/Amass

In-depth Attack Surface Mapping and Asset Discovery

Primary LanguageGoOtherNOASSERTION

OWASP Flagship GitHub Release GitHub Release Date Docker Images Follow on Twitter Chat on Discord

GoDoc License CircleCI Status Go Report CodeFactor Maintainability Codecov

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

Information Gathering Techniques Used:

Technique Data Sources
DNS Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing
Scraping Ask, Baidu, Bing, BuiltWith, DNSDumpster, HackerOne, RapidDNS, Riddler, SiteDossier, ViewDNS, Yahoo
Certificates Active pulls (optional), Censys, CertSpotter, Crtsh, FacebookCT, GoogleCT
APIs AlienVault, Anubis, BinaryEdge, BufferOver, C99, CIRCL, Cloudflare, CommonCrawl, DNSDB, GitHub, HackerTarget, Mnemonic, NetworksDB, PassiveTotal, Pastebin, RADb, ReconDev, Robtex, SecurityTrails, ShadowServer, Shodan, SonarSearch, Spyse, Sublist3rAPI, TeamCymru, ThreatBook, ThreatCrowd, ThreatMiner, Twitter, Umbrella, URLScan, VirusTotal, WhoisXML, ZETAlytics, ZoomEye
Web Archives ArchiveIt, LoCArchive, UKGovArchive, Wayback

Installation Go Version Docker Images GitHub Downloads

You can find some additional installation variations in the Installation Guide.

Prebuilt Packages

  1. Simply unzip the package
  2. Put the precompiled binary into your path
  3. Start using OWASP Amass!

Homebrew

brew tap caffix/amass
brew install amass

Snapcraft

sudo snap install amass

Docker Container

  1. Install Docker
  2. Pull the Docker image by running docker pull caffix/amass
  3. Run docker run -v OUTPUT_DIR_PATH:/.config/amass/ caffix/amass --version

The volume argument allows the Amass graph database to persist between executions and output files to be accessed on the host system. The first field (left of the colon) of the volume option is the amass output directory that is external to Docker, while the second field is the path, internal to Docker, where amass will write the output files.

The wordlists maintained in the Amass git repository are available in /examples/wordlists/ within the docker container. For example, to use all.txt:

docker run -v OUTPUT_DIR_PATH:/.config/amass/ caffix/amass enum -brute -w /wordlists/all.txt -d example.com

From Sources

  1. Install Go and setup your Go workspace
  2. Download OWASP Amass by running GO111MODULE=on go get -v github.com/OWASP/Amass/v3/...
  3. At this point, the binary should be in $GOPATH/bin

Documentation GoDoc

Use the Installation Guide to get started.

Go to the User's Guide for additional information.

See the Tutorial for example usage.

See the Amass Scripting Engine Manual for greater control over your enumeration process.

Troubleshooting Chat on Discord

If you need help with installation and/or usage of the tool, please join our Discord server where community members can best try to help you.

🛑 Please avoid opening GitHub issues for support requests or questions!

Contributing Contribute Yes Chat on Discord

We are always happy to get new contributors on board! Please check CONTRIBUTING.md to learn how to contribute to our codebase, and join our Discord Server to discuss current project goals.

The OWASP Amass core project team are:

For a list of all contributors to the OWASP Amass Project please visit our HALL_OF_FAME.md.

References Bugcrowd LevelUp 0x04 DEF CON 27 Demo Labs DEF CON 27 Recon Village DEF CON 28 Red Team Village Bugcrowd LevelUp 0x07 Grayhat 2020 BeNeLux 2020

Did you write a blog post, magazine article or do a podcast about or mentioning OWASP Amass? Or maybe you held or joined a conference talk or meetup session, a hacking workshop or public training where this project was mentioned?

Add it to our ever-growing list of REFERENCES.md by forking and opening a Pull Request!

Top Mentions

Licensing License

This program is free software: you can redistribute it and/or modify it under the terms of the Apache license. OWASP Amass and any contributions are Copyright © by Jeff Foley 2017-2020.

Network graph