The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
Information Gathering Techniques Used:
|DNS||Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing|
|Scraping||Ask, Baidu, Bing, BuiltWith, DNSDumpster, HackerOne, IPv4Info, RapidDNS, Riddler, SiteDossier, Yahoo|
|Certificates||Active pulls (optional), Censys, CertSpotter, Crtsh, FacebookCT, GoogleCT|
|APIs||AlienVault, Anubis, BinaryEdge, BGPView, BufferOver, C99, CIRCL, Cloudflare, CommonCrawl, DNSDB, GitHub, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, ReconDev, Robtex, SecurityTrails, ShadowServer, Shodan, SonarSearch, Spyse, Sublist3rAPI, TeamCymru, ThreatBook, ThreatCrowd, ThreatMiner, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML, ZETAlytics, ZoomEye|
|Web Archives||ArchiveIt, ArchiveToday, Wayback|
You can find some additional installation variations in the Installation Guide.
brew tap caffix/amass brew install amass
sudo snap install amass
docker pull caffix/amass
docker run -v OUTPUT_DIR_PATH:/.config/amass/ caffix/amass enum -brute -d example.com
The volume argument allows the Amass graph database to persist between executions and output files to be accessed on the host system. The first field (left of the colon) of the volume option is the amass output directory that is external to Docker, while the second field is the path, internal to Docker, where amass will write the output files.
go get -v github.com/OWASP/Amass/v3/...
Use the Installation Guide to get started.
Go to the User's Guide for additional information.
See the Tutorial for example usage.
See the Amass Scripting Engine Manual for greater control over your enumeration process.
If you need help with installation and/or usage of the tool, please join our Discord server where community members can best help you.
🛑 Please avoid opening GitHub issues for support requests or questions!
For a list of all contributors to the OWASP Amass Project please visit our HALL_OF_FAME.md.
Did you write a blog post, magazine article or do a podcast about OWASP Amass? Or maybe you held or joined a conference talk or meetup session, a hacking workshop or public training where this project was mentioned?
Add it to our ever-growing list of REFERENCES.md by forking and opening a Pull Request!
This program is free software: you can redistribute it and/or modify it under the terms of the Apache license. OWASP Amass and any contributions are Copyright © by Jeff Foley 2017-2021. Some subcomponents have separate licenses.