OWASP Amass
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.
Information Gathering Techniques Used:
- DNS: Basic enumeration, Brute forcing (optional), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (optional)
- Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Dogpile, Exalead, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo
- Certificates: Active pulls (optional), Censys, CertSpotter, Crtsh, Entrust, GoogleCT
- APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, CommonCrawl, DNSDB, GitHub, HackerTarget, IPToASN, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Spyse (CertDB & FindSubdomains), Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML
- Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback
Documentation
Use the Installation Guide to get started.
Go to the User's Guide for additional information.
Community
Project Leader
Contributors
This project improves thanks to all the people who contribute:
Mentions
- OWASP Amass at OWASP Sendai Day 2020 Lightning Talks
- How to Use OWASP Amass: An Extensive Tutorial
- 10 Recon Tools For Bug Bounty
- Bug Bounty Tips: Amass Recon Tool
- Find Subdomain Takeover with Amass + SubJack
- OWASP Amass OSINT Reconnaissance
- Top Linux Distros for Ethical Hacking and Penetration Testing
- 5 Subdomain Takeover #ProTips
- Red Team Methodology - A Naked Look
- Asset Enumeration: Expanding a Target's Attack Surface
- Das Sicherheitswerkzeug Kali Linux steht in der Version 2019.3 bereit
- Commando VM 2.0: Customization, Containers, and Kali, Oh My!
- 8 Free Tools to Be Showcased at Black Hat and DEF CON
- amass — Automated Attack Surface Mapping
- Aquatone — A Tool for Domain Flyovers
- Collaborating with the Crowd – Recapping LevelUp 0X04
- Subdomain Enumeration: 2019 Workflow
- REMOTE CODE EXECUTION ! ? Recon Wins
- Security assessment on staging domains
- Where You’ll Find Us: An Overview of SecurityTrails Integrations
- Web tools, or where to start a pentester?
- Tool for detailed DNS enumeration and creation of network infrastructure maps
- Top 7 Subdomain Scanner Tools: Find Subdomains in Seconds
- Cyber Talent Gap: How to Do More With Less
- My Recon Process — DNS Enumeration
- Week in OSINT #2019–16: From OSINT for pentesting, to OCR and OWASP
- Stop Using Python for Subdomain Enumeration
- My Personal OSINT Techniques, Part 1 of 2: Key & Layer, Contingency Seeding
- Subdomain Enumeration Tools – 2019 Update
- Leaked Salesforce API access token at IDEA.com
- Week in OSINT #2019–11: This time a collection of mostly tools and sites
- Bug Hunting Methodology (part-1)
- 100 ways to discover (part 1)
- Pose a Threat: How Perceptual Analysis Helps Bug Hunters
- A penetration tester’s guide to subdomain enumeration
- Abusing access control on a large online e-commerce site to register as supplier
- Black Hat Training, Making the Cloud Rain Shells!: Discovery and Recon
- Subdomains Enumeration Cheat Sheet
- Search subdomains and build graphs of network structure with Amass
- Getting started in Bug Bounty
- Source code disclosure via exposed .git folder
- Amass, the best application to search for subdomains
- Subdomain Takeover: Finding Candidates
- Paul's Security Weekly #564: Technical Segment - Bug Bounty Hunting
- The Bug Hunters Methodology v3(ish)
- Doing Recon the Correct Way
- Discovering subdomains
- Asset Discovery: Doing Reconnaissance the Hard Way
- Project Sonar: An Underrated Source of Internet-wide Data
- Top Five Ways the Red Team breached the External Perimeter