Closed oldesec closed 5 years ago
As far as amass, you're right, it needs the -brute
flag. Good catch, I will add it.
As far as the tool composition, I have intended for each tool to use the same wordlist. I get that this leads to each tool possibly finding the same thing, but to me that seemed better than getting a random collection of results from each tool's built-in wordlist and never knowing exactly which wordlist you are using. Which is better, I'm not 100% sure, but that is my reasoning at least.
I have fixed the amass -brute
flag. Thanks!
Hi.
I looked at the tools and found out singularities.
For example, most subdomain search tools are receiving wordlists.
Example)
It seems that the tools are running in brute forcing mode.
That is, there is a concern that the same wordlist is input and the same result is output.
And it takes a long time.
Is this the design you intended?
And it appears that there is an option error in the tool.
The tool currently uses the "-w" option without the "brute" option.
the present:
Ref: https://github.com/OWASP/Amass/blob/master/doc/user_guide.md
Thanks