diff --git a/examples/config.ini b/examples/config.ini index 4ff8e057a..17f59a04b 100644 --- a/examples/config.ini +++ b/examples/config.ini @@ -1,40 +1,40 @@ -# Copyright © by Jeff Foley 2017-2023. All rights reserved. -# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file. -# SPDX-License-Identifier: Apache-2.0 +# The configuration file for the Amass tool used for DNS enumeration and network discovery. # Should results only be collected passively and without DNS resolution? Not recommended. #mode = passive -# Would you like to use active techniques that communicate directly with the discovered assets, + +# Would you like to use active techniques that communicate directly with the discovered assets, # such as pulling TLS certificates from discovered IP addresses and attempting DNS zone transfers? #mode = active -# The directory that stores the Cayley graph database and other output files +# The directory that stores the Cayley graph database and other output files. # The default for Linux systems is: $HOME/.config/amass #output_directory = amass # Another location (directory) where the user can provide ADS scripts to the engine. -#scripts_directory = +#scripts_directory = # The maximum number of DNS queries that can be performed concurrently during the enumeration. #maximum_dns_queries = 20000 # DNS resolvers used globally by the amass package. -#[resolvers] -#resolver = 1.1.1.1 ; Cloudflare -#resolver = 8.8.8.8 ; Google -#resolver = 64.6.64.6 ; Verisign -#resolver = 74.82.42.42 ; Hurricane Electric -#resolver = 1.0.0.1 ; Cloudflare Secondary -#resolver = 8.8.4.4 ; Google Secondary -#resolver = 64.6.65.6 ; Verisign Secondary -#resolver = 77.88.8.8 ; Yandex.DNS Secondary +[resolvers] +;resolver = 1.1.1.1 ; Cloudflare +;resolver = 8.8.8.8 ; Google +;resolver = 64.6.64.6 ; Verisign +;resolver = 74.82.42.42 ; Hurricane Electric +;resolver = 1.0.0.1 ; Cloudflare Secondary +;resolver = 8.8.4.4 ; Google Secondary +;resolver = 64.6.65.6 ; Verisign Secondary +;resolver = 77.88.8.8 ; Yandex.DNS Secondary [scope] # The network infrastructure settings expand scope, not restrict the scope. -# Single IP address or range (e.g. a.b.c.10-245) +# Single IP address or range (e.g., a.b.c.10-245) #address = 192.168.1.1 #cidr = 192.168.1.0/24 #asn = 26808 + port = 80 port = 443 #port = 8080 @@ -55,8 +55,8 @@ port = 443 # The graph database discovered DNS names, associated network infrastructure, results from data sources, etc. # This information is then used in future enumerations and analysis of the discoveries. #[graphdbs] -# postgres://[username:password@]host[:port]/database-name?sslmode=disable of the PostgreSQL -# database and credentials. Sslmode is optional, and can be disable, require, verify-ca, or verify-full. +# postgres://[username:password@]host[:port]/database-name?sslmode=disable of the PostgreSQL +# database and credentials. Sslmode is optional and can be disable, require, verify-ca, or verify-full. #[graphdbs.postgres] #primary = false ; Specify which graph database is the primary db, or the local database will be selected. #url = "postgres://[username:password@]host[:port]/database-name?sslmode=disable" @@ -73,330 +73,259 @@ port = 443 #recursive = true # Number of discoveries made in a subdomain before performing recursive brute forcing: Default is 1. #minimum_for_recursive = 1 -#wordlist_file = /usr/share/wordlists/all.txt -#wordlist_file = /usr/share/wordlists/all.txt # multiple lists can be used +; The configuration file for the Amass tool used for DNS enumeration and network discovery. + +; Should results only be collected passively and without DNS resolution? Not recommended. +;mode = passive +; Would you like to use active techniques that communicate directly with the discovered assets, +; such as pulling TLS certificates from discovered IP addresses and attempting DNS zone transfers? +;mode = active + +; The directory that stores the