OWASP Amass项目使用开源信息收集和主动侦察技术,对攻击面和外部资产发现进行网络映射。
原文相关视频
| Technique |
Data Sources |
| APIs |
360PassiveDNS, Ahrefs, AnubisDB, BinaryEdge, BufferOver, BuiltWith, C99, Chaos, CIRCL, Cloudflare, DNSDB, DNSRepo, Detectify, FOFA, FullHunt, GitHub, GitLab, Greynoise, HackerTarget, Hunter, IntelX, LeakIX, Maltiverse, Mnemonic, N45HT, PassiveTotal, PentestTools, Quake, Shodan, SonarSearch, Spamhaus, Spyse, Sublist3rAPI, ThreatBook, ThreatCrowd, ThreatMiner, Twitter, URLScan, VirusTotal, ZETAlytics, ZoomEye |
| Certificates |
Active pulls (optional), Censys, CertSpotter, Crtsh, Digitorus, FacebookCT, GoogleCT |
| DNS |
Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing |
| Routing |
ARIN, BGPTools, BGPView, IPdata, IPinfo, NetworksDB, RADb, Robtex, ShadowServer, TeamCymru |
| Scraping |
AbuseIPDB, Ask, Baidu, Bing, DNSDumpster, DuckDuckGo, Gists, HackerOne, HyperStat, IPv4Info, PKey, RapidDNS, Riddler, Searchcode, Searx, SiteDossier, Yahoo |
| Web Archives |
ArchiveIt, Arquivo, CommonCrawl, HAW, UKWebArchive, Wayback |
| WHOIS |
AlienVault, AskDNS, DNSlytics, ONYPHE, SecurityTrails, SpyOnWeb, Umbrella, WhoisXMLAPI |
安装使用
https://github.com/OWASP/Amass/releases
|
vulab@sechelper:~/amass_linux_amd64$ ./amass -version
v3.19.3
|
枚举域名
amass enum -v -src -ip -brute -min-for-recursive 2 -d example.com
|
命令行用法信息
amass工具有几个子命令,如下所示,用于处理您的互联网曝光调查。
| Subcommand |
Description |
| intel |
收集开源情报以调查目标组织 |
| enum |
对暴露于Internet的系统执行DNS枚举和网络映射 |
| viz |
生成用于探索性分析的枚举可视化 |
| track |
将枚举结果与常见目标组织进行比较 |
| db |
管理存储枚举结果的图形数据库 |
子命令参数
intel
intel子命令可以帮助您发现与您正在调查的组织相关联的其他根域名。此子命令使用配置文件的数据源部分来获取被动情报,例如反向whois信息。
| Flag |
Description |
Example |
| -active |
Enable active recon methods |
amass intel -active -addr 192.168.2.1-64 -p 80,443,8080 |
| -addr |
IPs and ranges (192.168.1.1-254) separated by commas |
amass intel -addr 192.168.2.1-64 |
| -asn |
ASNs separated by commas (can be used multiple times) |
amass intel -asn 13374,14618 |
| -cidr |
CIDRs separated by commas (can be used multiple times) |
amass intel -cidr 104.154.0.0/15 |
| -config |
Path to the INI configuration file |
amass intel -config config.ini |
| -d |
Domain names separated by commas (can be used multiple times) |
amass intel -whois -d example.com |
| -demo |
Censor output to make it suitable for demonstrations |
amass intel -demo -whois -d example.com |
| -df |
Path to a file providing root domain names |
amass intel -whois -df domains.txt |
| -dir |
Path to the directory containing the graph database |
amass intel -dir PATH -cidr 104.154.0.0/15 |
| -ef |
Path to a file providing data sources to exclude |
amass intel -whois -ef exclude.txt -d example.com |
| -exclude |
Data source names separated by commas to be excluded |
amass intel -whois -exclude crtsh -d example.com |
| -if |
Path to a file providing data sources to include |
amass int |
最低0.47元/天 解锁文章
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
