# owasp-amass/amass

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/owasp-amass-amass).**

14,155 stars · 2,083 forks · Go · other

## Links

- GitHub: https://github.com/owasp-amass/amass
- Homepage: https://owasp.org/www-project-amass/
- awesome-repositories: https://awesome-repositories.com/repository/owasp-amass-amass.md

## Topics

`attack-surfaces` `dns` `enumeration` `go` `golang` `information-gathering` `maltego` `network-security` `osint` `osint-reconnaissance` `owasp` `recon` `subdomain`

## Description

Amass is an attack surface management tool designed to identify, map, and inventory an organization's internet-facing digital assets. It functions as a security asset discovery engine that systematically expands an organization's known infrastructure footprint through recursive domain name resolution and the collection of intelligence from diverse public data sources.

The platform distinguishes itself by utilizing a graph-based modeling approach to organize discovered resources. By maintaining a persistent graph database, it tracks the relationships between infrastructure components and normalizes data from multiple intelligence feeds into a unified schema. This allows for the visualization of complex network topologies and the long-term monitoring of infrastructure changes.

The framework supports comprehensive security visibility by integrating modular data collection tasks and asynchronous processing to handle large-scale network scanning. It provides a centralized repository for asset records, enabling consistent tracking and analysis of an entity's technical landscape for threat intelligence and vulnerability identification.

## Tags

### Security & Cryptography

- [Attack Surface Management](https://awesome-repositories.com/f/security-cryptography/attack-surface-management.md) — Provides a platform for mapping organizational digital assets to identify security vulnerabilities across the network. ([source](https://owasp-amass.github.io/docs))
- [Asset Discovery Tools](https://awesome-repositories.com/f/security-cryptography/asset-discovery-tools.md) — Tracks and models relationships between infrastructure components to maintain a comprehensive view of the attack surface.
- [Threat Intelligence Platforms](https://awesome-repositories.com/f/security-cryptography/threat-intelligence-platforms.md) — Aggregates and analyzes external infrastructure data to proactively identify vulnerabilities and potential entry points.
- [Topology Visualizers](https://awesome-repositories.com/f/security-cryptography/network-access-control/topology-visualizers.md) — Visualizes relationships between digital resources to map complex network topologies and service interactions.

### Networking & Communication

- [DNS Reconnaissance](https://awesome-repositories.com/f/networking-communication/dns-query-routers/dns-reconnaissance.md) — Discovers subdomains and network resources by querying public data sources and performing recursive DNS lookups.
- [Recursive DNS Resolvers](https://awesome-repositories.com/f/networking-communication/network-infrastructure-routing/network-infrastructure-configuration/network-infrastructure/recursive-dns-resolvers.md) — Performs recursive DNS resolution to systematically discover subdomains and expand the known infrastructure footprint.

### Data & Databases

- [Asset Inventory Management](https://awesome-repositories.com/f/data-databases/asset-inventory-management.md) — Maintains a searchable database of discovered resources to track infrastructure changes across multiple environments.
- [Graph Databases](https://awesome-repositories.com/f/data-databases/graph-databases.md) — Maintains a persistent graph database to track historical states and relationships of discovered assets.
- [Asset Record Repositories](https://awesome-repositories.com/f/data-databases/asset-management-stores/asset-record-repositories.md) — Provides a centralized repository for asset records to ensure consistent tracking and long-term infrastructure monitoring. ([source](https://owasp-amass.github.io/docs))
- [Data Normalization and Schema Enforcement](https://awesome-repositories.com/f/data-databases/data-processing-pipelines/data-processing/data-normalization-schema-enforcement.md) — Standardizes disparate intelligence data into a unified schema for consistent analysis and reporting.
- [Relationship Modeling](https://awesome-repositories.com/f/data-databases/relationship-modeling.md) — Links resource types and properties within a structured model to visualize interactions across the technical landscape. ([source](https://owasp-amass.github.io/docs))

### Part of an Awesome List

- [Command Line Tools](https://awesome-repositories.com/f/awesome-lists/devtools/command-line-tools.md) — Listed in the “Command Line Tools” section of the The Book Of Secret Knowledge awesome list.
- [Subdomain Discovery](https://awesome-repositories.com/f/awesome-lists/devtools/subdomain-discovery.md) — Performs brute force enumeration and searches web archives.
- [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — Framework for attack surface mapping and asset discovery.
- [Security Tools](https://awesome-repositories.com/f/awesome-lists/security/security-tools.md) — Tool for in-depth domain reconnaissance
- [Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-scanning.md) — DNS subdomain enumeration and network mapping tool.

### Programming Languages & Runtimes

- [Graph-Based Modeling](https://awesome-repositories.com/f/programming-languages-runtimes/programming-utilities/data-structure-type-helpers/data-structures/directed-acyclic-graphs/graph-based-modeling.md) — Organizes discovered infrastructure into a connected graph of nodes and edges to map complex resource relationships.

### System Administration & Monitoring

- [Data Ingestion Plugins](https://awesome-repositories.com/f/system-administration-monitoring/data-ingestion-plugins.md) — Executes modular enumeration tasks through independent plugins to gather intelligence from diverse external sources.