Cayley graph database and other output files +; The default for Linux systems is: $HOME/.config/amass +;output_directory = amass + +; Another location (directory) where the user can provide ADS scripts to the engine. +;scripts_directory = + +; The maximum number of DNS queries that can be performed concurrently during the enumeration. +;maximum_dns_queries = 20000 + +; DNS resolvers used globally by the amass package. +[resolvers] +;resolver = 1.1.1.1 ; Cloudflare +;resolver = 8.8.8.8 ; Google +;resolver = 64.6.64.6 ; Verisign +;resolver = 74.82.42.42 ; Hurricane Electric +;resolver = 1.0.0.1 ; Cloudflare Secondary +;resolver = 8.8.4.4 ; Google Secondary +;resolver = 64.6.65.6 ; Verisign Secondary +;resolver = 77.88.8.8 ; Yandex.DNS Secondary + +; Recommended DNS resolvers: +; Uncomment and choose from the following resolvers or add your own: +;resolver = 1.1.1.1 ; Cloudflare +;resolver = 8.8.8.8 ; Google +;resolver = 9.9.9.9 ; Quad9 +;resolver = 208.67.222.222 ; OpenDNS +;resolver = 185.228.168.168 ; CleanBrowsing + +[scope] +; The network infrastructure settings expand scope, not restrict the scope. +; Single IP address or range (e.g., a.b.c.10-245) +;address = 192.168.1.1 +;cidr = 192.168.1.0/24 +;asn = 26808 + +; Specify the target ports for enumeration (uncomment to enable). +;port = 80 +;port = 443 +;port = 8080 +;port = 8443 + +; Root domain names used in the enumeration. The findings are limited by the root domain names provided. +;[scope.domains] +;domain = owasp.org +;domain = appsecusa.org +;domain = appsec.eu +;domain = appsec-labs.com + +; Are there any subdomains that are out of scope? +;[scope.blacklisted] +;subdomain = education.appsec-labs.com +;subdomain = 2012.appsecusa.org + +; The graph database discovered DNS names, associated network infrastructure, results from data sources, etc. +; This information is then used in future enumerations and analysis of the discoveries. +;[graphdbs] +; postgres://[username:password@]host[:port]/database-name?sslmode=disable of the PostgreSQL +; database and credentials. Sslmode is optional, and can be disable, require, verify-ca, or verify-full. +;[graphdbs.postgres] +;primary = false ; Specify which graph database is the primary db, or the local database will be selected. +;url = "postgres://[username:password@]host[:port]/database-name?sslmode=disable" +;options="connect_timeout=10" + +; The API keys used by the amass package. +;[apikeys] +;censys = +;crtsh = +;github = +;passivetotal = +;securitytrails = +;shodan = +;spyse = +;urlscan = +;virustotal = +;wayback = + +; Specify which data sources are to be used by the enumeration process. +;[data_sources] +;source = alt_dns +;source = archiveis +;source = binaryedge +;source = bufferover +;source = certspotter +;source = chaos +;source = c99 +;source = commoncrawl +;source = crtsh +;source = dnsdb +;source = dnsdumpster +;source = hackertarget +;source = ipinfo +;source = netcraft +;source = passivetotal +;source = ptrarchive +;source = radb +;source = riddler +;source = robtex +;source = securitytrails +;source = shodan +;source = sonar +;source = spyse +;source = subfinder +;source = threatcrowd +;source = threatminer +;source = virustotal +;source = wayback +;source = whois + +; Specify which modules are to be run by the enumeration process. +;[modules] +;active = alt_dns +;active = archiveis +;active = bufferover +;active = certspotter +;active = chaos +;active = c99 +;active = commoncrawl +;active = crtsh +;active = dnsdb +;active = dnsdumpster +;active = hackertarget +;active = ipinfo +;active = netcraft +;active = passivetotal +;active = ptrarchive +;active = radb +;active = riddler +;active = robtex +;active = securitytrails +;active = shodan +;active = sonar +;active = spyse +;active = subfinder +;active = threatcrowd +;active = threatminer +;active = virustotal +;active = wayback +;active = whois + +; The configuration file for