the owasp amass project
play

The OWASP Amass Project DNS Enumeration written in Go September 6, - PowerPoint PPT Presentation

Mar 30, 2023 •784 likes •905 views

The OWASP Amass Project DNS Enumeration written in Go September 6, 2018 Presented by Jeff Foley Introduction Jeff Foley (a.k.a caffix), Project Lead for OWASP Amass US Manager, Penetration Testing & Red Teaming at National Grid

  1. The OWASP Amass Project DNS Enumeration written in Go September 6, 2018 Presented by Jeff Foley

  2. Introduction • Jeff Foley (a.k.a caffix), Project Lead for OWASP Amass • US Manager, Penetration Testing & Red Teaming at National Grid • https://github.com/caffix • https://twitter.com/jeff_foley

  3. What is Amass? • DNS enumeration and network mapping to aid in understanding an organization’s attack surface on the Internet • The project provides a suite of tools that employ active and passive techniques: – Traditional subdomain enumerator – Maltego local transform – TLS certificate subdomain name grabber – More coming soon • Amass also supports the visualization of findings to better understand the networks being investigated.

  4. Getting Amass • On Linux, Amass is easy to get with Snapcraft: $ sudo snap install amass • Use docker: $ sudo docker build – t amass https://github.com/OWASP/Amass.git $ sudo docker run amass – v – ip – freq 480 – d owasp.org • Use Go to install Amass: $ go get – u github.com/OWASP/Amass/ …

  5. Collaboration / Current Goals • Keeping up with new data sources and possibly add services that require API keys • Add support for additional package managers • Continue turning Amass functionalities into smaller suite tools.

  6. Lessons Learned • One of largest Amass contributions is the “Alt & Sweep” technique – Alterations & permutations of names (AltDNS) – Reverse DNS sweeps around discovered IP addresses – In a cyclic relationship, additional network infrastructure is revealed • During the life of the project, many data sources have increased the number of names provided.

  7. Demonstration • The owasp.org enumeration: https://asciinema.org/a/ P2kuxzy164LgCfc8uL2YtCMoM • The fb.com enumeration: https://asciinema.org/a/ v6B1qdMRILRUflpkwRPhvCTaY

  8. Demonstration Cont.

  9. Demonstration Cont.

  10. Demonstration Cont.

  11. Thank you! Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Privacy in Android 11 and OWASP Mobile Security Albert Hsieh OWASP 200

New Privacy in Android 11 and OWASP Mobile Security Albert Hsieh OWASP 200

New Privacy in Android 11 and OWASP Mobile Security Albert Hsieh OWASP 200 OWASP Flagship Projects Tool Projects OWASP Amass OWASP CSRFGuard OWASP Defectdojo OWASP Dependency-Check OWASP Dependency-Track

751 views • 55 slides
OpenSAMM Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation

OpenSAMM Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation

The OWASP Foundation Libre Software Meeting Brussels 10-July-2013 http://www.owasp.org OpenSAMM Software Assurance Maturity Model Seba Deleersnyder seba@owasp.org OWASP Foundation Board Member OWASP Belgium Chapter Leader SAMM project

682 views • 43 slides
OWASP Daniel Brzozowski daniel@brzozowski.biz Agenda 1. Few words about OWASP 2. Owasp resources

OWASP Daniel Brzozowski daniel@brzozowski.biz Agenda 1. Few words about OWASP 2. Owasp resources

OWASP Daniel Brzozowski daniel@brzozowski.biz Agenda 1. Few words about OWASP 2. Owasp resources 3. Setting up workstations 4. OWASP WebScarab/OWASP WebScarab-NG 5. O2 Platform About me In London since October 2010 Before that MCPD, MCTS,

747 views • 58 slides
OWASP Top Ten Kirk Jackson OWASP NZ RedShield https://www.meetup.com/ kirk@pageofwords.com

OWASP Top Ten Kirk Jackson OWASP NZ RedShield https://www.meetup.com/ kirk@pageofwords.com

Introduction to the OWASP Top Ten Kirk Jackson OWASP NZ RedShield https://www.meetup.com/ kirk@pageofwords.com OWASP-Wellington/ http://hack-ed.com www.owasp.org.nz Recordings: @kirkj @owaspnz https://goo.gl/a2VSG2 What is OWASP? Open

