Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nocerts and noaxfr #648

Open
wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

nocerts and noaxfr #648

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c24b259
SSL certs flag
J-EP-dev Jul 27, 2021
28e5ebb
nocerts and noaxfr flags
J-EP-dev Jul 27, 2021
7a30ab2
guide examples
J-EP-dev Jul 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 24 additions & 4 deletions cmd/amass/enum.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ type enumArgs struct {
Silent bool
Sources bool
Verbose bool
NoCerts bool
NoAxfr bool
}
Filepaths struct {
AllFilePrefix string
Expand Down Expand Up @@ -128,6 +130,8 @@ func defineEnumOptionFlags(enumFlags *flag.FlagSet, args *enumArgs) {
enumFlags.BoolVar(&args.Options.Silent, "silent", false, "Disable all output during execution")
enumFlags.BoolVar(&args.Options.Sources, "src", false, "Print data sources for the discovered names")
enumFlags.BoolVar(&args.Options.Verbose, "v", false, "Output status / debug / troubleshooting info")
enumFlags.BoolVar(&args.Options.NoCerts, "nocerts", false, "Disables certificate name grabs when -active mode is enabled")
enumFlags.BoolVar(&args.Options.NoAxfr, "noaxfr", false, "Disables zone transfers when -active mode is enabled")
}

func defineEnumFilepathFlags(enumFlags *flag.FlagSet, args *enumArgs) {
Expand Down Expand Up @@ -369,9 +373,19 @@ func argsAndConfig(clArgs []string) (*config.Config, *enumArgs) {
r.Fprintln(color.Error, "IP addresses cannot be provided without DNS resolution")
os.Exit(1)
}
if !cfg.Active && len(args.Ports) > 0 {
r.Fprintln(color.Error, "Ports can only be scanned in the active mode")
os.Exit(1)
if !cfg.Active {
if len(args.Ports) > 0 {
r.Fprintln(color.Error, "Ports can only be scanned in the active mode")
os.Exit(1)
}
if args.Options.NoCerts {
r.Fprintln(color.Error, "Certificate name grabbing can only be disabled in the active mode")
os.Exit(1)
}
if args.Options.NoAxfr {
r.Fprintln(color.Error, "Zone transfers can only be disabled in the active mode")
os.Exit(1)
}
}
if len(cfg.Domains()) == 0 {
r.Fprintln(color.Error, "Configuration error: No root domain names were provided")
Expand Down Expand Up @@ -653,7 +667,7 @@ func processEnumInputFiles(args *enumArgs) error {
for _, f := range args.Filepaths.Resolvers {
list, err := config.GetListFromFile(f)
if err != nil {
return fmt.Errorf("Failed to parse the esolver file: %v", err)
return fmt.Errorf("Failed to parse the resolver file: %v", err)
}
args.Resolvers.InsertMany(list...)
}
Expand Down Expand Up @@ -730,6 +744,12 @@ func (e enumArgs) OverrideConfig(conf *config.Config) error {
if e.MaxDNSQueries > 0 {
conf.MaxDNSQueries = e.MaxDNSQueries
}
if e.Options.NoCerts {
conf.NoCerts = true
}
if e.Options.NoAxfr {
conf.NoAxfr = true
}

if len(e.Included) > 0 {
conf.SourceFilter.Include = true
Expand Down
8 changes: 7 additions & 1 deletion config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,9 +118,15 @@ type Config struct {
// Only access the data sources for names and return results?
Passive bool

// Determines if zone transfers will be attempted
// Determines if zone transfers and ssl certification extraction will be attempted
Active bool

// Determines if certificate name grabbing will be attempted
NoCerts bool

// Determines if zone transfers will be attempted
NoAxfr bool

// A blacklist of subdomain names that will not be investigated
Blacklist []string
blacklistLock sync.Mutex
Expand Down
2 changes: 2 additions & 0 deletions doc/user_guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,8 @@ This subcommand will perform DNS enumeration and network mapping while populatin
| -src | Print data sources for the discovered names | amass enum -src -d example.com |
| -timeout | Number of minutes to execute the enumeration | amass enum -timeout 30 -d example.com |
| -w | Path to a different wordlist file | amass enum -brute -w wordlist.txt -d example.com |
| -nocerts | Disables certificate name grabs when -active mode is enabled | amass enum -active -nocerts -d example.com
| -noaxfr | Disables zone transfers when -active mode is enabled | amass enum -active -noaxfr -d example.com

### The 'viz' Subcommand

Expand Down
16 changes: 11 additions & 5 deletions enum/active.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,9 +70,13 @@ func (a *activeTask) Process(ctx context.Context, data pipeline.Data, tp pipelin
case *requests.DNSRequest:
ok = true
case *requests.AddrRequest:
ok = true
if !a.enum.Config.NoCerts {
ok = true
}
case *requests.ZoneXFRRequest:
ok = true
if !a.enum.Config.NoAxfr {
ok = true
}
}

if ok {
Expand Down Expand Up @@ -115,12 +119,14 @@ func (a *activeTask) processTask() {
case *requests.DNSRequest:
go a.crawlName(args.Ctx, v, args.Params)
case *requests.AddrRequest:
if v.InScope {
if v.InScope && !a.enum.Config.NoCerts {
go a.certEnumeration(args.Ctx, v, args.Params)
}
case *requests.ZoneXFRRequest:
go a.zoneTransfer(args.Ctx, v, args.Params)
go a.zoneWalk(args.Ctx, v, args.Params)
if !a.enum.Config.NoAxfr {
go a.zoneTransfer(args.Ctx, v, args.Params)
go a.zoneWalk(args.Ctx, v, args.Params)
}
}
}
}
Expand Down