.txt
git clone https://github.com/vortexau/dnsvalidator.git
cd dnsvalidator
python3 setup.py install
dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 200 -o resolvers.txt
sort -R resolvers.txt | tail -n 50 > 50resolvers.txt
mv 50resolvers.txt /home/kaliNOW IT'S TIME TO DOWNLOAD AMASS 🎯 :
Go to This link
Right-click copy that link and paste it on the terminal by following commands.
wget https://github.com/OWASP/Amass/releases/download/v3.13.4/amass_linux_amd64.zip
unzip amass_linux_amd64.zip
cd amass_linux_amd64
mv amass /usr/local/bin
That’s it, run the tool here we go
wow see how it looks so beautiful.
Passive Recon :
amass enum -passive -d hackerone.com -o h1.txt -rf 50resolvers.txt
Active Recon :
amass enum -active -d hackerone.com -o h1_active.txt -rf 50resolvers.txt
Thanks for reading! I hope this helps,
For more Tips & methodology Follow me
♥ Happy HΛCKING buddies ♥
I have installed amass by $ sudo apt install amass. can you help me setting us resolver and API key in its config file.can we remove # sign after inserting API keys of that services.
https://censys.io (Paid/Free-trial) [data_sources.Censys] ttl = 10080 [data_sources.Censys.Credentials] apikey =87166c26-7a94-4769-b504-6a2dac2255c5 secret =qfghYF7OWAzzHje8gNoADe9E3hfg0s43
This message didn’t send.
#resolver = 64.6.65.6 ; Verisign Secondary #resolver = 77.88.8.8 ; Yandex.DNS Secondary
This message didn’t send.
Can we remove # sign in resolver itself or add resolver form 50resolvers.txt