the Amass tool used for DNS enumeration and network discovery. + +; Should results only be collected passively and without DNS resolution? Not recommended. +mode = active + +; The directory that stores the Amass output files. +output_directory = /path/to/output/directory + +; The maximum number of DNS queries that can be performed concurrently during the enumeration. +maximum_dns_queries = 50000 + +; DNS resolvers used globally by the Amass package. +[resolvers] +resolver = 1.1.1.1 ; Cloudflare +resolver = 8.8.8.8 ; Google +resolver = 9.9.9.9 ; Quad9 + +[scope] +; The root domain names used in the enumeration. The findings are limited by the root domain names provided. +[scope.domains] +domain = example.com +domain = subdomain.example.com + +; Are there any subdomains that are out of scope? +[scope.blacklisted] +subdomain = dev.example.com +subdomain = staging.example.com + +; Specify the target ports for enumeration (uncomment to enable). +;port = 80 +;port = 443 + +; The graph database used to store the enumeration results. +;[graphdb] +;url = "bolt +; The graph database used to store the enumeration results. +;[graphdb] +;url = "bolt://localhost:7687" +;username = "neo4j" +;password = "password" + +; The API keys used by certain modules (uncomment and add the keys). +;[apikeys] +;censys = +;crtsh = +;github = +;passivetotal = +;securitytrails = +;shodan = +;spyse = +;urlscan = +;virustotal = +;wayback = + +; The configuration settings for the Amass enumeration process. +[config] +; The maximum number of seconds that the enumeration will run for. +enum_duration = 0 + +; The maximum number of retries to perform for failed DNS queries. +max_dns_retries = 5 + +; The maximum number of seconds to wait for a response from DNS queries. +timeout = 5 + +; Should the enumeration process run in recursive mode? +recursive = true + +; Should the enumeration process include wildcard subdomains? +include_wildcard = false + +; Should the enumeration process include subdomain permutations? +include_permutations = false + +; Should the enumeration process include brute forcing subdomains? +include_bruteforce = false + +; The wordlist used for brute forcing subdomains (path to the wordlist file). +;bruteforce_wordlist = /path/to/wordlist.txt + +; Should the enumeration process generate screenshots of discovered web pages? +include_screenshots = false + +; The command used for taking screenshots (path to the screenshot command). +;screenshot_command = /path/to/screenshot-command + +; Should the enumeration process use DNS resolution to validate discovered subdomains? +validate_dns = true + +; Should the enumeration process use active HTTP requests to validate discovered subdomains? +validate_http = false + +; Should the enumeration process use active DNS queries to validate discovered subdomains? +validate_dns_active = false + +; The maximum number of seconds to wait for a response from active DNS queries. +active_dns_timeout = 5 + +; The configuration settings for the Amass API service (uncomment to enable). +;[api] +;host = 0.0.0.0 +;port = 8080 +;cert_file = /path/to/cert.pem +;key_file = /path/to/key.pem +;cors_origin = * +;cors_methods = GET, POST, OPTIONS +;cors_headers = DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type -# Would you like to permute resolved names? -#[alterations] -#enabled = true -# edit_distance specifies the number of times a primitive edit operation will be -# performed on a name sample during fuzzy label searching. -#edit_distance = 1 ; Setting this to zero will disable this expensive feature. -#flip_words = true # test-dev.owasp.org -> test-prod.owasp.org -#flip_numbers = true # test1.owasp.org -> test2.owasp.org -#add_words = true # test.owasp.org -> test-dev.owasp.org -#add_numbers = true # test.owasp.org -> test1.owasp.org -# Multiple lists can be used. -#wordlist_file = /usr/share/wordlists/all.txt -#wordlist_file = /usr/share/wordlists/all.txt - -[data_sources] -# When set, this time-to-live is the minimum value applied to all data source caching. -minimum_ttl = 1440 ; One day - -# Are there any data sources that should be disabled? -#[data_sources.disabled] -#data_source = Ask -#data_source = Bing - -# Provide data source configuration information. -# See the following format: -#[data_sources.SOURCENAME] ; The SOURCENAME must match the name in the data source implementation. -#ttl = 4320 ; Time-to-live value sets the number of minutes that the responses are cached. -# Unique identifier for this set of SOURCENAME credentials. -# Multiple sets of credentials can be provided and will be randomly selected. -#[data_sources.SOURCENAME.CredentialSetID] -#apikey = ; Each data source uses potentially different keys for authentication. -#secret = ; See the examples below for each data source. -#username = -#password = - -# https://passivedns.cn (Contact) -#[data_sources.360PassiveDNS] -#[data_sources.360PassiveDNS.Credentials] -#apikey = - -# https://asnlookup.com (Free) -#[data_sources.ASNLookup] -#[data_sources.ASNLookup.Credentials] -#apikey = - -# https://ahrefs.com (Paid) -#[data_sources.Ahrefs] -#ttl = 4320 -#[data_sources.Ahrefs.Credentials] -#apikey = - -# https://otx.alienvault.com (Free) -#[data_sources.AlienVault] -#[data_sources.AlienVault.Credentials] -#apikey = - -# https://bevigil.com/osint-api -# [data_sources.BeVigil] -# [data_sources.BeVigil.Credentials] -# apikey = - -# https://bigdatacloud.com (Free) -#[data_sources.BigDataCloud] -#[data_sources.BigDataCloud.Credentials] -#apikey = - -# https://app.binaryedge.com (Paid/Free-trial) -#[data_sources.BinaryEdge] -#ttl = 10080 -#[data_sources.BinaryEdge.Credentials] -#apikey = - -# https://tls.bufferover.run (Freemium) -#[data_sources.BufferOver] -#[data_sources.BufferOver.Credentials] -#apikey = - -# https://builtwith.com (Paid/Free-trial) -#[data_sources.BuiltWith] -#ttl = 10080 -#[data_sources.BuiltWith.Credentials] -#apikey = - -# https://c99.nl (Paid) -#[data_sources.C99] -#ttl = 4320 -#[data_sources.C99.account1] -#apikey = -#[data_sources.C99.account2] -#apikey = - -# https://censys.io (Paid/Free-trial) -#[data_sources.Censys] -#ttl = 10080 -#[data_sources.Censys.Credentials] -#apikey = -#secret = - -# https://chaos.projectdiscovery.io (Invite-Only) -#[data_sources.Chaos] -#ttl = 4320 -#[data_sources.Chaos.Credentials] -#apikey = - -# https://circl.lu (Contact) -# Access to CIRCL Passive DNS is only allowed to trusted partners in Luxembourg and abroad. -# Contact http://services.circl.lu/contact/ if you would like access. -# Include your affiliation and the foreseen use of the Passive DNS data. -#[data_sources.CIRCL] -#[data_sources.CIRCL.Credentials] -#username = -#password = - -# https://www.digicert.com/tls-ssl/certcentral-tls-ssl-manager (Free) -# CertCentral username is the account ID (account number) -#[data_sources.CertCentral] -#[data_sources.CertCentral.Credentials] -#username = -#apikey = - -# https://dnsdb.info (Paid) -#[data_sources.DNSDB] -#ttl = 4320 -#[data_sources.DNSDB.Credentials] -#apikey = - -# https://dnslytics.com (Paid) -#[data_sources.DNSlytics] -#[data_sources.DNSlytics.Credentials] -#apikey = - -# https://dnsrepo.noc.org (Paid) -#[data_sources.DNSRepo] -#[data_sources.DNSRepo.Credentials] -#apikey = - -# https://deepinfo.com (Paid/Free-Trial) -#[data_sources.Deepinfo] -#[data_sources.Deepinfo.Credentials] -#apikey = - -# https://detectify.com (Paid) -#[data_sources.Detectify] -#[data_sources.Detectify.Credentials] -#apikey = - -# https://developer.facebook.com (Free) -# Look here for how to obtain the Facebook credentials: -# https://goldplugins.com/documentation/wp-social-pro-documentation/how-to-get-an-app-id-and-secret-key-from-facebook/ -#[data_sources.FacebookCT] -#ttl = 4320 -#[data_sources.FacebookCT.app1] -#apikey = -#secret = -#[data_sources.FacebookCT.app2] -#apikey = -#secret = - -# https://fofa.info (Paid) -#[data_sources.FOFA] -#ttl = 10080 -#[data_sources.FOFA.Credentials] -#username = -#apikey = - -# https://fullhunt.io (Free) -#[data_sources.FullHunt] -#[data_sources.FullHunt.Credentials] -#apikey = - -# https://github.com (Free) -#[data_sources.GitHub] -#ttl = 4320 -#[data_sources.GitHub.accountname] -#apikey = - -# https://gitlab.com (Free) -# GitLab apikey is the personal access token with at least read_repository or api scope -#[data_sources.GitLab] -#ttl = 4320 -#[data_sources.GitLab.accountname] -#apikey = - -# https://hackertarget.com (Paid/Free) -#[data_sources.HackerTarget] -#ttl = 1440 -#[data_sources.HackerTarget.Credentials] -#apikey = - -# https://hunter.io (Paid/Free-trial) -#[data_sources.Hunter] -#[data_sources.Hunter.Credentials] -#apikey = - -# https://intelx.io (Freemium) -#[data_sources.IntelX] -#[data_sources.IntelX.Credentials] -#apikey = - -# https://ipdata.co (Free) -#[data_sources.IPdata] -#[data_sources.IPdata.Credentials] -#apikey = - -# https://ipinfo.io (Paid/Free-trial) -#[data_sources.IPinfo] -#[data_sources.IPinfo.Credentials] -#apikey = - -# https://leakix.net (Free) -#[data_sources.LeakIX] -#[data_sources.LeakIX.Credentials] -#apikey = - -# https://netlas.io (Free) -#[data_sources.Netlas] -#[data_sources.Netlas.Credentials] -#apikey = - -# https://onyphe.io (Free) -#[data_sources.ONYPHE] -#ttl = 4320 -#[data_sources.ONYPHE.Credentials] -#apikey = - -# https://psbdmp.ws (Free) -#[data_sources.Pastebin] -#ttl = 10080 -#[data_sources.Pastebin.Credentials] -#apikey = - -# https://www.riskiq.com/products/passivetotal (Paid/Free-trial) -#[data_sources.PassiveTotal] -#ttl = 10080 -#[data_sources.PassiveTotal.Credentials] -#username = -#apikey = - -# https://pentest-tools.com (Paid) -#[data_sources.PentestTools] -#ttl = 10080 -#[data_sources.PentestTools.Credentials] -#apikey = - -# https://publicwww.com (Free) -#[data_sources.PublicWWW] -#ttl = 10080 -#[data_sources.PublicWWW.Credentials] -#apikey = - -# https://quake.360.cn (Paid) -#[data_sources.Quake] -#ttl = 4320 -#[data_sources.Quake.Credentials] -#apikey = - -# https://socradar.io (Paid) -# This requires a SOCRadar ThreatFusion API key, which is different from a general SOCRadar API key. -# To obtain it, contact the SOCRadar operation team via operation@socradar.io -#[data_sources.SOCRadar] -#[data_sources.SOCRadar.Credentials] -#apikey = - -# https://securitytrails.com (Paid/Free-trial) -#[data_sources.SecurityTrails] -#ttl = 1440 -#[data_sources.SecurityTrails.Credentials] -#apikey = - -# https://shodan.io (Paid/Free-trial) -#[data_sources.Shodan] -#ttl = 10080 -#[data_sources.Shodan.Credentials] -#apikey = - -# https://spamhaus.com (Freemium) -#[data_sources.Spamhaus] -#ttl = 1440 -#[data_sources.Spamhaus.Credentials] -#username = -#password = - -# https://threatbook.cn (Paid) -#[data_sources.ThreatBook] -#[data_sources.ThreatBook.account1] -#apikey= - -# https://urlscan.io (Paid/Free-trial) -# URLScan can be used without an API key, but the key allows new submissions to be made -#[data_sources.URLScan] -#[data_sources.URLScan.Credentials] -#apikey = - -# https://virustotal.com (Paid/Free-trial) -#[data_sources.VirusTotal] -#ttl = 10080 -#[data_sources.VirusTotal.Credentials] -#apikey = - -# https://whoisxmlapi.com (Paid/Free-trial) -#[data_sources.WhoisXMLAPI] -#[data_sources.WhoisXMLAPI.Credentials] -#apikey = - -# https://yandex.com/dev/xml/ (Free) -# Restrictions and requirements: https://yandex.com/dev/xml/doc/dg/concepts/restrictions-new.html -#[data_sources.Yandex] -#ttl = 1440 -#[data_sources.Yandex.Credentials] -#username = -#apikey = - -# https://zetalytics.com (Paid/Invite-Only) -#[data_sources.ZETAlytics] -#ttl = 1440 -#[data_sources.ZETAlytics.Credentials] -#apikey = - -# https://zoomeye.org (Free) -#[data_sources.ZoomEye] -#ttl = 1440 -#[data_sources.ZoomEye.Credentials] -#username = -#password =