In-depth Attack Surface Mapping and Asset Discovery
Graph Exchange XML Format (GEXF) files can now be output in order to provide findings to Gephi for visualization.
Implemented a '-oA' switch that tells the CLI to output the findings in all available file formats.
Refactored the data source modules in order to simplify the code and make is easier for others to contribute to the project.
Decoupled the services within the enumeration engine by employing an event bus. This way, services respond to events of interest and publish events without knowledge of other services.
Added a purely passive mode of execution for the CLI and the package/library.
Added 2 new data sources to help bring an even larger number of results:
IPv4info Entrust Certificate Transparency Search
This now brings Amass up to 32 data sources being accessed for subdomain names.
Added support to output HTML that contains Vis.js capable of rendering network graphs of the DNS and network infrastructure discoveries.
Major version change: The output structure returned by the package has changed, which makes this version incompatible with previous versions.
Amass now stores the DNS and infrastructure enumeration data in graphs, which can include the Neo4j graph database! If you have permission to share the visualizations that are easily generated by Neo4j, then lets see how organizations look on the Internet!
Names returned by Amass can now have multiple IP addresses and additional related infrastructure information associated with them.
Updated/fixed the Maltego local transform code
Improved the consistency between flag names
Otherwise, no major changes between v1.5.1 and v1.5.2.
Update: The 'active' flag will now cause all active information gathering techniques to be used. This includes DNS zone transfer attempts and actively pulling TLS certificates from specified ports
Added a useful subdomain name word list: subdomains.lst
Added 2 new data sources to help bring an even larger number of results:
This now brings Amass up to 23 data sources being scraped for subdomain names.
Feature Add: All data collected during the enumeration can now be save in JSON format
Feature Add: An additional flag ('axfr') can now be used to indicate that DNS zone transfers should be attempted
Added 4 new data sources to help bring an even larger number of results:
Improved the use of Robtex services by employing their free passive DNS API.
Feature Add: sudomains can now be blacklisted from the enumeration
Feature Add: recursive brute forcing can be triggered on a subdomain after making a minimum number of discoveries
The output channel provided through the configuration is now closed by the StartEnumeration function to signal the caller of completion
Other fixes have been made in response to issues posted and tweets. I appreciate all the feedback being provided by users
Updated the CLI for the tool (check the help information)
Added 4 new data sources to help bring you the greatest number of results:
Each of these new data sources bring a large number of results to amass.
Your own DNS resolvers can now be specified on the command-line or by text file.
Also made some fixes discovered by users. Thank you for the excellent feedback!
Important fixes and performance enhancements
Added the new Cloudflare DNS resolver to the list
Added color output for easier reading of the results
Removed IP address ranges from the configuration