Feature Enhancement: add constraints to the search

caffix commented 6 years ago

@superuser5 wrote:

Would be awesome to be able to put constraints on searches to the known values (IP ranges / cert info / string in whois record ) and with logic OR/AND. The contrains feature could just look for known strings in different areas like whois records or certificate information (whois records could be very messy, so checking if known name of the organization present anywhere in the whois response should be enough):

IP v4 ranges:

asn - report and limit only to the specific subnets for the ASN
IP ranges

certificate

certificate registration details - Subject/Organization name
certificate altNames (alternative names for the certificate)

whois - match specific strings in the whois records:

phone number
email address
company name
Registrant Organization/Registrant Name
Name Server

Example: 1: amass -contrains ASN1234 2: amass -contrains "cert:GitHub AND (whois:ns1.p16.dynect.net OR whois: 1.2083895740 OR whois:abusecomplaints@markmonitor.com)"

$ whois guthub.com

Last update of whois database: 2018-07-05T20:14:03Z <<<

Domain Name: guthub.com Registry Domain ID: 1421310529_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2018-02-08T02:13:13-0800 Creation Date: 2008-03-12T13:48:25-0700 Registrar Registration Expiration Date: 2020-03-12T00:00:00-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Registrant Organization: GitHub, Inc. Registrant State/Province: CA Registrant Country: US Admin Organization: GitHub, Inc. Admin State/Province: CA Admin Country: US Tech Organization: GitHub, Inc. Tech State/Province: CA Tech Country: US Name Server: ns4.p16.dynect.net Name Server: ns1.p16.dynect.net Name Server: ns3.p16.dynect.net Name Server: ns2.p16.dynect.net DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Last update of WHOIS database: 2018-07-05T13:14:12-0700 <<<

enderphan94 commented 5 years ago

This is cool function also I'm looking for.

pdelteil commented 3 years ago

Well, if they didn't pay attention to the feature request you could use this bash function:

filterByWhoisParam()
{
#input params
whoisParam="$1"
valueParam="$2"
file="$3"

IFS=$'\n';
for domain in $(cat  $file);
    do   
        whoisResult=$(whois "$domain"|grep $whoisParam|grep $valueParam)
        if [ ${#whoisResult} -gt 0 ]
        then
            echo "$domain"   

        fi
done
}

Use it this way filterByWhoisParam "Tech Organization" "Starbucks Coffee Company" results_amass.txt

owasp-amass / amass

Feature Enhancement: add constraints to the search #9