OWASP Amass – In-depth Attack Surface Mapping and Asset Discovery


The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

Information Gathering Techniques Used:

TechniqueData Sources
DNSBrute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing
ScrapingAsk, Baidu, Bing, BuiltWith, DNSDumpster, DuckDuckGo, HackerOne, IPv4Info, RapidDNS, Riddler, SiteDossier, Yahoo
CertificatesActive pulls (optional), Censys, CertSpotter, Crtsh, FacebookCT, GoogleCT
APIsAlienVault, Anubis, BinaryEdge, BGPView, BufferOver, C99, Chaos, CIRCL, Cloudflare, CommonCrawl, DNSDB, GitHub, HackerTarget, Hunter, IPinfo, Mnemonic, NetworksDB, PassiveTotal, RADb, ReconDev, Robtex, SecurityTrails, ShadowServer, Shodan, SonarSearch, Spyse, Sublist3rAPI, TeamCymru, ThreatBook, ThreatCrowd, ThreatMiner, Twitter, Umbrella, URLScan, VirusTotal, WhoisXMLAPI, ZETAlytics, ZoomEye
Web ArchivesArchiveIt, ArchiveToday, Wayback


You can find some additional installation variations in the Installation Guide.

Prebuilt Packages

  1. Simply unzip the package
  2. Put the precompiled binary into your path
  3. Start using OWASP Amass!


brew tap caffix/amass
brew install amass


sudo snap install amass

Docker Container

  1. Install Docker
  2. Pull the Docker image by running docker pull caffix/amass
  3. Run docker run -v OUTPUT_DIR_PATH:/.config/amass/ caffix/amass enum -share -d example.com

The volume argument allows the Amass graph database to persist between executions and output files to be accessed on the host system. The first field (left of the colon) of the volume option is the amass output directory that is external to Docker, while the second field is the path, internal to Docker, where amass will write the output files.

From Sources

  1. Install Go and setup your Go workspace
  2. Download OWASP Amass by running go get -v github.com/OWASP/Amass/v3/...
  3. At this point, the binary should be in $GOPATH/bin


Use the Installation Guide to get started.

Go to the User’s Guide for additional information.

See the Tutorial for example usage.

See the Amass Scripting Engine Manual for greater control over your enumeration process.

Download: https://github.com/OWASP/Amass

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *