Linux command
amass-enum 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Passive
amass enum -passive -d [example.com]
Active
amass enum -active -brute -d [example.com]
Example
amass enum -config [config.ini] -d [example.com]
Example
amass enum -d [example.com] -src
Example
amass enum -d [example.com] -ip -o [results.txt]
说明
amass enum performs DNS enumeration and network mapping. It discovers subdomains using multiple passive and active techniques, including querying data sources, certificate transparency, DNS brute-forcing, and zone transfers. This is the primary command for subdomain discovery, offering extensive configuration for different reconnaissance needs.
参数
- -d _domain_
- Target domain (repeatable for multiple domains)
- -passive
- Use only passive data sources (no direct queries)
- -active
- Perform active DNS resolution
- -brute
- Enable subdomain brute-forcing
- -w _file_
- Wordlist for brute-forcing
- -src
- Show which source discovered each name
- -ip
- Include IP addresses in output
- -ipv4
- Show only IPv4 addresses
- -ipv6
- Show only IPv6 addresses
- -o _file_
- Output file for discovered names
- -json _file_
- Output in JSON format
- -config _file_
- Configuration file with API keys and settings
- -timeout _minutes_
- Timeout for the enumeration
FAQ
What is the amass-enum command used for?
amass enum performs DNS enumeration and network mapping. It discovers subdomains using multiple passive and active techniques, including querying data sources, certificate transparency, DNS brute-forcing, and zone transfers. This is the primary command for subdomain discovery, offering extensive configuration for different reconnaissance needs.
How do I run a basic amass-enum example?
Run `amass enum -passive -d [example.com]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -d _domain_ do in amass-enum?
Target domain (repeatable for multiple domains)