Day 49/100 Hack and Improvement

1 minute read

Day 49 comes with a writeup source for path traversal and a simple use for amass.

Path traversal and magic back slash

From Rajesh Ranjan. Here is the writeup.

Using amass as a hostile eye

From Sam (CoffeeJunkie). This week I’ve been spending a decent amount of time using [amass] (https://github.com/OWASP/Amass) after wathing the Amass Bootcamp from Nahamsec. It was a little bit surprising new assets from a target that I really didn’t discover before, it was very good at gathering information related at my target, but it took a long time to do it. In spite of the long wait, I have to say the the recon with amass was worth it.

As any other tool, amass has its user’s guide is well written and totally understandable. As the creator of amass said, we can spend a lot of hours talking about this tools, and doing couple bootcamps, but for today it will be some basics for subdomain enumeration, and IP resolving.

Subdomain enumeration

Amass can make a passive and active scan depending on the user. In my case I use both with this simple command.

amass enum -brute -w dns.txt -d domain.com -o domain-subdomains.txt

Basically, what it will do it will gather subdomains in a passive phase first by looking more than 32 public resources in order to find subdomains. After doing the passive enumeration, it performs DNS brutefocing or subdomain bruteforce which will take a considerable amount of time depending on the DNS list and the targets.

IP gathering and resolving

Depending on the methodology og the hunter, IP resolving is important at the time to do port scanning using masscan. This command will gathered and resolved all the IPs by giving a list full of subdomains from the target.

amass enum -ip -df subodmain-list.txt -o subdomain-ips.txt 

Side note

Last weekend after having more free time as usual, I started to compare different subdomain enumeration tools where I got impressed with amass because it gave me better results without the need to use different tools at the same time. By reading the user’s guide there are a lot of capabilities and further enumeration to do with the tool. So, if you’re interested about using amass in your recon proceess, it’s totally recomendable to use the user’s guide for better results.

Leave a comment