Unlocking the Full Potential of Amass [Part-1]

A Comprehensive Guide for Proper Configuration of Amass 4.2.0

Hello Hackers, In this Artical I am gonna walk you through the process of configuring Amass for optimal performance. Discover how to fine-tune settings & leverage advanced techniques to expand its capabilities beyond default configurations. Whether you’re a cybersecurity enthusiast or a seasoned professional, My step-by-step instructions will empower you to maximize your reconnaissance efforts with Amass. so be with me, lets Go.!

What is Amass?

Amass is an open-source reconnaissance tool used in cybersecurity. It’s designed to help discover and map network infrastructure, finding domains, subdomains, and other related data to aid in security assessments and investigations.

Transitioning from the older config.ini to the newer config.yaml and datasources.yaml in Amass can be daunting. In this article, I’ll guide you through the process, providing clear instructions to configure Amass effectively and unlock its full potential for reconnaissance purposes.

I’ll strive to keep this walkthrough concise and easily understandable.!

Steps:

1. Installing amass:

I’m using Kali Linux OS, so it’s easy to install:

sudo apt update && sudo apt install amass

2. Configuration

Open Your Terminal And Follow the steps.

2.1 Navigate to the root configuration directory:

cd /root/.config

Create a new directory named amass:

mkdir amass #Remove If it's Already Created

Navigate to the newly created amass directory

cd amass

2.2 Config.yaml Installation

Now we have to download the config.yaml file. Which is very important for us to run Amass flawlessly,, I’m using the wget command. This command fetches the file from a specified URL and saves it to your current directory.

wget https://raw.githubusercontent.com/sahil3276/Amass_Config/main/config.yaml

Path: /root/.config/amass/config.yaml

When you open the config.yaml file, you’ll notice that downloading certain wordlists and resolvers is necessary for Amass to run smoothly.

config.yaml requires certain wordlists

Don’t worry about it. Here are the commands you need to paste into your terminal, and you’re good to go.

3. Wordlists Installation

3.1 resolvers.txt Install

Create a new directory named examples within the /root/.config directory

mkdir /root/.config/examples

Change the current working directory to the newly created examples directory

cd /root/.config/examples

Download the resolvers.txt file from the specified URL

wget https://raw.githubusercontent.com/sahil3276/Amass_Config/main/resolvers.txt

Path: /root/.config/examples/resolvers.txt

3.2 deepmagic.com_top50kprefixes.txt Install

Create a new directory named wordlists within the /root/.config/amass directory

mkdir /root/.config/amass/wordlists

Change the current working directory to the newly created wordlists directory

cd /root/.config/amass/wordlists

Download the deepmagic.com_top50kprefixes.txt file from the specified URL

wget https://raw.githubusercontent.com/sahil3276/Amass_Config/main/deepmagic.com_top50kprefixes.txt 

Path: /root/.config/amass/wordlists/deepmagic.com_top50kprefixes.txt

3.3 deepmagic.com_top500prefixes.txt Install

Download the deepmagic.com_top500prefixes.txt file from the specified URL

wget https://raw.githubusercontent.com/sahil3276/Amass_Config/main/deepmagic.com_top500prefixes.txt

Path: /root/.config/amass/wordlists/deepmagic.com_top500prefixes.txt

3.4 subdomains-top1mil-5000.txt Install

Download the subdomains-top1mil-5000.txt file from the specified URL

wget https://raw.githubusercontent.com/sahil3276/Amass_Config/main/subdomains-top1mil-5000.txt

Path: /root/.config/amass/wordlists/subdomains-top1mil-5000.txt

3.4 subdomains-top1mil-110000.txt Install

Download the subdomains-top1mil-110000.txt file from the specified URL

wget https://raw.githubusercontent.com/sahil3276/Amass_Config/main/subdomains-top1mil-110000.txt

Path: /root/.config/amass/wordlists/subdomains-top1mil-110000.txt

So now we Have reached the 1st stage of Configuring the amass,our config.yaml file is all set. Now, let’s configure the datasources.yaml file

4. datasources.yaml Installation

To unleash Amass’s full potential, we need a datasources.yaml file, which requires API keys for peak performance. I’ll guide you through obtaining the necessary API keys from various platforms to ensure seamless and effective operation. But first, let’s install the datasources.yaml file!

So here i’m in amass directory:

Path: /root/.config/amass

This is the location where we’ve set up our config.yaml file. Now, download the datasources.yaml file using the command below:

Download the datasources.yaml file from the specified URL

wget https://raw.githubusercontent.com/sahil3276/Amass_Config/main/datasources.yaml

Now that the datasources.yaml file is installed, let’s take a look. We need to provide API keys for different platforms. You’ll need to visit each platform, sign up, and obtain your own API keys.

I have compiled a list of websites that provide API keys to users upon signing up. In Part-2, I’ll share the list of domains that offer FREE API keys. You just need to sign up there and obtain your own API key.

If you encounter any difficulties or problems, let me know in the comments.

See You Soon In Part-2

Thanks for your patience.

Sahil Shah.

Get in touch with me here:

Linkedin: https://www.linkedin.com/in/sahilshah3276/

Twitter: https://x.com/sahil3276

Github: https://github.com/sahil3276