Skip to content

Instantly share code, notes, and snippets.

@ardzz

ardzz/amass2nuclei.py

Created January 23, 2024 03:19
Show Gist options
  • Save ardzz/4922fa7346a7678f7ae0586e0c70e8a1 to your computer and use it in GitHub Desktop.
Save ardzz/4922fa7346a7678f7ae0586e0c70e8a1 to your computer and use it in GitHub Desktop.
Download ZIP
Amass output cleaner
Raw
amass2nuclei.py
subdomains = open('subdomains.txt', 'r').read()
removable_chars = [
'', '[92m', '[0m', '[91m', '[93m', '[94m', '[95m', '[96m', '[97m', '[90m', '[1m', '[4m', '[5m', '[7m', '[8m',
'[0;0m', '[0;1m', '[0;2m', '[0;3m', '[0;4m', '[0;5m', '[0;6m', '[0;7m', '[0;8m', '[0;9m', '[0;10m', '[0;11m',
'[0;12m', '[0;13m', '[0;14m', '[0;15m', '[0;16m', '[0;17m', '[0;18m', '[0;19m', '[0;20m', '[0;21m', '[0;22m',
'[0;23m', '[0;24m', '[0;25m', '[0;26m', '[0;27m', '[0;28m', '[0;29m', '[0;30m', '[0;31m', '[0;32m', '[0;33m',
'[0;34m', '[0;35m', '[0;36m', '[0;37m', '[0;38m', '[0;39m', '[0;40m', '[0;41m', '[0;42m', '[0;43m', '[0;44m',
'[0;45m', '[0;46m', '[0;47m', '[0;48m', '[0;49m', '[0;50m', '[0;51m', '[0;52m', '[0;53m', '[0;54m', '[0;55m',
'[0;56m', '[0;57m', '[0;58m', '[0;59m', '[0;60m', '[0;61m', '[0;62m', '[0;63m', '[0;64m', '[0;65m', '[0;66m',
'[0;67m', '[0;68m', '[0;69m', '[0;70m', '[0;71m', '[0;72m', '[0;73m',
]
# CHANGE THIS TO YOUR DOMAIN EXTENTION
domain_extention = '.id'
for char in removable_chars:
subdomains = subdomains.replace(char, '')
clean_subdomains = []
for subdomain in subdomains.split('\n'):
whitelists = [
'a_record', 'aaaa_record',
'cname_record',
]
blacklist_subdomains = [
'webmail', 'cpanel', 'whm', 'webdisk', 'autodiscover',
'autoconfig', 'cpcalendars', 'cpcontacts', 'mail'
]
if any(whitelist in subdomain for whitelist in whitelists):
subdomain = subdomain.split(' --> ')[0].replace(' (FQDN)', '').replace('www.', '')
if subdomain.endswith(domain_extention) and not any(blacklist_subdomain in subdomain for blacklist_subdomain in blacklist_subdomains):
clean_subdomains.append(subdomain)
clean_subdomains = list(set(clean_subdomains))
with open('clean_subdomains.txt', 'w') as f:
for subdomain in clean_subdomains:
f.write(f'{subdomain}\n')
@ardzz
Copy link
Author

ardzz commented Jan 23, 2024

Amass command that i usually use:
amass enum -active -df target.txt -o subdomains.txt

After amass finished scanning, clean the output then scan by using nuclei

nuclei -l target.txt -et network,dns,ssl,file -eid tech-detect,http-missing-security-headers,waf-detect,cors-misconfig,options-method,robots-txt-endpoint,robots-txt,http-trace,CVE-2020-35489,wordpress-litespeed-cache,wordpress-user-role-editor,wordpress-wp-optimize,azure-domain-tenant,wordpress-user-enum,wordpress-rdf-user-enum,wordpress-readme-file,wordpress-wordpress-seo,wp-license-file,wordpress-xmlrpc-listmethods,wordpress-login,wordpress-detect,wordpress-xmlrpc-file,metatag-cms -o nuclei_output.txt

@ardzz
Copy link
Author

ardzz commented Jan 6, 2025
edited
Loading

bash version grep -oP '(?<=--> )[a-zA-Z0-9.-]+(?= \(FQDN\))' amass_output.txt | sort -u

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment