amass
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Details
Category: Recon
Publisher: trickest
Created Date: 6/23/2021
Container: quay.io/trickest/amass:v3.22.2
Source URL: https://github.com/owasp-amass/amass
Parameters
ports
string
Command:
-p
- Ports separated by commas (default: 443)domain
string
requiredCommand:
-d
- Domain names separated by commas (can be used multiple times)no-alts
boolean
Command:
-noalts
- Disable generation of altered namespassive
boolean
Command:
-passive
- A purely passive mode of executionshow-ip
boolean
Command:
-ip
- Show the IP addresses for discovered namestimeout
string
Command:
-timeout
- Number of minutes to execute the enumerationblacklist
string
Command:
-bl
- Blacklist of subdomain names that will not be investigatedshow-ipv4
boolean
Command:
-ipv4
- Show the IPv4 addresses for discovered namesshow-ipv6
boolean
Command:
-ipv6
- Show the IPv6 addresses for discovered namesdomain-list
file
Command:
-df
- Path to a file providing root domain namesactive-methods
boolean
Command:
-active
- Enable active recon methodswordlist-brute
file
Command:
-w
- Path to a different wordlist filebruteforce-flag
boolean
Command:
-brute
- Perform brute force subdomain enumerationini-config-file
file
Command:
-config
- Path to the INI configuration filemax-dns-queries
string
Command:
-max-dns-queries
- Deprecated flag to be replaced by dns-qps in version 4.0no-recursive-bf
boolean
Command:
-norecursive
- Turn off recursive brute forcingtrusted-resolver
string
Command:
-tr
- IP addresses of trusted DNS resolverexclude-data-file
file
Command:
-ef
- Path to a file providing data sources to excludemin-for-recursive
string
Command:
-min-for-recursive
- Subdomain labels seen before recursive brute forcing (Default: 1)print-data-sources
boolean
Command:
-src
- Print data sources for the discovered namesuntrusted-resolver
string
Command:
-r
- IP addresses of untrusted DNS resolverexclude-source-names
string
Command:
-exclude
- Data source names separated by commas to be excludedinclude-data-sources
string
Command:
-include
- Data source names separated by commas to be includedwordlist-alternations
file
Command:
-aw
- Path to a different wordlist file for alterationsdns-queries-per-second
string
Command:
-dns-qps
- Maximum number of DNS queries per secondtrusted-resolvers-file
string
Command:
-trf
- Path to a file providing trusted DNS resolversgraph-database-directory
folder
Command:
-dir
- Path to the directory containing the graph databaseuntrusted-resolvers-file
file
Command:
-rf
- Path to a file providing untrusted DNS resolversinclude-data-sources-file
file
Command:
-if
- Path to a file providing data sources to includetrusted-dns-resolvers-file
file
Command:
-trf
- Path to a file providing trusted DNS resolversblacklisted-subdomains-file
file
Command:
-blf
- Path to a file providing blacklisted subdomainsno-resolver-rate-monitoring
boolean
Command:
-noresolvrate
- Disable resolver rate monitoringuntrusted-dns-resolvers-file
file
Command:
-rf
- Path to a file providing preferred DNS resolversalready-known-subdomain-names
file
Command:
-nf
- Path to a file providing already known subdomain names (from other tools/sources)no-resolver-reliability-score
boolean
Command:
-noresolvscore
- Disable resolver reliability scoringtrusted-dns-max-queries-per-second
string
Command:
-trqps
- Maximum number of DNS queries per second for each trusted resolversuntrusted-dns-max-queries-per-second
string
Command:
-rqps
- Maximum number of DNS queries per second for untrusted resolvers