The “amass track” command is a feature of the Amass tool that allows users to track and compare differences between multiple enumerations of the same domain. It helps in monitoring changes and updates to the domain’s infrastructure over time. Here’s a more detailed explanation:
- Enumeration Comparison: The primary purpose of the “amass track” command is to compare the results of multiple enumerations conducted on the same domain. It enables users to track differences between these enumerations and identify changes in the domain’s subdomains, IP addresses, or other related information.
- Monitoring Changes: By tracking differences, the command helps in monitoring the evolving state of the domain. It allows users to observe additions, removals, or modifications in the domain’s infrastructure, providing insights into potential security risks, misconfigurations, or updates made by the domain owner.
- Historical View: The command provides a historical perspective by retaining and comparing data from previous enumerations. This allows users to analyze how the domain’s infrastructure has changed over time, facilitating trend analysis, incident investigation, or compliance audits.
- Customizable Tracking: Users can customize the tracking process according to their specific needs. They can specify the previous enumeration results to compare against, define the scope of tracking (e.g., subdomains only), and set parameters to filter and focus on specific changes of interest.
- Visual Differences: The command provides visual representations of the differences between enumerations. It highlights additions, removals, or modifications in the collected data, making it easier to understand and interpret the changes that have occurred.
- Output Formats: “amass track” offers various output formats for presenting the differences between enumerations. Users can choose formats such as CSV (Comma-Separated Values), JSON (JavaScript Object Notation), or plain text, depending on their preference and the intended use of the tracked data.
- Integration with Other Tools: The command integrates well with other tools and workflows, allowing users to leverage the tracked differences in combination with additional analysis or security assessment processes. It can serve as a valuable input to further investigations or as a source of information for other security tools.
- Automation and Continuous Tracking: “amass track” can be automated to perform regular or continuous tracking of domain enumerations. By scheduling periodic scans, users can automatically compare changes and receive notifications when significant differences are detected, helping in proactive monitoring and alerting.
The “amass track” command in Amass enhances the tool’s functionality by enabling users to track and compare differences between multiple enumerations of the same domain. It provides valuable insights into changes in the domain’s infrastructure over time, facilitating trend analysis, security monitoring, and incident response activities.
amass track Command Examples
1. Show the difference between the last two enumerations of the specified domain:
# amass track -dir /path/to/database_directory -d domain_name -last 2
2. Show the difference between a certain point in time and the last enumeration:
# amass track -dir /path/to/database_directory -d domain_name -since "01/02 15:04:05 2006 MST"