1
00:00:00,090 --> 00:00:03,510
So the next two on the list is a tool called a mass.

2
00:00:03,510 --> 00:00:11,000
Now a mass is also used for subdomain hunting and it is fantastic tool.

3
00:00:11,010 --> 00:00:16,380
Now you might be asking why do I care about another tool for subdomain hunting.

4
00:00:16,380 --> 00:00:21,090
Well every tools a little bit different in how it pulls down its subdomains.

5
00:00:21,240 --> 00:00:28,140
And if you combine multiple subdomain tools you're bound to find more subdomains.

6
00:00:28,140 --> 00:00:33,030
And remember if we're only limiting ourselves to something like Tesla dot com and not looking at all

7
00:00:33,030 --> 00:00:37,860
the subdomains when we're doing a web app assessment then we could potentially miss out if we're doing

8
00:00:37,860 --> 00:00:38,870
bug bounties.

9
00:00:38,970 --> 00:00:44,100
We could potentially miss out on a lot of different development sites or you know sites that are out

10
00:00:44,100 --> 00:00:45,090
there that we don't know about.

11
00:00:45,480 --> 00:00:52,340
And if we're doing a pen test then we can miss out on subdomains that we should have pen tested against.

12
00:00:52,500 --> 00:00:55,640
And we're going to tell the client hey you know you were good to go on this.

13
00:00:55,650 --> 00:00:57,300
But in reality they weren't.

14
00:00:57,300 --> 00:00:59,210
If we didn't look through everything.

15
00:00:59,400 --> 00:01:09,510
So let's go ahead and download a mass as well and a mass is made by a loss which is the official web

16
00:01:09,510 --> 00:01:11,070
app security.

17
00:01:11,100 --> 00:01:13,090
So you're going to see a loss quite a bit.

18
00:01:13,260 --> 00:01:16,640
And if we click down into here scroll down just a bit.

19
00:01:16,740 --> 00:01:22,240
You're going to see that it has an installation guide now in the installation guide.

20
00:01:22,290 --> 00:01:27,330
We're just going to scroll down a little bit here and you're going to follow these steps from source.

21
00:01:27,330 --> 00:01:30,480
So this is again another go tool.

22
00:01:30,480 --> 00:01:37,350
All you gotta do is export this go 1 1 1 module and then go ahead and paste this in here just like this

23
00:01:38,430 --> 00:01:41,910
so I'm going to minimize this and you're going to see that I've already done it.

24
00:01:41,940 --> 00:01:43,940
So go ahead and do it for you.

25
00:01:44,010 --> 00:01:49,550
It is a bit of it takes a bit of time is what I should say maybe a minute or two.

26
00:01:49,560 --> 00:01:53,600
Go ahead and let this install and then pause the video.

27
00:01:53,730 --> 00:01:58,040
Meet me back when you're ready OK.

28
00:01:58,050 --> 00:02:04,950
So now what I'm going to do is we're going to build in a mass into our script and I'm gonna run a mass

29
00:02:05,010 --> 00:02:10,530
as is so you can see what it's capable of doing but a mass takes some time.

30
00:02:10,530 --> 00:02:16,710
So the way we're gonna run a mass is we're gonna say Amos he Newham and then we're going to pick the

31
00:02:16,710 --> 00:02:19,360
domain in the domain is Tesla that.

32
00:02:19,440 --> 00:02:19,790
All right.

33
00:02:20,490 --> 00:02:21,840
So that's all we're gonna do.

34
00:02:21,840 --> 00:02:23,410
Now let's build this into our script.

35
00:02:23,430 --> 00:02:24,480
This is running.

36
00:02:24,480 --> 00:02:30,840
It's going to take quite a bit of time again and we'll let this run as we do it and then I'm going to

37
00:02:30,840 --> 00:02:32,150
comment this out in the script.

38
00:02:32,160 --> 00:02:37,560
So that way when we write it for future tests it's going to be a lot faster.

39
00:02:38,190 --> 00:02:44,600
So what we're gonna do here is we're gonna go ahead and just say ECHO AND WE'RE GONNA echo out.

40
00:02:44,610 --> 00:02:53,010
Same thing we're just going to say something like like a type we're gonna say harvesting subdomains

41
00:02:53,100 --> 00:02:55,110
with famous

42
00:02:57,790 --> 00:02:58,760
OK.

43
00:02:58,790 --> 00:03:06,440
And again I didn't realize it but I screwed up over here all right because for some reason it's not

44
00:03:06,980 --> 00:03:09,130
typing in the plus side when I'm doing it.

45
00:03:09,530 --> 00:03:09,810
OK.

46
00:03:09,830 --> 00:03:17,180
So here we're gonna say a Mass enum just like we did before domain thylacine you or L and what we'll

47
00:03:17,180 --> 00:03:24,050
do is we'll put this into the recon folder as well so we'll just call this we'll call this your l recon

48
00:03:24,440 --> 00:03:30,530
and we'll just call this f dot Tex because we're gonna make this final that text at some point so we're

49
00:03:30,530 --> 00:03:39,840
gonna take this and sort everything here that we find we're gonna put this into your l recon final.

50
00:03:39,920 --> 00:03:40,600
OK.

51
00:03:40,910 --> 00:03:43,340
So we have two options of how we can do this.

52
00:03:43,370 --> 00:03:48,890
We could actually put this into we could put this all in the final text and then sort it which is fine

53
00:03:48,920 --> 00:03:53,810
actually if we want to do that the other option which I was going to show you is sorting it out a different

54
00:03:53,810 --> 00:04:00,290
way but we can put it into final and but then we would have to sort remove.

55
00:04:00,290 --> 00:04:04,490
So actually I'm going to leave it like this and we're gonna do this kind of like this.

56
00:04:04,490 --> 00:04:12,650
We're going to sort this into you are L recon final that text and we'll take the final and move it into

57
00:04:12,650 --> 00:04:14,850
a new file here in a second.

58
00:04:14,900 --> 00:04:24,650
So we've got this and then we're gonna do is we're gonna just go ahead and remove your l recon f that

59
00:04:24,650 --> 00:04:25,190
text.

60
00:04:25,580 --> 00:04:26,190
OK.

61
00:04:27,400 --> 00:04:29,320
So we don't have to create anything new.

62
00:04:29,320 --> 00:04:32,020
As of right now the folders are all the same.

63
00:04:32,020 --> 00:04:33,370
And this is going to pull this down.

64
00:04:33,370 --> 00:04:37,350
What I want you to go ahead and do is I want you to comment this out.

65
00:04:37,360 --> 00:04:40,210
We're not going to use this for the remainder of the course.

66
00:04:40,280 --> 00:04:46,480
I do want you to see that Amos is pulling down quite a bit of information and you could see it's just

67
00:04:47,020 --> 00:04:52,930
I mean it takes a lot of time but it's going to find different things here than what we found originally

68
00:04:52,930 --> 00:05:01,210
with just asset finder so we can combine these two here and come down with it and just finish.

69
00:05:01,240 --> 00:05:05,980
So that's how long it would take come down with a list combine those into a final that text in in the

70
00:05:05,980 --> 00:05:07,030
next video.

71
00:05:07,030 --> 00:05:12,340
We would combine those into one big file with it all sorted out.

72
00:05:12,340 --> 00:05:17,950
So we don't have any repeats so I'm going to show you in the next video How to probe for these being

73
00:05:17,980 --> 00:05:21,760
alive or not which is going to save a lot of time for us.

74
00:05:21,790 --> 00:05:25,540
So I'll catch you over in the next video and we start talking about h t t pro.