search

owasp-amass / amass

In-depth attack surface mapping and asset discovery
https://owasp.org/www-project-amass/
Other
12.06k stars 1.88k forks source link

amass subcommands and their options are different from the documentation #968

Open ntriisii opened 1 year ago

ntriisii commented 1 year ago

the latest version of amass installed from the releases doesn't contain the db or the track subcommands, as well as some options to subcommands are not present either.

steps to reproduce:

  1. go to https://github.com/owasp-amass/amass/releases
  2. download the latest release using wget https://github.com/owaspamass/amass/releases/download/v4.2.0/amass_Linux_amd64.zip
  3. unzip and chmod
  4. run ./amass

for example running ./amass enum generates this help:


        .+++:.            :                             .+++.
      +W@@@@@@8        &+W@#               o8W8:      +W@@@@@@#.   oW@@@W#+
     &@#+   .o@##.    .@@@o@W.o@@o       :@@#&W8o    .@#:  .:oW+  .@#+++&#&
    +@&        &@&     #@8 +@W@&8@+     :@W.   +@8   +@:          .@8
    8@          @@     8@o  8@8  WW    .@W      W@+  .@W.          o@#:
    WW          &@o    &@:  o@+  o@+   #@.      8@o   +W@#+.        +W@8:
    #@          :@W    &@+  &@+   @8  :@o       o@o     oW@@W+        oW@8
    o@+          @@&   &@+  &@+   #@  &@.      .W@W       .+#@&         o@W.
     WW         +@W@8. &@+  :&    o@+ #@      :@W&@&         &@:  ..     :@o
     :@W:      o@# +Wo &@+        :W: +@W&o++o@W. &@&  8@#o+&@W.  #@:    o@+
      :W@@WWWW@@8       +              :&W@@@@&    &W  .o#@@W&.   :W@WWW@@&
        +o&&&&+.                                                    +oooo.

                                                                      v4.2.0
                                           OWASP Amass Project - @owaspamass
                         In-depth Attack Surface Mapping and Asset Discovery

Usage: amass enum [options] -d DOMAIN

  -active
        Attempt zone transfers and certificate name grabs
  -addr value
        IPs and ranges (192.168.1.1-254) separated by commas
  -alts
        Enable generation of altered names
  -asn value
        ASNs separated by commas (can be used multiple times)
  -aw value
        Path to a different wordlist file for alterations
  -awm value
        "hashcat-style" wordlist masks for name alterations
  -bl value
        Blacklist of subdomain names that will not be investigated
  -blf string
        Path to a file providing blacklisted subdomains
  -brute
        Execute brute forcing after searches
  -cidr value
        CIDRs separated by commas (can be used multiple times)
  -config string
        Path to the YAML configuration file. Additional details below
  -d value
        Domain names separated by commas (can be used multiple times)
  -demo
        Censor output to make it suitable for demonstrations
  -df value
        Path to a file providing root domain names
  -dir string
        Path to the directory containing the output files
  -dns-qps int
        Maximum number of DNS queries per second across all resolvers
  -ef string
        Path to a file providing data sources to exclude
  -exclude value
        Data source names separated by commas to be excluded
  -h    Show the program usage message
  -help
        Show the program usage message
  -if string
        Path to a file providing data sources to include
  -iface string
        Provide the network interface to send traffic through
  -include value
        Data source names separated by commas to be included
  -list
        Print the names of all available data sources
  -log string
        Path to the log file where errors will be written
  -max-depth int
        Maximum number of subdomain labels for brute forcing
  -max-dns-queries int
        Deprecated flag to be replaced by dns-qps in version 4.0
  -min-for-recursive int
        Subdomain labels seen before recursive brute forcing (Default: 1) (default 1)
  -nf value
        Path to a file providing already known subdomain names (from other tools/sources)
  -nocolor
        Disable colorized output
  -norecursive
        Turn off recursive brute forcing
  -o string
        Path to the text file containing terminal stdout/stderr
  -oA string
        Path prefix used for naming all output files
  -p value
        Ports separated by commas (default: 80, 443)
  -passive
        Deprecated since passive is the default setting
  -r value
        IP addresses of untrusted DNS resolvers (can be used multiple times)
  -rf value
        Path to a file providing untrusted DNS resolvers
  -rqps int
        Maximum number of DNS queries per second for each untrusted resolver
  -scripts string
        Path to a directory containing ADS scripts
  -silent
        Disable all output during execution
  -timeout int
        Number of minutes to let enumeration run before quitting
  -tr value
        IP addresses of trusted DNS resolvers (can be used multiple times)
  -trf value
        Path to a file providing trusted DNS resolvers
  -trqps int
        Maximum number of DNS queries per second for each trusted resolver
  -v    Output status / debug / troubleshooting info
  -w value
        Path to a different wordlist file for brute forcing
  -wm value
        "hashcat-style" wordlist masks for DNS brute forcing

