amass-track

Show the difference between the last two enumerations of the specified domain

$ amass track -dir [path/to/database_directory] -d [domain_name] -last 2

$ amass track -dir [path/to/database_directory] -d [domain_name] -since [01/02 15:04:05 2006 MST]

amass track [options] [<domain>...]

-addr string
    Address to send status information (default "127.0.0.1:8080")

-aw
    Append wordlist results to the database

-config string
    Path to the config file

-debug
    Print debug information

-dir string
    Path to the output directory (default ".")

-d strings
    Domain names to track separated by commas

-df string
    List of domains to track (one per line)

-env string
    Environment setting to use in the configuration file

-h, -help
    Show the program usage

-json
    Write output as JSON

-k
    Skip querying certificate transparency logs

-list
    List the tracked domains

-log string
    Path to the log file

-nf string
    List of domains to ignore (one per line)

-o string
    Path to the output file

-remove strings
    Remove the listed domains

-tx int
    Number of concurrent threads to use (default 10)

-v int
    Log level verbosity (0-3)

-w string
    Path to a different wordlist file

-ws string
    Address of the web server (default ":%8080")

The amass track command is a subcommand of the OWASP Amass toolkit, designed for ongoing monitoring of subdomain creation across specified domains. It generates subdomain alterations from wordlists and queries diverse data sources such as certificate transparency logs, DNS brute-forcing, search engines, and reverse WHOIS databases to detect newly registered subdomains.

This tool runs indefinitely, maintaining an SQLite database to track previously discovered names and only reporting novel findings. Ideal for security researchers, bug bounty hunters, and red teams, it helps map evolving attack surfaces. Output can be directed to files, JSON, console, or a local web server for real-time visualization. Configuration files enable API keys for premium sources, enhancing discovery rates.

Key benefits include automation of repetitive reconnaissance, reduced false positives via deduplication, and integration with other Amass modules for comprehensive asset discovery.

Runs indefinitely until interrupted (Ctrl+C); high resource usage with many domains or threads; requires Amass configuration and API keys for best results; database corruption possible if improperly stopped.

amass track example.com
amass track -dir ./output -d example.com,example.org -json
amass track -list

Uses SQLite DB in output directory to store discoveries; use amass db subcommands for management.

Developed as part of the OWASP Amass project by Jeff Foley starting around 2017. Evolved from earlier tools like MassDNS, with track feature added for persistent reconnaissance in v3.x releases.

amass(1), amass enum(1), subfinder(1), dnsrecon(1)