OWASP Amass
The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.
Information Gathering Techniques Used:
- DNS: Basic enumeration, Brute forcing (optional), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (optional)
- Scraping: Ask, Baidu, Bing, DNSDumpster, DNSTable, Dogpile, Exalead, Google, HackerOne, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, ViewDNS, Yahoo
- Certificates: Active pulls (optional), Censys, CertSpotter, Crtsh, Entrust, GoogleCT
- APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, CommonCrawl, DNSDB, GitHub, HackerTarget, IPToASN, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, Robtex, SecurityTrails, ShadowServer, Shodan, Spyse (CertDB & FindSubdomains), Sublist3rAPI, TeamCymru, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML
- Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback
Use the Installation Guide to get started.
Go to the User's Guide for additional information.
See the Tutorial for example usage.
This project improves thanks to all the people who contribute:
- TrustedSec | Upgrade Your Workflow, Part 1: Building OSINT Checklists
- SANS ISC | Offensive Tools Are For Blue Teams Too
- Daniel Miessler | amass — Automated Attack Surface Mapping
- Dionach | How to Use OWASP Amass: An Extensive Tutorial
- Jason Haddix | LevelUp 0x02 - The Bug Hunters Methodology v3(ish)
- FireEye | Commando VM 2.0: Customization, Containers, and Kali, Oh My!
- SecurityTrails | Top Linux Distros for Ethical Hacking and Penetration Testing
- Hacker Toolbelt | OWASP Amass OSINT Reconnaissance
- ToolWar | Extreme Subdomain Enumeration/Scanning on Windows : OWASP Amass
- Ghost Lulz | YouTube - Bug Bounty Tips: Amass Recon Tool
- HackbotOne | 10 Recon Tools For Bug Bounty
- Capt. Meelo | Asset Enumeration: Expanding a Target's Attack Surface
- Noobhax | My Recon Process — DNS Enumeration