How to **Actually** Use Amass More Effectively — Bug Bounty
99% of bug hunters only use 1% of Amass’ potential.
Considering becoming a member on medium? Use this link at no extra cost to yourself, and support me :) (https://medium.com/@nynan/membership)
Amass is one of the most recognisable, well-made and highly regarded reconnaissance tools, and yet with its incredible performance comes complexity in its use, and thus researchers don’t use it as well as they could. I’m here to introduce you to some of the most under-rated and underused features of Amass which can get you more bugs and fewer dupes.
If you find a recon guide or methodology that includes Amass, it will likely say something along the lines of “Amass is very complex so just use this command amass enum -d domain.com
and watch it magically spit out subdomains”, I’ve certainly been guilty of this , but when everyone is doing this, you’ll get the same results, so if you want bugs, do these four things to set yourself apart from other hunters…
Viz
I asked @Jeff Foley, the creator of Amass, what they thought deserved to be in this article, and they said
“I don’t hear people mention the visualization feature too often…”,