From 2f2a1144ffa33fd43055c7cc7ef5c1b8d5ad224f Mon Sep 17 00:00:00 2001 From: Wilco Date: Fri, 6 Nov 2020 11:59:13 +0100 Subject: [PATCH] amass, httprobe, sublist3r, theHarvester: add page (#4912) --- pages/common/amass-db.md | 20 ++++++++++++++++++++ pages/common/amass-enum.md | 24 ++++++++++++++++++++++++ pages/common/amass-intel.md | 28 ++++++++++++++++++++++++++++ pages/common/amass-track.md | 12 ++++++++++++ pages/common/amass-viz.md | 24 ++++++++++++++++++++++++ pages/common/amass.md | 20 ++++++++++++++++++++ pages/common/httprobe.md | 20 ++++++++++++++++++++ pages/common/sublist3r.md | 20 ++++++++++++++++++++ pages/common/theHarvester.md | 24 ++++++++++++++++++++++++ 9 files changed, 192 insertions(+) create mode 100644 pages/common/amass-db.md create mode 100644 pages/common/amass-enum.md create mode 100644 pages/common/amass-intel.md create mode 100644 pages/common/amass-track.md create mode 100644 pages/common/amass-viz.md create mode 100644 pages/common/amass.md create mode 100644 pages/common/httprobe.md create mode 100644 pages/common/sublist3r.md create mode 100644 pages/common/theHarvester.md diff --git a/pages/common/amass-db.md b/pages/common/amass-db.md new file mode 100644 index 0000000000..73d278c9a6 --- /dev/null +++ b/pages/common/amass-db.md @@ -0,0 +1,20 @@ +# amass db + +> Interact with an Amass database. +> More information: . + +- List all performed enumerations in the database: + +`amass db -dir {{path/to/database_directory}} -list` + +- Show results for a specified enumeration index and domain name: + +`amass db -dir {{path/to/database_directory}} -d {{domain_name}} -enum {{index_from_list}} -show` + +- List all found subdomains of a domain within an enumeration: + +`amass db -dir {{path/to/database_directory}} -d {{domain_name}} -enum {{index_from_list}} -names` + +- Show a summary of the found subdomains within an enumeration: + +`amass db -dir {{path/to/database_directory}} -d {{domain_name}} -enum {{index_from_list}} -summary` diff --git a/pages/common/amass-enum.md b/pages/common/amass-enum.md new file mode 100644 index 0000000000..654cd6d9a1 --- /dev/null +++ b/pages/common/amass-enum.md @@ -0,0 +1,24 @@ +# amass enum + +> Find subdomains of a domain. +> More information: . + +- Passively find subdomains of a domain: + +`amass enum -passive -d {{domain_name}}` + +- Find subdomains of a domain and actively verify them attempting to resolve the found subdomains: + +`amass enum -active -d {{domain_name}} -p {{80,443,8080}}` + +- Do a brute force search for subdomains: + +`amass enum -brute -d {{domain_name}}` + +- Save the results to a text file: + +`amass enum -o {{output_file}} -d {{domain_name}}` + +- Save the results to a database: + +`amass enum -o {{output_file}} -dir {{path/to/database_directory}}` diff --git a/pages/common/amass-intel.md b/pages/common/amass-intel.md new file mode 100644 index 0000000000..30535ee1b1 --- /dev/null +++ b/pages/common/amass-intel.md @@ -0,0 +1,28 @@ +# amass intel + +> Collect open source intel on an organisation like root domains and ASNs. +> More information: . + +- Find root domains in an IP address range: + +`amass intel -addr {{192.168.0.1-254}}` + +- Use active recon methods: + +`amass intel -active -addr {{192.168.0.1-254}}` + +- Find root domains related to a domain: + +`amass intel -whois -d {{domain_name}}` + +- Find ASNs belonging to an organisation: + +`amass intel -org {{organisation_name}}` + +- Find root domains belonging to a given Autonomous System Number: + +`amass intel -asn {{asn}}` + +- Save results to a text file: + +`amass intel -o {{output_file}} -whois -d {{domain_name}}` diff --git a/pages/common/amass-track.md b/pages/common/amass-track.md new file mode 100644 index 0000000000..1243b4d4c9 --- /dev/null +++ b/pages/common/amass-track.md @@ -0,0 +1,12 @@ +# amass track + +> Track differences between enumerations of the same domain. +> More