amass, httprobe, sublist3r, theHarvester: add page (#4912)

pages/common/amass-db.md

@@ -0,0 +1,20 @@
+# amass db
+
+> Interact with an Amass database.
+> More information: <https://github.com/OWASP/Amass/blob/master/doc/user_guide.md#the-db-subcommand>.
+
+- List all performed enumerations in the database:
+
+`amass db -dir {{path/to/database_directory}} -list`
+
+- Show results for a specified enumeration index and domain name:
+
+`amass db -dir {{path/to/database_directory}} -d {{domain_name}} -enum {{index_from_list}} -show`
+
+- List all found subdomains of a domain within an enumeration:
+
+`amass db -dir {{path/to/database_directory}} -d {{domain_name}} -enum {{index_from_list}} -names`
+
+- Show a summary of the found subdomains within an enumeration:
+
+`amass db -dir {{path/to/database_directory}} -d {{domain_name}} -enum {{index_from_list}} -summary`

pages/common/amass-enum.md

@@ -0,0 +1,24 @@
+# amass enum
+
+> Find subdomains of a domain.
+> More information: <https://github.com/OWASP/Amass/blob/master/doc/user_guide.md#the-enum-subcommand>.
+
+- Passively find subdomains of a domain:
+
+`amass enum -passive -d {{domain_name}}`
+
+- Find subdomains of a domain and actively verify them attempting to resolve the found subdomains:
+
+`amass enum -active -d {{domain_name}} -p {{80,443,8080}}`
+
+- Do a brute force search for subdomains:
+
+`amass enum -brute -d {{domain_name}}`
+
+- Save the results to a text file:
+
+`amass enum -o {{output_file}} -d {{domain_name}}`
+
+- Save the results to a database:
+
+`amass enum -o {{output_file}} -dir {{path/to/database_directory}}`

pages/common/amass-intel.md

@@ -0,0 +1,28 @@
+# amass intel
+
+> Collect open source intel on an organisation like root domains and ASNs.
+> More information: <https://github.com/OWASP/Amass/blob/master/doc/user_guide.md#the-intel-subcommand>.
+
+- Find root domains in an IP address range:
+
+`amass intel -addr {{192.168.0.1-254}}`
+
+- Use active recon methods:
+
+`amass intel -active -addr {{192.168.0.1-254}}`
+
+- Find root domains related to a domain:
+
+`amass intel -whois -d {{domain_name}}`
+
+- Find ASNs belonging to an organisation:
+
+`amass intel -org {{organisation_name}}`
+
+- Find root domains belonging to a given Autonomous System Number:
+
+`amass intel -asn {{asn}}`
+
+- Save results to a text file:
+
+`amass intel -o {{output_file}} -whois -d {{domain_name}}`

pages/common/amass-track.md

@@ -0,0 +1,12 @@
+# amass track
+
+> Track differences between enumerations of the same domain.
+> More information: <https://github.com/OWASP/Amass/blob/master/doc/user_guide.md#the-track-subcommand>.
+
+- Show the difference between the last two enumerations of the specified domain:
+
+`amass track -dir {{path/to/database_directory}} -d {{domain_name}} -last 2`
+
+- Show the difference between a certain point in time and the last enumeration:
+
+`amass track -dir {{path/to/database_directory}} -d {{domain_name}} -since {{01/02 15:04:05 2006 MST}}`

pages/common/amass-viz.md

@@ -0,0 +1,24 @@
+# amass viz
+
+> Visualize gathered information in a network graph.
+> More information: <https://github.com/OWASP/Amass/blob/master/doc/user_guide.md#the-viz-subcommand>.
+
+- Generate a D3.js visualization based on database data:
+
+`amass viz -d3 -dir {{path/to/database_directory}}`
+
+- Generate a DOT file based on database data:
+
+`amass viz -dot -dir {{path/to/database_directory}}`
+
+- Generate a Gephi Graph Exchange XML Format (GEXF) file based on database data:
+
+`amass viz -gexf -dir {{path/to/database_directory}}`
+
+- Generate a Graphistry JSON file based on database data:
+
+`amass viz -graphistry -dir {{path/to/database_directory}}`
+
+- Generate a Maltego CSV file based on database data:
+
+`amass viz -maltego -dir {{path/to/database_directory}}`

pages/common/amass.md

@@ -0,0 +1,20 @@
+# amass
+
+> In-depth Attack Surface Mapping and Asset Discovery tool.
+> More information: <https://github.com/OWASP/Amass>.
+
+- Check the Amass version:
+
+`amass -version`
+
+- Show general help:
+
+`amass -help`
+
+- Show help on an Amass subcommand (like `intel`, `enum`, etc.):
+
+`amass -help {{subcommand}}`
+
+- Execute an Amass subcommand:
+
+`amass {{subcommand}}`

pages/common/httprobe.md

@@ -0,0 +1,20 @@
+# httprobe
+
+> Take a list of domains and probe for working HTTP and HTTPS servers.
+> More information: <https://github.com/tomnomnom/httprobe>.
+
+- Probe a list of domains from a text file:
+
+`cat {{input_file}} | httprobe`
+
+- Only check for HTTP if HTTPS is not working:
+
+`cat {{input_file}} | httprobe --prefer-https`
+
+- Probe additional ports with a given protocol:
+
+`cat {{input_file}} | httprobe -p {{https:2222}}`
+
+- Output all available options:
+
+`httprobe --help`

pages/common/sublist3r.md

@@ -0,0 +1,20 @@
+# sublist3r
+
+> Fast subdomains enumeration tool for penetration testers.
+> More information: <https://github.com/aboul3la/Sublist3r>.
+
+- Find subdomains for a domain:
+
+`sublist3r --domain {{domain_name}}`
+
+- Find subdomains for a domain, also enabling brute force search:
+
+`sublist3r --domain {{domain_name}} --bruteforce`
+
+- Save the found subdomains to a text file:
+
+`sublist3r --domain {{domain_name}} --output {{path/to/output_file}}`
+
+- Output all available options:
+
+`sublist3r --help`

pages/common/theHarvester.md

@@ -0,0 +1,24 @@
+# theHarvester
+
+> A tool designed to be used in the early stages of a penetration test.
+> More information: <https://github.com/laramies/theHarvester>.
+
+- Gather information on a domain using Google:
+
+`theHarvester --domain {{domain_name}} --source google`
+
+- Gather information on a domain using multiple sources:
+
+`theHarvester --domain {{domain_name}} --source {{google,bing,crtsh}}`
+
+- Change the limit of results to work with:
+
+`theHarvester --domain {{domain_name}} --source {{google}} --limit {{200}}`
+
+- Save the output to two files in xml and html format:
+
+`theHarvester --domain {{domain_name}} --source {{google}} --file {{output_file_name}}`
+
+- Output all available options:
+
+`theHarvester --help`