anselmomathias
commented
1 month ago The data in config.yaml that you mentioned are default parameters used to configure the scope of domains, IPs, ASNs, CIDRs, and ports for an enumeration or audit process, such as a penetration test. If you notice that example.com is being enumerated, this indicates that the file is still using default configuration values, which might not be ideal because:
Domains and IPs: The domains and IPs listed in config.yaml are used as targets for scanning. Leaving values like "example.com" or "192.0.2.x" means that the scope of the scan may not be adequate for your project or might not be targeting the correct objectives. ASN and CIDR: These fields are used to define entire networks or IP blocks that will be targeted in the scan. If these values are not updated for your specific scope, the scans will be inaccurate. Ports and Blacklist: Setting the ports to be actively scanned and which subdomains to ignore is also important. If these ports are not customized according to the target, you may miss important services or test unnecessary areas. Recommendations: Edit Configuration: Personalize the fields domains, ips, asns, cidrs, ports, and blacklist based on the targets you are authorized to test. Tool Documentation: Consult the documentation of the tool you're using with this config.yaml. Scanning tools like Masscan, Nmap, or Amass have specific recommendations for tuning these parameters effectively. Custom Scope: Clearly define the scope (domains, IPs, ports) based on what has been authorized by the security team or the client, ensuring you do not exceed the boundaries of what can be tested.
it may be the most ridiculous Q, but should I comment these default-data in config.yaml or edit on it:
I was dealing with it without modifying it, but recently i noticed that it's enumerate on example.com
If someone could refer me to a useful article or whatever for dealing with whole amass configuration I would be grateful.