most of the subcommands returned to the client program

owasp-amass · Feb 20, 2024 · cd63363 · cd63363
1 parent 17acbc9
commit cd63363
Show file tree

Hide file tree

Showing 15 changed files with 2,494 additions and 8 deletions.
diff --git a/cmd/amass/format.go b/cmd/amass/format.go
@@ -0,0 +1,171 @@
+// Copyright © by Jeff Foley 2017-2024. All rights reserved.
+// Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
+// SPDX-License-Identifier: Apache-2.0
+
+package main
+
+import (
+	"fmt"
+	"io"
+	"net"
+	"strconv"
+	"strings"
+
+	"github.com/fatih/color"
+	"github.com/owasp-amass/amass/v4/format"
+)
+
+// ASNSummaryData stores information related to discovered ASs and netblocks.
+type ASNSummaryData struct {
+	Name      string
+	Netblocks map[string]int
+}
+
+// DesiredAddrTypes removes undesired address types from the AddressInfo slice.
+func DesiredAddrTypes(addrs []AddressInfo, ipv4, ipv6 bool) []AddressInfo {
+	var kept []AddressInfo
+
+	for _, addr := range addrs {
+		if ipv4 && IsIPv4(addr.Address) {
+			kept = append(kept, addr)
+		} else if ipv6 && IsIPv6(addr.Address) {
+			kept = append(kept, addr)
+		}
+	}
+
+	return kept
+}
+
+// IsIPv4 returns true when the provided net.IP address is an IPv4 address.
+func IsIPv4(ip net.IP) bool {
+	return strings.Count(ip.String(), ":") < 2
+}
+
+// IsIPv6 returns true when the provided net.IP address is an IPv6 address.
+func IsIPv6(ip net.IP) bool {
+	return strings.Count(ip.String(), ":") >= 2
+}
+
+// UpdateSummaryData updates the summary maps using the provided requests.Output data.
+func UpdateSummaryData(output *Output, asns map[int]*ASNSummaryData) {
+	for _, addr := range output.Addresses {
+		if addr.CIDRStr == "" {
+			continue
+		}
+
+		data, found := asns[addr.ASN]
+		if !found {
+			asns[addr.ASN] = &ASNSummaryData{
+				Name:      addr.Description,
+				Netblocks: make(map[string]int),
+			}
+			data = asns[addr.ASN]
+		}
+		// Increment how many IPs were in this netblock
+		data.Netblocks[addr.CIDRStr]++
+	}
+}
+
+// PrintEnumerationSummary outputs the summary information utilized by the command-line tools.
+func PrintEnumerationSummary(total int, asns map[int]*ASNSummaryData, demo bool) {
+	FprintEnumerationSummary(color.Error, total, asns, demo)
+}
+
+// FprintEnumerationSummary outputs the summary information utilized by the command-line tools.
+func FprintEnumerationSummary(out io.Writer, total int, asns map[int]*ASNSummaryData, demo bool) {
+	pad := func(num int, chr string) {
+		for i := 0; i < num; i++ {
+			b.Fprint(out, chr)
+		}
+	}
+
+	fmt.Fprintln(out)
+	// Print the header information
+	title := "OWASP Amass Project "
+	site := "https://github.com/owasp-amass/amass"
+	b.Fprint(out, title+format.Version)
+	num := 80 - (len(title) + len(format.Version) + len(site))
+	pad(num, " ")
+	b.Fprintf(out, "%s\n", site)
+	pad(8, "----------")
+	fmt.Fprintf(out, "\n%s%s", yellow(strconv.Itoa(total)), green(" names discovered"))
+	fmt.Fprintln(out)
+
+	if len(asns) == 0 {
+		return
+	}
+	// Another line gets printed
+	pad(8, "----------")
+	fmt.Fprintln(out)
+	// Print the ASN and netblock information
+	for asn, data := range asns {
+		asnstr := strconv.Itoa(asn)
+		datastr := data.Name
+
+		if demo && asn > 0 {
+			asnstr = censorString(asnstr, 0, len(asnstr))
+			datastr = censorString(datastr, 0, len(datastr))
+		}
+		fmt.Fprintf(out, "%s%s %s %s\n", blue("ASN: "), yellow(asnstr), green("-"), green(datastr))
+
+		for cidr, ips := range data.Netblocks {
+			countstr := strconv.Itoa(ips)
+			cidrstr := cidr
+
+			if demo {
+				cidrstr = censorNetBlock(cidrstr)
+			}
+
+			countstr = fmt.Sprintf("\t%-4s", countstr)
+			cidrstr = fmt.Sprintf("\t%-18s", cidrstr)
+			fmt.Fprintf(out, "%s%s %s\n", yellow(cidrstr), yellow(countstr), blue("Subdomain Name(s)"))
+		}
+	}
+}
+
+func censorString(input string, start, end int) string {
+	runes := []rune(input)
+	for i := start; i < end; i++ {
+		if runes[i] == '.' ||
+			runes[i] == '/' ||
+			runes[i] == '-' ||
+			runes[i] == ' ' {
+			continue
+		}
+		runes[i] = 'x'
+	}
+	return string(runes)
+}
+
+func censorDomain(input string) string {
+	return censorString(input, strings.Index(input, "."), len(input))
+}
+
+func censorIP(input string) string {
+	return censorString(input, 0, strings.LastIndex(input, "."))
+}
+
+func censorNetBlock(input string) string {
+	return censorString(input, 0, strings.Index(input, "/"))
+}
+
+// OutputLineParts returns the parts of a line to be printed for a requests.Output.
+func OutputLineParts(out *Output, addrs, demo bool) (name, ips string) {
+	if addrs {
+		for i, a := range out.Addresses {
+			if i != 0 {
+				ips += ","
+			}
+			if demo {
+				ips += censorIP(a.Address.String())
+			} else {
+				ips += a.Address.String()
+			}
+		}
+	}
+	name = out.Name
+	if demo {
+		name = censorDomain(name)
+	}
+	return
+}
diff --git a/cmd/amass/help.go b/cmd/amass/help.go
@@ -21,6 +21,12 @@ func runHelpCommand(clArgs []string) {
 	switch clArgs[0] {
 	case "enum":
 		runEnumCommand(help)
+	case "subs":
+		runSubsCommand(help)
+	case "viz":
+		runVizCommand(help)
+	case "track":
+		runTrackCommand(help)
 	default:
 		commandUsage(mainUsageMsg, helpCommand, helpBuf)
 		return

