./security/amass, In-depth Attack Surface Mapping and Asset Discovery

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.22.1nb2, Package name: amass-3.22.1nb2, Maintainer: leot

The OWASP Amass Project performs network mapping of attack surfaces and
external asset discovery using open source information gathering and
active reconnaissance techniques.

Master sites:

Filesize: 19974.94 KB

Version history: (Expand)

CVS history: (Expand)

   2023-05-05 21:37:45 by Benny Siegert | Files touched by this commit (134) | Package updated
Log message:
Revbump all Go packages after go120 security update
   2023-04-05 22:48:01 by Benny Siegert | Files touched by this commit (140) | Package updated
Log message:
Revbump all Go packages after yesterday's go120 security update
   2023-03-19 18:45:02 by Leonardo Taccari | Files touched by this commit (3) | Package updated
Log message:
amass: Update to 3.22.1

## Changelog
* moved the reverse DNS sweeping into the scripting engine

## Changelog
* updates to the enumeration pipeline
* updated the date elements in the word list
* updated the ShadowServer and TeamCymru data source integrations
* updated the Farsight DNSDB integration
* updated copyright and licensing information
* updated AlienVault, and removed the networksdb and umbrella data sources
* started to switch to the new HTTP request function
* removed the Google Certificate Transparency data source integration
* removed support for Snapcraft and Cloudflare
* performance improvements to the scripting engine
* moved all active techniques to the scripting engine
* discoveries are now written directly to the data store
* added the grep.app search API as a data source
* Removed the Twitter integration and associated dependencies
* Removed all references to the ioutil deprecated package

## Changelog
* Updated the caffix/resolve package

## Changelog
* Fixed the Docker workflow

## Changelog
* Updated the Docker workflow
* Additional reliability and consistency from the DNS resolution

## Changelog
* Updated the project to Go version 1.18
* Updated testing packages
* Updated User Guide
* Updated SearX instances list
* Small fix for AbuseIPDB data source
* Removed ineffective words for Alterations
* Ported FOFA to lua script implementation
* Numerous data source integration enhancements
* Make Pastebin data-source only available with an API key
* Improved HackerOne datasource and renamed PSBDMP to Pastebin
* Improved GitLab data source and ported Searchcode source to API usage
* FullHunt integration now requires an API key
* Fixed ThreatBook and incorrect indent in some data source scripts
* Fixed Censys data-source script
* BeVigil Source Added
* ArchiveIt data source optimization
* Added support for commercial BufferOver API key
* Added Yandex datasource and adjusted rate limit of Gists
* Added Netlas as a datasource and removed IPv4Info
* Added Google, PSBDMP and PublicWWW as datasources
* Added DNSHistory as a datasource
* Added ASNLookup and BidDataCloud as data sources

## Changelog
* Fixes for the intel subcommand
* Added links for Joona and Alexis in the testimonial

## Changelog
* Added the testimonial provided by the Visma Red Team
* Removed the dns subcommand
* Fixed issue #807 that caused passive enumerations to halt
* Fixed #808 by removing the integration instructions no longer supported
* Added support to 'viz' command to accept an output file prefix
* Added a unit test for data source response caching

## Changelog
* Updated the caffix/resolve package dependency
* Improved how DNS names are being filtered
* Add common words for alterations

## Changelog
* Initial integration of the BGP.Tools data source
* Fixed issue #490 causing the timeout to hang
* Enable SBOM
* Changed Lua memory allocation options
* Added the mtime function to the scripting environment
* Added BGPTools to the list of data sources

## Changelog
* Updates to the Snapcraft build config
* Enum pipeline optimizations and event bus removal fixes

## Changelog
* Disabling SBOM generation

## Changelog
* Additional DNS related improvements
* Added LeakIX to the list of data sources

## Changelog
* Updated all filters to Stable Bloom Filters
* Removed support for sharing discoveries
* New SRV record for Citrix Receiver
* Implemented rate limit detection for Github datasource
* Fixed issue #781 so users specifying resolvers do not download public DNS info
* Fixed issue #746 with SetDataSources error return value
* Fixed Snapcraft config file parsing issue
* Fix Digitorus datasource
* Discontinued use of the in-memory graph database
* Added the LeakIX data source
* Added new configurations when using DNS
* Fixed the CleanName bug

## Changelog
* Updated the BufferOver data source implementation to use a paid service
* Updated the Amass installation process in documentation
* The ReconDev data source is no longer available
* CommonCrawl data source interface changed

