You are currently viewing How to Install AMASS | KALI LINUX

How to Install AMASS | KALI LINUX

Amass is a subdomain enumeration tool and works with active and passive enumeration.

DESCRIPTION:

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

First of all Setting an DNSValidator and getting a list of 50 resolvers, save it as 50resolvers.txt

git clone https://github.com/vortexau/dnsvalidator.git
cd dnsvalidator
python3 setup.py install
dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 200 -o resolvers.txt
sort -R resolvers.txt | tail -n 50 > 50resolvers.txt
mv 50resolvers.txt /home/kali

NOW IT'S TIME TO DOWNLOAD AMASS 🎯 :

Go to This link

Right-click copy that link and paste it on the terminal by following commands.

wget https://github.com/OWASP/Amass/releases/download/v3.13.4/amass_linux_amd64.zip
unzip amass_linux_amd64.zip
cd amass_linux_amd64
mv amass /usr/local/bin

That’s it, run the tool here we go
wow see how it looks so beautiful.

Passive Recon :

amass enum -passive -d hackerone.com -o h1.txt -rf 50resolvers.txt

Active Recon :

amass enum -active -d hackerone.com -o h1_active.txt -rf 50resolvers.txt

Thanks for reading! I hope this helps,

For more Tips & methodology Follow me

♥ Happy HΛCKING buddies ♥

BOBBYTN

ℂ|𝔼ℍ𝕧𝟙𝟙 | 𝔹𝕦𝕘 𝕙𝕦𝕟𝕥𝕖𝕣 | ℂ𝕪𝕓𝕖𝕣 𝕊𝕖𝕔𝕦𝕣𝕚𝕥𝕪 ℝ𝕖𝕤𝕖𝕒𝕣𝕔𝕙𝕖𝕣 | 𝔼𝕥𝕙𝕚𝕔𝕒𝕝 ℍ𝕒𝕔𝕜𝕖𝕣 | 𝕄𝕒𝕤𝕥𝕖𝕣 𝕚𝕟 𝕊𝕠𝕔𝕚𝕒𝕝 𝔼𝕟𝕘𝕚𝕟𝕖𝕖𝕣𝕚𝕟𝕘...

This Post Has One Comment

  1. sanjay

    I have installed amass by $ sudo apt install amass. can you help me setting us resolver and API key in its config file.can we remove # sign after inserting API keys of that services.

    https://censys.io (Paid/Free-trial) [data_sources.Censys] ttl = 10080 [data_sources.Censys.Credentials] apikey =87166c26-7a94-4769-b504-6a2dac2255c5 secret =qfghYF7OWAzzHje8gNoADe9E3hfg0s43
    This message didn’t send.
    #resolver = 64.6.65.6 ; Verisign Secondary #resolver = 77.88.8.8 ; Yandex.DNS Secondary
    This message didn’t send.
    Can we remove # sign in resolver itself or add resolver form 50resolvers.txt

Leave a Reply