Closed kerberosmansour closed 5 years ago
The network infrastructure features have now been moved into the amass.netnames command-line program within the tool suite. It returns the base domains within the identified network ranges, ASNs, etc. From those domain names, the amass proper tool can discover where else they reside on the Internet.
ok so I can daisy chain to two tools to get all the results. And they can all end-up in Neo4j?
That is correct.
The amass.netnames tool will give you the domains discovered within the target network infrastructure.
All those domains can be provided to the amass subdomain enumeration tool using the ‘-df’ flag, and the information gathered is output using the ‘-do’ flag.
Finally, amass.db inserts the saved findings into Neo4j.
It appears that the feature was implemented as a side effect of the refactoring. Thoughts?
So we can now scan by ASN/CIDR/IP and find FQDNs/Subdomains on those systems. I would like to take it a step further and find out there else are these domains hosted.
Example: I run amass on a network range, it finds the following FQDNs:
I want a command that lets Amass scan the domains above (example1.com, example2.com, example3.com, example4.com). So I know where the rest of those domains are hosted.