OWASP Amass
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Information Gathering Techniques Used:
| Technique | Data Sources |
|---|---|
| DNS | Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing |
| Scraping | AbuseIPDB, Ask, AskDNS, Baidu, Bing, DNSDumpster, DuckDuckGo, Gists, HackerOne, HyperStat, IPv4Info, PKey, RapidDNS, Riddler, Searchcode, Searx, SiteDossier, SpyOnWeb, Yahoo |
| Certificates | Active pulls (optional), Censys, CertSpotter, Crtsh, Digitorus, FacebookCT, GoogleCT |
| APIs | 360PassiveDNS, ARIN, Ahrefs, AlienVault, AnubisDB, BinaryEdge, BGPView, BufferOver, BuiltWith, C99, Chaos, CIRCL, Cloudflare, CommonCrawl, DNSDB, DNSlytics, Detectify, FOFA, GitHub, GitLab, Greynoise, HackerTarget, Hunter, IntelX, IPdata, IPinfo, Maltiverse, Mnemonic, N45HT, NetworksDB, ONYPHE, PassiveTotal, PentestTools, Quake, RADb, ReconDev, Robtex, SecurityTrails, ShadowServer, Shodan, SonarSearch, Spamhaus, Spyse, Sublist3rAPI, TeamCymru, ThreatBook, ThreatCrowd, ThreatMiner, Twitter, Umbrella, URLScan, VirusTotal, WhoisXMLAPI, ZETAlytics, ZoomEye |
| Web Archives | ArchiveIt, Arquivo, HAW, UKWebArchive, Wayback |
Installation
You can find some additional installation variations in the Installation Guide.
Prebuilt Packages
- Simply unzip the package
- Put the precompiled binary into your path
- Start using OWASP Amass!
Homebrew
brew tap caffix/amass
brew install amass
Snapcraft
sudo snap install amass
Docker Container
- Install Docker
- Pull the Docker image by running
docker pull caffix/amass - Run
docker run -v OUTPUT_DIR_PATH:/.config/amass/ caffix/amass enum -share -d example.com
The volume argument allows the Amass graph database to persist between executions and output files to be accessed on the host system. The first field (left of the colon) of the volume option is the amass output directory that is external to Docker, while the second field is the path, internal to Docker, where amass will write the output files.
From Sources
- Install Go and setup your Go workspace
- Download OWASP Amass by running
go get -v github.com/OWASP/Amass/v3/... - At this point, the binary should be in
$GOPATH/bin
Documentation
Use the Installation Guide to get started.
Go to the User's Guide for additional information.
See the Tutorial for example usage.
See the Amass Scripting Engine Manual for greater control over your enumeration process.
Troubleshooting
If you need help with installation and/or usage of the tool, please join our Discord server where community members can best help you.
Contributing
We are always happy to get new contributors on board! Please check CONTRIBUTING.md to learn how tocontribute to our codebase, and join our Discord Server to discuss current project goals.
For a list of all contributors to the OWASP Amass Project please visit our HALL_OF_FAME.md.
External Projects Helping Amass Users
Testimonials
"Accenture’s adversary simulation team has used Amass as our primary tool suite on a variety of external enumeration projects and attack surface assessments for clients. It’s been an absolutely invaluable basis for infrastructure enumeration, and we’re really grateful for all the hard work that’s gone into making and maintaining it – it’s made our job much easier!"
- Max Deighton, Accenture Cyber Defense Manager
References
Did you write a blog post, magazine article or do a podcast about OWASP Amass? Or maybe you held or joined a conference talk or meetup session, a hacking workshop or public training where this project was mentioned?
Add it to our ever-growing list of REFERENCES.md by forking and opening a Pull Request!
Top Mentions
- SecurityTrails | Introducing the new OWASP Amass Information Sharing Feature: a Big Community Effort to Share Accurate Domain and Subdomain data, for everyone
- WhoisXML API | OWASP Amass and WhoisXML API Are Now Integration Partners
- Intigriti | Hacker tools: Amass – Hunting for Subdomains
- Hakluke | Guide to Amass — How to Use Amass More Effectively for Bug Bounties
- SecurityTrails | OWASP Amass: A Solid Information Gathering Tool
- TrustedSec | Upgrade Your Workflow, Part 1: Building OSINT Checklists
- SANS ISC | Offensive Tools Are For Blue Teams Too
- Daniel Miessler | amass — Automated Attack Surface Mapping
- Dionach | How to Use OWASP Amass: An Extensive Tutorial
- Jason Haddix | LevelUp 0x02 - The Bug Hunters Methodology v3(ish)
- Hacker Toolbelt | OWASP Amass OSINT Reconnaissance
- ToolWar | Extreme Subdomain Enumeration/Scanning on Windows : OWASP Amass
- Ghost Lulz | YouTube - Bug Bounty Tips: Amass Recon Tool
- Capt. Meelo | Asset Enumeration: Expanding a Target's Attack Surface
- Noobhax | My Recon Process — DNS Enumeration
Licensing
This program is free software: you can redistribute it and/or modify it under the terms of the Apache license. OWASP Amass and any contributions are Copyright © by Jeff Foley 2017-2021. Some subcomponents have separate licenses.
-
owasp Amass 介绍 amass是由owasp维护的,帮助用户收集目标企业的外网资产 功能 根据组织名搜索组织的 自治号 根据whois信息关联组织其他主域名 根据主域名枚举子域名 优势 有专门owasp小组进行维护 在持续的更新 官方宣称 将会持续开发新的检测技术 和修复已知bug 开源也许是最大优势 可以比较两次扫描结果的差异, 形成新增子域名的报警机制 支持lua脚本模式 不足 in
-
零、amass简介 amass是一款很好用的信息收集工具,该文章将详细介绍分析amass的使用方法。 一、amass版本与帮助 amass -h 获取提示 amass -help 获取提示 amass -version 获取版本 二、常见基本用途 1、子域名枚举最基本的操作为: amass enum -d example.com 2、DNS枚举的典型参数: amass enum -v -src -
-
7.amass; amass;accumulate; assemble eg1:While Bakeland had been busily amassing dollars, some advances had been made in the development of plastics.During 1899 and 1900, it had seen the patenting of t