Amass stores the IP's associated with FQDN's when it runs an enumeration. However, I'm not sure it's updating those IP's on subsequent enumerations. Example:
One of my clients switched from using Imperva to Cloudfront for their WAF. While the FQDN of their site did not change, the IP address it resolves to did due to the change in WAF providers. However, if run oam_subs -d clientdomain.com -names -ipv4, I get the old Imperva addresses despite running a new enumeration after the switch to Cloudfront. Checking the db, I see the old IP's present, not the new ones.
I confirmed the TTL on the records has expired, and if I run a manual "host" or "dig" on the FQDN, I get the correct, new IP.
Is Amass not updating IP's after it gets the initial enumeration of an FQDN?
Amass stores the IP's associated with FQDN's when it runs an enumeration. However, I'm not sure it's updating those IP's on subsequent enumerations. Example:
One of my clients switched from using Imperva to Cloudfront for their WAF. While the FQDN of their site did not change, the IP address it resolves to did due to the change in WAF providers. However, if run oam_subs -d clientdomain.com -names -ipv4, I get the old Imperva addresses despite running a new enumeration after the switch to Cloudfront. Checking the db, I see the old IP's present, not the new ones.
I confirmed the TTL on the records has expired, and if I run a manual "host" or "dig" on the FQDN, I get the correct, new IP.
Is Amass not updating IP's after it gets the initial enumeration of an FQDN?