880 views • 45 slides
Insecurity in Informaton Technology Tanya Janca Tanya.Janca@owasp.org OWASP Otawa Chapter

Insecurity in Informaton Technology Tanya Janca Tanya.Janca@owasp.org OWASP Otawa Chapter

Insecurity in Informaton Technology Tanya Janca Tanya.Janca@owasp.org OWASP Otawa Chapter Leader OWASP DevSlop Project Leader @SheHacksPurple About Me The Im Qualifed Slide Tanya Janca: Applicaton security evangelist, web

1k views • 82 slides
OWASP Foundation OWASP does not endorse or recommend commercial products or services , allowing our

OWASP Foundation OWASP does not endorse or recommend commercial products or services , allowing our

OWASP Foundation OWASP does not endorse or recommend commercial products or services , allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. OWASP Foundation, NYC Chapter

382 views • 23 slides
Welcome to the OWASP Toronto Meetup Hello, and happy 2018! Announcement: OWASP Top 10 2017

Welcome to the OWASP Toronto Meetup Hello, and happy 2018! Announcement: OWASP Top 10 2017

Welcome to the OWASP Toronto Meetup Hello, and happy 2018! Announcement: OWASP Top 10 2017 Changes between 2013 and 2017 Hi, I am X. How do I get into AppSec/Security? OWASP Toronto Chapter January 17, 2018 Topics Overviews, Career Paths,

372 views • 36 slides
UC.yber; OWASP Chapter The University of Cincinnati's Official Cybersecurity Chapter What is

UC.yber; OWASP Chapter The University of Cincinnati's Official Cybersecurity Chapter What is

UC.yber; OWASP Chapter The University of Cincinnati's Official Cybersecurity Chapter What is OWASP? Open Web Application Security Project Non-profit organization focused on improving security of software. They have some GREAT info on

372 views • 9 slides
Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access

207 views • 6 slides
OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of

OWASP Most Critical Web Application Security Vulnerabilities Introduction 2 Purpose of Session: - Provide Overview Web Application Security Threats and Defense Using the Open Web Application Security Project (OWASP) Top List, we

830 views • 39 slides
Security Vulnerabilities Decomposition Katy Anton OWASP Top 10 @KatyAnton When the report is

Security Vulnerabilities Decomposition Katy Anton OWASP Top 10 @KatyAnton When the report is

Security Vulnerabilities Decomposition Katy Anton OWASP Top 10 @KatyAnton When the report is published @KatyAnton Katy Anton Software development background Project co-leader for OWASP Top 10 Proactive Controls (@OWASPControls)

1.21k views • 45 slides
Pushing Left, Like a Boss Application Security Foundations Tanya Janca Tanya.Janca@owasp.org

Pushing Left, Like a Boss Application Security Foundations Tanya Janca Tanya.Janca@owasp.org

Pushing Left, Like a Boss Application Security Foundations Tanya Janca Tanya.Janca@owasp.org OWASP Ottawa Chapter Leader OWASP DevSlop Project Leader @sheHacksPurple About Me Who am I? Im Tanya Janca; Application security evangelist, web

434 views • 30 slides
Web Attacks Deian Stefan Slides from Zakir Durumeric and Dan Boneh OWASP Ten Most Critical Web

Web Attacks Deian Stefan Slides from Zakir Durumeric and Dan Boneh OWASP Ten Most Critical Web

Web Attacks Deian Stefan Slides from Zakir Durumeric and Dan Boneh OWASP Ten Most Critical Web Security Risks https://github.com/OWASP/Top10/blob/master/2017/OWASP%20Top%2010-2017%20(en).pdf Today

998 views • 78 slides
Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva

Introduction to OWASP Mobile Application Security Verification Standard (MASVS) OWASP Geneva 12/12/2016 Jrmy MATOS whois securingapps Developer background Spent last 10 years working between Geneva and Lausanne on security products

867 views • 22 slides
SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access Control 6 Security

682 views • 8 slides
Web Attacks Nadia Heninger and Deian Stefan Slides from Zakir Durumeric and Dan Boneh OWASP Ten

Web Attacks Nadia Heninger and Deian Stefan Slides from Zakir Durumeric and Dan Boneh OWASP Ten

