· 6 years ago · Mar 31, 2020, 04:46 AM
1# Copyright 2017 Jeff Foley. All rights reserved.
2# Use of this source code is governed by Apache 2 LICENSE that can be found in $
3
4# Should only passive data sources be used without DNS resolution?
5#mode = passive
6# Would you like to use more active techniques, such as pulling
7# certificates from discovered IP addresses?
8#mode = active
9
10# The directory that stores the Cayley graph database and other output files
11# The default is $HOME/amass
12#output_directory = amass
13
14# The maximum number of concurrent DNS queries that can be performed during the$
15# Increase this value over 100000 as long as your network and resolvers can han$
16#maximum_dns_queries = 1000
17
18# Would you like unresolved names to be included in the output?
19include_unresolvable = true
20
21[network_settings]
22# Single IP address or range (e.g. a.b.c.10-245)
23#address = 192.168.1.1
24#cidr = 192.168.1.0/24
25#asn = 26808
26#port = 80
27port = 443
28#port = 8080
29
30# Root domain names used in the enumeration
31#[domains]
32#domain = owasp.org
33#domain = appsecusa.org
34#domain = appsec.eu
35#domain = appsec-labs.com
36
37# DNS resolvers used globally by the amass package
38#[resolvers]
39#public_dns_resolvers = false
40#score_resolvers = true
41#monitor_resolver_rate = true
42resolver = 1.1.1.1 ; Cloudflare
43resolver = 8.8.8.8 ; Google
44#resolver = 64.6.64.6 ; Verisign
45#resolver = 74.82.42.42 ; Hurricane Electric
46#resolver = 1.0.0.1 ; Cloudflare Secondary
47#resolver = 8.8.4.4 ; Google Secondary
48#resolver = 9.9.9.10 ; Quad9 Secondary
49#resolver = 64.6.65.6 ; Verisign Secondary
50#resolver = 77.88.8.1 ; Yandex.DNS Secondary
51
52# Are there any subdomains that are out of scope?
53#[blacklisted]
54#subdomain = education.appsec-labs.com
55#subdomain = 2012.appsecusa.org
56
57# Are there any data sources that should not be utilized?
58#[disabled_data_sources]
59#data_source = Ask
60#data_source = Exalead
61#data_source = IPv4Info
62
63# Configure Amass to use a TinkerPop Server as the graph database
64# For an example of Gremlin settings see: https://docs.microsoft.com/en-us/azur$
65#[gremlin]
66#url = wss://localhost:8182
67#username =
68#password =
69
70#[bruteforce]
71#enabled = true
72recursive = true
73# Number of discoveries made in a subdomain before performing recursive brute f$
74# Default is 0
75#minimum_for_recursive = 0
76#wordlist_file = /usr/share/wordlists/all.txt
77#wordlist_file = /usr/share/wordlists/all.txt # multiple lists can be used
78
79# Would you like to permute resolved names?
80[alterations]
81enabled = true
82# minimum_for_word_flip specifies the number of times a word must be seen before
83# using it for future word flips and word additions
84minimum_for_word_flip = 2
85# edit_distance specifies the number of times a primitive edit operation will be
86# performed on a name sample during fuzzy label searching
87edit_distance = 1
88flip_words = true # test-dev.owasp.org -> test-prod.owasp.org
89flip_numbers = true # test1.owasp.org -> test2.owasp.org
90add_words = true # test.owasp.org -> test-dev.owasp.org
91add_numbers = true # test.owasp.org -> test1.owasp.org
92#wordlist_file = /usr/share/wordlists/all.txt
93#wordlist_file = /usr/share/wordlists/all.txt # multiple lists can be used
94
95# Provide API key information for a data source
96#[AlienVault]
97#apikey =
98
99#[BinaryEdge]
100#apikey =
101
102#[Censys]
103#apikey =
104#secret =
105
106#[CIRCL]
107#username =
108#password =
109
110
111#[DNSDB]
112#apikey =
113
114[NetworksDB]
115apikey =
116
117#[PassiveTotal]
118#username =
119#apikey =
120
121#[SecurityTrails]
122#apikey =
123
124[Shodan]
125apikey =
126
127[Spyse]
128apikey =
129
130#[Twitter]
131#apikey =
132#secret =
133
134# The apikey must be an API access token created through the Investigate manage$
135#[Umbrella]
136#apikey =
137
138# URLScan can be used without an API key, but the key allows new submissions to$
139#[URLScan]
140#apikey =
141
142[VirusTotal]
143apikey =