一键导入
amass
Use OWASP Amass for authorized asset discovery, domain enumeration, and DNS intelligence on in-scope targets.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use OWASP Amass for authorized asset discovery, domain enumeration, and DNS intelligence on in-scope targets.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
Use agent-browser-cli to perceive and control the supervised Chrome browser inside the sandbox, interact with pages, capture screenshots/PDFs, inspect cookies/CDP/network/console state, and troubleshoot only when needed.
Use apktool for authorized Android APK resource decoding, manifest review, smali inspection, rebuild checks, and static mobile artifact triage.
Use file, 7z, unzip, tar-compatible tools, hashes, and bounded shell inspection for safe triage of provided archives and unknown files.
Use binwalk for authorized firmware, binary blob, archive, filesystem, and embedded-content triage with bounded extraction and evidence handling.
Use the pwntools-provided checksec CLI for authorized ELF hardening review, mitigation checks, and binary triage evidence.
Use dig, nslookup, whois, and related local CLIs for authorized DNS, WHOIS, ASN, mail, nameserver, and ownership triage.
| name | amass |
| description | Use OWASP Amass for authorized asset discovery, domain enumeration, and DNS intelligence on in-scope targets. |
Use OWASP amass for authorized asset discovery and domain intelligence when subfinder alone is not enough.
Before constructing commands, run the installed help and use it as the source of truth:
amass -h
amass enum -h
dnsx and HTTP-facing assets with httpx before reporting them as live.subfinder pass by default; run Amass when its broader data model, state directory, or active options add value.Run a passive first pass and keep Amass state in the task directory:
amass enum -passive -d example.com -dir amass-data -o amass.txt
Run against a bounded domain list:
amass enum -passive -df domains.txt -dir amass-data -o amass.txt
Validate Amass output before reporting live assets:
dnsx -l amass.txt -silent -o amass-resolved.txt
httpx -l amass-resolved.txt -silent -status-code -title -o amass-http.txt
Report the authorized scope, command used, output directory, result counts, validated assets, and any unresolved assumptions.