Web Attacks Nadia Heninger and Deian Stefan Slides from Zakir Durumeric and Dan Boneh OWASP Ten Most Critical Web Security Risks https://github.com/OWASP/Top10/blob/master/2017/OWASP%20Top%2010-2017%20(en).pdf Today

916 views • 87 slides
High Quality Image Compression Using PDE-Based Inpainting with Optimal Data Laurent Hoeltgen

High Quality Image Compression Using PDE-Based Inpainting with Optimal Data Laurent Hoeltgen

2016 SIAM Conference on Imaging Science Albuquerque, May 23 May 26 High Quality Image Compression Using PDE-Based Inpainting with Optimal Data Laurent Hoeltgen hoeltgen@b-tu.de Chair for Applied Mathematics Brandenburg Technical

675 views • 65 slides
CS475 / CS675 Lecture 20: July 7, 2016 Bidiagonalization SVD Image Compression Reading: [TB]

CS475 / CS675 Lecture 20: July 7, 2016 Bidiagonalization SVD Image Compression Reading: [TB]

CS475 / CS675 Lecture 20: July 7, 2016 Bidiagonalization SVD Image Compression Reading: [TB] Chapter 31 CS475/CS675 (c) 2016 P. Poupart & J. Wan 1 Alternative SVD Technique Assume is square, i.e., Consider the symmetric matrix:

556 views • 13 slides
14.9.2 JPEG2000 compression DCT compression basis for JPEG wavelet compression

14.9.2 JPEG2000 compression DCT compression basis for JPEG wavelet compression

14.9 JPEG and MPEG image compression 31 14.9.2 JPEG2000 compression DCT compression basis for JPEG wavelet compression basis for JPEG2000 JPEG2000 new international standard for still image compression

492 views • 12 slides
Why p -methods in Signal Limitations of . . . and Image Processing: Remaining Problem Let

Why p -methods in Signal Limitations of . . . and Image Processing: Remaining Problem Let

Need for Deblurring In General, Signal and . . . Need for Regularization Tikhonov Regularization Why p -methods in Signal Limitations of . . . and Image Processing: Remaining Problem Let us Apply Fuzzy . . . A Fuzzy-Based Explanation

809 views • 16 slides
Introduction to the Introduction to the Raspberry Pi 3 B+ Raspberry Pi 3 B+ What is a Raspberry

Introduction to the Introduction to the Raspberry Pi 3 B+ Raspberry Pi 3 B+ What is a Raspberry

Introduction to the Introduction to the Raspberry Pi 3 B+ Raspberry Pi 3 B+ What is a Raspberry Pi? What is a Raspberry Pi? Small computer Runs Linux OS Raspberian CanaKit Raspberry Pi 3 B+ Startup Startup Open

502 views • 11 slides
ROBOTICA ROBOTICA 03CFIOR 03CFIOR Basilio Bona DAUIN Politecnico di Torino Mobile &

ROBOTICA ROBOTICA 03CFIOR 03CFIOR Basilio Bona DAUIN Politecnico di Torino Mobile &

ROBOTICA ROBOTICA 03CFIOR 03CFIOR Basilio Bona DAUIN Politecnico di Torino Mobile & Service Robotics Sensors for Robotics 3 Sensors for Robotics 3 Laser sensors Rays are transmitted and received coaxially Rays are transmitted

1.09k views • 51 slides
Mobile & Service Robotics Mobile & Service Robotics Sensors for Robotics Sensors for

Mobile & Service Robotics Mobile & Service Robotics Sensors for Robotics Sensors for

Mobile & Service Robotics Mobile & Service Robotics Sensors for Robotics Sensors for Robotics 3 Sensors for Robotics Sensors for Robotics 3 Laser sensors Rays are transmitted and received coaxially Rays are transmitted and

618 views • 50 slides
1 & 2 Samuel Series Lesson #180 July 23, 2019 Dean Bible Ministries

1 & 2 Samuel Series Lesson #180 July 23, 2019 Dean Bible Ministries

1 & 2 Samuel Series Lesson #180 July 23, 2019 Dean Bible Ministries www.deanbibleministries.org Dr. Robert L. Dean, Jr. A B ELIEVER A FTER G OD S H EART P SALM 89:1924 What the Bible Teaches About The Davidic Covenant Psalm 89

721 views • 48 slides

More recommend