The user's guide can be found here: 
https://github.com/owasp-amass/amass/blob/master/doc/user_guide.md

An example configuration file can be found here: 
https://github.com/owasp-amass/amass/blob/master/examples/config.yaml

The Amass tutorial can be found here: 
https://github.com/owasp-amass/amass/blob/master/doc/tutorial.md

running amass enum -d <domain> -ip generates: flag provided but not defined: -ip

software versions:

Aure11us commented 1 year ago

Similar problem, on windows only options of intel | enum but nothing for db command. Cant interact with the results of scans.

`.\amass db

        .+++:.            :                             .+++.
      +W@@@@@@8        &+W@#               o8W8:      +W@@@@@@#.   oW@@@W#+
     &@#+   .o@##.    .@@@o@W.o@@o       :@@#&W8o    .@#:  .:oW+  .@#+++&#&
    +@&        &@&     #@8 +@W@&8@+     :@W.   +@8   +@:          .@8
    8@          @@     8@o  8@8  WW    .@W      W@+  .@W.          o@#:
    WW          &@o    &@:  o@+  o@+   #@.      8@o   +W@#+.        +W@8:
    #@          :@W    &@+  &@+   @8  :@o       o@o     oW@@W+        oW@8
    o@+          @@&   &@+  &@+   #@  &@.      .W@W       .+#@&         o@W.
     WW         +@W@8. &@+  :&    o@+ #@      :@W&@&         &@:  ..     :@o
     :@W:      o@# +Wo &@+        :W: +@W&o++o@W. &@&  8@#o+&@W.  #@:    o@+
      :W@@WWWW@@8       +              :&W@@@@&    &W  .o#@@W&.   :W@WWW@@&
        +o&&&&+.                                                    +oooo.

                                                                      v4.2.0
                                           OWASP Amass Project - @owaspamass
                         In-depth Attack Surface Mapping and Asset Discovery

Usage: C:\Users\ease\Desktop\tools\amass\amass.exe intel|enum [options]

  -h    Show the program usage message
  -help
        Show the program usage message
  -version
        Print the version number of this Amass binary

Subcommands:

        amass intel - Discover targets for enumerations
        amass enum  - Perform enumerations and network mapping

The user's guide can be found here:
https://github.com/owasp-amass/amass/blob/master/doc/user_guide.md

An example configuration file can be found here:
https://github.com/owasp-amass/amass/blob/master/examples/config.yaml

The Amass tutorial can be found here:
https://github.com/owasp-amass/amass/blob/master/doc/tutorial.md`
junktext commented 1 year ago

Yup, I have a similar issue as described by @ntriisii. I am on Kali Linux and I cannot use the -ip option for Amass enum at v4.2.0. Here are my system and Amass versions along with how to reproduce the problem:


┌──(kali㉿kali)-[~]
└─$ amass enum -ip -d example.com 
flag provided but not defined: -ip

┌──(kali㉿kali)-[~]
└─$ uname -a                     
Linux kali 6.5.0-kali2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.3-1kali2 (2023-10-03) x86_64 GNU/Linux

┌──(kali㉿kali)-[~]
└─$ apt list amass               
Listing... Done
amass/kali-rolling,now 4.2.0-0kali1 amd64 [installed]

┌──(kali㉿kali)-[~]
└─$ amass -version               
v4.2.0

For what it's worth, I also tried directly downloading the v4.2.0 binary (amass_Linux_amd64.zip) from the GitHub Releases page (https://github.com/owasp-amass/amass/releases), unzipped it, and ran that binary specifically via ./amass enum -ip -d example.com, but I got the same result as above.

huubhm commented 1 year ago

The db tools are moved to oam-tools . I'm still figuring out how to combine this

What is new about AMASS. Amass is a famous discovery tool that… | by Kyrillos Maged | Oct, 2023 | Medium