search

Reconnaissance Methodologies for Penetration Testing Using OWASP Amass

Nerd Cafe | نرد کافه

hashtag
What is Amass?

  • Open-source reconnaissance tool

  • Uses:

    • amass intel - Discover targets for enumerations

    • amass enum - Perform enumerations and network mapping

hashtag
Usage:

  • Show the program usage message

┌──(kali㉿kali)-[~]
└─$ amass -h      

        .+++:.            :                             .+++.                                                            
      +W@@@@@@8        &+W@#               o8W8:      +W@@@@@@#.   oW@@@W#+                                              
     &@#+   .o@##.    .@@@[email protected]@@o       :@@#&W8o    .@#:  .:oW+  .@#+++&#&                                              
    +@&        &@&     #@8 +@W@&8@+     :@W.   +@8   +@:          .@8                                                    
    8@          @@     8@o  8@8  WW    .@W      W@+  .@W.          o@#:                                                  
    WW          &@o    &@:  o@+  o@+   #@.      8@o   +W@#+.        +W@8:                                                
    #@          :@W    &@+  &@+   @8  :@o       o@o     oW@@W+        oW@8                                               
    o@+          @@&   &@+  &@+   #@  &@.      .W@W       .+#@&         o@W.                                             
     WW         +@W@8. &@+  :&    o@+ #@      :@W&@&         &@:  ..     :@o                                             
     :@W:      o@# +Wo &@+        :W: +@W&o++o@W. &@&  8@#o+&@W.  #@:    o@+                                             
      :W@@WWWW@@8       +              :&W@@@@&    &W  .o#@@W&.   :W@WWW@@&                                              
        +o&&&&+.                                                    +oooo.                                               
                                                                                                                         
                                                                      v4.2.0                                             
                                           OWASP Amass Project - @owaspamass                                             
                         In-depth Attack Surface Mapping and Asset Discovery                                             
                                                                                                                         
                                                                                                                         
Usage: amass intel|enum [options]                                                                                        
                                                                                                                         
  -h    Show the program usage message                                                                                   
  -help                                                                                                                  
        Show the program usage message                                                                                   
  -version                                                                                                               
        Print the version number of this Amass binary                                                                    
                                                                                                                         
                                                                                                                         
Subcommands:                                                                                                             
                                                                                                                         
        amass intel - Discover targets for enumerations                                                                  
        amass enum  - Perform enumerations and network mapping                                                           
                                                                                                                         
The user's guide can be found here:                                                                                      
https://github.com/owasp-amass/amass/blob/master/doc/user_guide.md                                                       
                                                                                                                         
An example configuration file can be found here:                                                                         
https://github.com/owasp-amass/amass/blob/master/examples/config.yaml                                                    
                                                                                                                         
The Amass tutorial can be found here:                                                                                    
https://github.com/owasp-amass/amass/blob/master/doc/tutorial.md

hashtag
Verify Amass Installation

In Kali Linux:

If not installed:

hashtag
Passive Enumeration

hashtag
Step 1:

  • enum : This tells Amass to run enumeration mode.

  • -passive : This flag instructs Amass to perform passive reconnaissance only.

  • -d : This flag specifies the target domain.

hashtag
What This Does:

  • Collects subdomains from:

    • Certificate Transparency logs

    • Public DNS databases

    • Search engines

hashtag
Deliverables:

hashtag
Step 2: JSON Output for Analysis

hashtag
Deliverables:

  • results.json

  • Identify:

    • Number of unique IP addresses

    • Number of subdomains

    • Any staging/dev systems

hashtag
Active Enumeration (If Allowed)

Only perform if explicitly authorized.

hashtag
What This Adds:

  • DNS brute forcing

  • Subdomain permutations

  • Direct DNS queries

hashtag
💖 Support Our Work

If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.

octagon-check

TRC-20 Address: TAAVVf9ZxUpbyvTa6Gd5SGPmctBdy4PQwf

Thank you for your generosity! 🙏

hashtag
Keywords

OWASP Amass, Kali Linux, subdomain enumeration, passive reconnaissance, active reconnaissance, DNS intelligence, attack surface mapping, OSINT, domain footprinting, certificate transparency, DNS brute forcing, infrastructure discovery, asset identification, cybersecurity lab, penetration testing, external reconnaissance, network reconnaissance, threat surface analysis, security assessment, ethical hacking , Nerd Cafe , نرد کافه

hashtag
Channel Overview

🌐 Website: www.nerd-cafe.irarrow-up-right

📺 YouTube: @nerd-cafearrow-up-right

🎥 Aparat: nerd_cafearrow-up-right

📌 Pinterest: nerd_cafearrow-up-right

📱 Telegram: @nerd_cafearrow-up-right

📝 Blog: Nerd Café on Virgoolarrow-up-right

💻 GitHub: nerd-cafearrow-up-right

PreviousAutomated OSINT Reconnaissance Using SpiderFoot in Kali LinuxNextPractical DNS Enumeration Using Dnsenum in Kali Linux

Last updated