How to perform resolving subdomains given a list?

owasp-amass / amass

In-depth attack surface mapping and asset discovery

https://owasp.org/www-project-amass/

Other

11.63k stars 1.85k forks source link

How to perform resolving subdomains given a list? #197

Closed ghost closed 5 years ago

ghost commented 5 years ago

How to make amass resolve a list of potential subdomains? For example, I have a list of:

fjpower.example.com
ummundoemumamochila.example.com
web.fsv.example.com
terminprover-engelsk.example.com
....

How to just do dns resolving on the list and get output in json format?

caffix commented 5 years ago

Amass is not designed to simply resolve a list of names like MassDNS. You can provide a list of already discovered subdomain names using the '-nf' flag and provide the root domain names as the scope, and Amass will be sure to resolve the provided subdomain names while enumerating the root domain names

ghost commented 5 years ago

I found the following subdomains that are perfectly resolvable:

count.invault.io
security.invault.io
smtp.invault.io
mail.invault.io
test.invault.io
www.invault.io
download.invault.io
ticket.invault.io

But when I got "No names were discovered" error when I did amass enum -d invault.io -w wordlists/all.txt -brute. Amass still failed to get any subdomain even I passed the known subdomains with '-nf' flag.

caffix commented 5 years ago

Definitely sounds like DNS problems. Start by using the '-passive' flag in order to see what Amass is beginning the enumeration with. Then, try removing the '-passive' flag and using the '-r' flag to set the resolver to a nameserver that you know can be used successfully.