diff --git a/cmd/amass/main.go b/cmd/amass/main.go
@@ -33,6 +33,7 @@ import (
 	"net/url"
 	"os"
 	"path"
+	"path/filepath"
 	"strings"
 	"time"
 
@@ -43,6 +44,7 @@ import (
 	"github.com/owasp-amass/amass/v4/launch"
 	"github.com/owasp-amass/config/config"
 	"github.com/owasp-amass/engine/api/graphql/client"
+	"github.com/owasp-amass/engine/graph"
 	et "github.com/owasp-amass/engine/types"
 	"github.com/owasp-amass/open-asset-model/domain"
 	oamnet "github.com/owasp-amass/open-asset-model/network"
@@ -57,15 +59,15 @@ const (
 
 var (
 	// Colors used to ease the reading of program output
-	//b       = color.New(color.FgHiBlue)
+	b = color.New(color.FgHiBlue)
 	//y       = color.New(color.FgHiYellow)
-	g   = color.New(color.FgHiGreen)
-	r   = color.New(color.FgHiRed)
-	fgR = color.New(color.FgRed)
-	fgY = color.New(color.FgYellow)
-	//yellow  = color.New(color.FgHiYellow).SprintFunc()
-	green = color.New(color.FgHiGreen).SprintFunc()
-	//blue    = color.New(color.FgHiBlue).SprintFunc()
+	g      = color.New(color.FgHiGreen)
+	r      = color.New(color.FgHiRed)
+	fgR    = color.New(color.FgRed)
+	fgY    = color.New(color.FgYellow)
+	yellow = color.New(color.FgHiYellow).SprintFunc()
+	green  = color.New(color.FgHiGreen).SprintFunc()
+	blue   = color.New(color.FgHiBlue).SprintFunc()
 	//magenta = color.New(color.FgHiMagenta).SprintFunc()
 	//white   = color.New(color.FgHiWhite).SprintFunc()
 )
@@ -80,6 +82,9 @@ func commandUsage(msg string, cmdFlagSet *flag.FlagSet, errBuf *bytes.Buffer) {
 		g.Fprintf(color.Error, "\nSubcommands: \n\n")
 		g.Fprintf(color.Error, "\t%-11s - Discover targets for enumerations\n", "amass intel")
 		g.Fprintf(color.Error, "\t%-11s - Perform enumerations and network mapping\n", "amass enum")
+		g.Fprintf(color.Error, "\t%-11s - Analyze subdomain information in the asset-db\n", "amass subs")
+		g.Fprintf(color.Error, "\t%-11s - Analyze OAM data to generate graph visualizations\n", "amass viz")
+		g.Fprintf(color.Error, "\t%-11s - Analyze OAM data to identify newly discovered assets\n", "amass track")
 	}
 
 	g.Fprintln(color.Error)
@@ -119,6 +124,12 @@ func main() {
 	switch os.Args[1] {
 	case "enum":
 		runEnumCommand(os.Args[2:])
+	case "subs":
+		runSubsCommand(os.Args[2:])
+	case "viz":
+		runVizCommand(os.Args[2:])
+	case "track":
+		runTrackCommand(os.Args[2:])
 	case "engine":
 		if err := launch.LaunchEngine(); err != nil {
 			fmt.Printf("%v\n", err)
@@ -145,6 +156,31 @@ func createOutputDirectory(cfg *config.Config) {
 	}
 }
 
+func openGraphDatabase(cfg *config.Config) *graph.Graph {
+	// Add the local database settings to the configuration
+	cfg.GraphDBs = append(cfg.GraphDBs, cfg.LocalDatabaseSettings(cfg.GraphDBs))
+
+	for _, db := range cfg.GraphDBs {
+		if db.Primary {
+			var g *graph.Graph
+
+			if db.System == "local" {
+				g = graph.NewGraph(db.System, filepath.Join(config.OutputDirectory(cfg.Dir), "amass.sqlite"), db.Options)
+			} else {
+				connStr := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s", db.Host, db.Port, db.Username, db.Password, db.DBName)
+				g = graph.NewGraph(db.System, connStr, db.Options)
+			}
+
+			if g != nil {
+				return g
+			}
+			break
+		}
+	}
+
+	return graph.NewGraph("memory", "", "")
+}
+
 func getWordList(reader io.Reader) ([]string, error) {
 	var words []string