amass-track

Track changes between enumerations

$ amass track -d [example.com]

$ amass track -d [example.com] -since "2024-01-01"

$ amass track -d [example.com] -last [2]

$ amass track -d [example.com] -o [changes.txt]

amass track [-d domain] [-since date] [-last n] [options]

amass track compares results from different enumeration runs to identify changes in an organization's external attack surface. It detects new subdomains, removed assets, and infrastructure changes.
This is useful for continuous monitoring of an organization's digital footprint, alerting security teams to potential shadow IT or unauthorized changes.

-d domain

Domain to track

Compare against enumerations since date

Compare against the last n enumerations

Show all historical changes

Output file

Database directory

~/.config/amass/config.ini

Amass configuration file defining data sources, API keys, and scope settings.

Requires multiple enumeration runs stored in database. Detection quality depends on consistency of enumeration settings. Large organizations may have frequent legitimate changes.

amass track was introduced to support continuous monitoring use cases, allowing security teams to detect attack surface changes over time.

amass(1), amass-enum(1), amass-db(1)