amass icon indicating copy to clipboard operation
amass copied to clipboard

Published 20 hours ago verified publisher icon owasp-amass

Feature Enhancement: add constraints to the search

Open caffix opened this issue 6 years ago • 2 comments

@superuser5 wrote:

Would be awesome to be able to put constraints on searches to the known values (IP ranges / cert info / string in whois record ) and with logic OR/AND. The contrains feature could just look for known strings in different areas like whois records or certificate information (whois records could be very messy, so checking if known name of the organization present anywhere in the whois response should be enough):

IP v4 ranges:

  • asn - report and limit only to the specific subnets for the ASN
  • IP ranges

certificate

  • certificate registration details - Subject/Organization name
  • certificate altNames (alternative names for the certificate)

whois - match specific strings in the whois records:

  • phone number
  • email address
  • company name
  • Registrant Organization/Registrant Name
  • Name Server

Example: 1: amass -contrains ASN1234 2: amass -contrains "cert:GitHub AND (whois:ns1.p16.dynect.net OR whois: 1.2083895740 OR whois:[email protected])"

$ whois guthub.com

Last update of whois database: 2018-07-05T20:14:03Z <<<

Domain Name: guthub.com Registry Domain ID: 1421310529_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2018-02-08T02:13:13-0800 Creation Date: 2008-03-12T13:48:25-0700 Registrar Registration Expiration Date: 2020-03-12T00:00:00-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Registrant Organization: GitHub, Inc. Registrant State/Province: CA Registrant Country: US Admin Organization: GitHub, Inc. Admin State/Province: CA Admin Country: US Tech Organization: GitHub, Inc. Tech State/Province: CA Tech Country: US Name Server: ns4.p16.dynect.net Name Server: ns1.p16.dynect.net Name Server: ns3.p16.dynect.net Name Server: ns2.p16.dynect.net DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Last update of WHOIS database: 2018-07-05T13:14:12-0700 <<<

caffix avatar Jul 24 '18 18:07 caffix

This is cool function also I'm looking for.

enderphan94 avatar Aug 01 '19 09:08 enderphan94

Well, if they didn't pay attention to the feature request you could use this bash function:

filterByWhoisParam()
{
#input params
whoisParam="$1"
valueParam="$2"
file="$3"

IFS=$'\n';
for domain in $(cat  $file);
    do   
        whoisResult=$(whois "$domain"|grep $whoisParam|grep $valueParam)
        if [ ${#whoisResult} -gt 0 ]
        then
            echo "$domain"   
       
        fi
done
}

Use it this way filterByWhoisParam "Tech Organization" "Starbucks Coffee Company" results_amass.txt

pdelteil avatar Sep 17 '21 05:09 pdelteil