## Changelog
* Passive mode saves names in the graph database

## Changelog
* Fixed Gexf test

## Changelog
* max-depth option for brute-forcing
* Updates to the new max depth recursive brute forcing feature
* Improvements to graph database migration performance
* FullHunt integration that resolves issue #740
* Fix to ASN information caching with large impact on performance
* Additional improvements to the enumeration engine
* Adding MaxDepth option to Brute-force

## Changelog
* Started using Go native file embedding
* Removed the use of the asnlist.txt file
* Improvements to the enumeration engine workflow

## Changelog
* Verify that addresses in CheckAddresses are actually valid
* Put common crawl into a separate category
* Optimized the enumeration engine
* Improve test coverage of loadBruteForceSettings to 100%
* Fixed #707 bug in the Google CT data source
* Enumeration engine performance improvements
* Add help subcommand

## Changelog
* Updated various data source integrations
* Ported ShadowServer and TeamCymru to script implementations
* Fixed #707 issue with Google certificate transparency
* Change file pointer to use STDOUT for "-" with JSON output
* Added the socket Lua module and updated DNS resolve

## Changelog
* Using the new stringset implementation
* Scraping CSV export page for compact data (Riddler)
* Quake data source bug fix
* Fixed the call to new_addr
* Fix for failure to build the resolver pool
* Exclude www from DuckDuckGo search result
* Enhanced web crawling feature
* Better URL protocol detection
* Added logging for all requests to data sources
* Added checking for output to help fix #566
* Added UKWebArchive as a data source
* Added Paradigm to external projects
* Added Maltiverse, Greynoise as data sources and some rate limit adjustments
* Added IPdata data source and some fixes
* Added HyperStat and removed Whoisology data source
* Added HAW (Croatian web archive) as a data source
* Added Github Gists as a data source and renamed Anubis
* Added Detectify and N45HT
* Added CertDetails as a data source
* Added Ahrefs and Quake as data sources
* Added AbuseIPDB, AskDNS, SpyOnWeb as data sources
* Added ARIN, DNSlytics, Spamhaus as data sources

## Changelog
* Updated the IP2ASN data
* Reduced the DNS query rate provided to wildcard detection
* Increased rate data is provided to the pipeline
* Improved Spyse integration and fixed #643
* Added WhoisXML API to the information sharing community

## Changelog
* improvement: update spyse api script
* Updates to data source scripts
* Update to project management file
* Reliability and speedup related to wildcard detection
* Increased script request processing
* Added system config file fallback feature and closed #495
* Added more baseline resolvers

## Changelog
* Removed Alternate DNS from the resolvers list
* Fixed a synchronization error in the ASNCache

## Changelog
* Utilizing DNS wildcard records discovered during zone transfers
* Updated and added unit testing for the ASNCache
* Initial implementations for DuckDuckGo, Hunter, and IPinfo data sources
* Fixed bug removing half of the usable DNS resolvers
* Checks added to ensure infra information is resolved
* Added the source_count field as recommended by Shodan

## Changelog
* Updates to documentation for the info sharing feature
* Updated trusted DNS resolver data
* Updated and extended the WhoisXML API implementation
* Store enumeration context as soon as possible on Start
* Sorted SRV records alphabetically
* Initial enumeration findings share process implementation
* Increased the queue fill rate
* Improved some datasource scripts and removed PasteBin from datasources
* Improved Baidu datasource script
* Added the share flag to the enum subcommand options
* Added more missing SRV records
* Added a feature for detecting and removing false positives

## Changelog
* Updated enumeration pipeline parameters
* Support the AS prefix in ASNs
* Remove unused options related to DNS resolvers
* Reduced the load that output has on the graph db
* No minimum rate limit for data source scripts
* Increased the rate of name alterations
* Increased potential DNS resolver rates

## Changelog
* Updated dependencies

## Changelog
* Reduced pipeline memory consumption #603
* Integrated changes to the data pipeline implementation

## Changelog
* Moved the graph database implementation to another repo
* Changes resulting in performance improvements
   2023-03-08 14:39:00 by Benny Siegert | Files touched by this commit (131) | Package updated
Log message:
Revbump all Go packages after go119 security update
   2023-02-16 16:02:10 by Benny Siegert | Files touched by this commit (129) | Package updated
Log message:
Revbump all Go packages after go119 update
   2023-01-11 18:28:38 by Benny Siegert | Files touched by this commit (123) | Package updated
Log message:
Revbump all Go packages after go119 update
   2022-12-08 17:14:27 by Benny Siegert | Files touched by this commit (122) | Package updated
Log message:
Revbump all Go packages after go119 security update
   2022-11-02 20:39:58 by Benny Siegert | Files touched by this commit (115) | Package updated
Log message:
Revbump all Go packages after go119 security update