information: . + +- Show the difference between the last two enumerations of the specified domain: + +`amass track -dir {{path/to/database_directory}} -d {{domain_name}} -last 2` + +- Show the difference between a certain point in time and the last enumeration: + +`amass track -dir {{path/to/database_directory}} -d {{domain_name}} -since {{01/02 15:04:05 2006 MST}}` diff --git a/pages/common/amass-viz.md b/pages/common/amass-viz.md new file mode 100644 index 0000000000..c3dc7b9bf6 --- /dev/null +++ b/pages/common/amass-viz.md @@ -0,0 +1,24 @@ +# amass viz + +> Visualize gathered information in a network graph. +> More information: . + +- Generate a D3.js visualization based on database data: + +`amass viz -d3 -dir {{path/to/database_directory}}` + +- Generate a DOT file based on database data: + +`amass viz -dot -dir {{path/to/database_directory}}` + +- Generate a Gephi Graph Exchange XML Format (GEXF) file based on database data: + +`amass viz -gexf -dir {{path/to/database_directory}}` + +- Generate a Graphistry JSON file based on database data: + +`amass viz -graphistry -dir {{path/to/database_directory}}` + +- Generate a Maltego CSV file based on database data: + +`amass viz -maltego -dir {{path/to/database_directory}}` diff --git a/pages/common/amass.md b/pages/common/amass.md new file mode 100644 index 0000000000..e12c8819b0 --- /dev/null +++ b/pages/common/amass.md @@ -0,0 +1,20 @@ +# amass + +> In-depth Attack Surface Mapping and Asset Discovery tool. +> More information: . + +- Check the Amass version: + +`amass -version` + +- Show general help: + +`amass -help` + +- Show help on an Amass subcommand (like `intel`, `enum`, etc.): + +`amass -help {{subcommand}}` + +- Execute an Amass subcommand: + +`amass {{subcommand}}` diff --git a/pages/common/httprobe.md b/pages/common/httprobe.md new file mode 100644 index 0000000000..f5429e110a --- /dev/null +++ b/pages/common/httprobe.md @@ -0,0 +1,20 @@ +# httprobe + +> Take a list of domains and probe for working HTTP and HTTPS servers. +> More information: . + +- Probe a list of domains from a text file: + +`cat {{input_file}} | httprobe` + +- Only check for HTTP if HTTPS is not working: + +`cat {{input_file}} | httprobe --prefer-https` + +- Probe additional ports with a given protocol: + +`cat {{input_file}} | httprobe -p {{https:2222}}` + +- Output all available options: + +`httprobe --help` diff --git a/pages/common/sublist3r.md b/pages/common/sublist3r.md new file mode 100644 index 0000000000..635483c823 --- /dev/null +++ b/pages/common/sublist3r.md @@ -0,0 +1,20 @@ +# sublist3r + +> Fast subdomains enumeration tool for penetration testers. +> More information: . + +- Find subdomains for a domain: + +`sublist3r --domain {{domain_name}}` + +- Find subdomains for a domain, also enabling brute force search: + +`sublist3r --domain {{domain_name}} --bruteforce` + +- Save the found subdomains to a text file: + +`sublist3r --domain {{domain_name}} --output {{path/to/output_file}}` + +- Output all available options: + +`sublist3r --help` diff --git a/pages/common/theHarvester.md b/pages/common/theHarvester.md new file mode 100644 index 0000000000..0a13cbb4be --- /dev/null +++ b/pages/common/theHarvester.md @@ -0,0 +1,24 @@ +# theHarvester + +> A tool designed to be used in the early stages of a penetration test. +> More information: . + +- Gather information on a domain using Google: + +`theHarvester --domain {{domain_name}} --source google` + +- Gather information on a domain using multiple sources: + +`theHarvester --domain {{domain_name}} --source {{google,bing,crtsh}}` + +- Change the limit of results to work with: + +`theHarvester --domain {{domain_name}} --source {{google}} --limit {{200}}` + +- Save the output to two files in xml and html format: + +`theHarvester --domain {{domain_name}} --source {{google}} --file {{output_file_name}}` + +- Output all available options: + +`theHarvester --help`