Amass

Amass is a network attack surface mapper and reconnaissance framework designed to discover and map the external, internet-facing infrastructure of a target organization. It functions as an open source intelligence tool that identifies public network boundaries and locates hidden or forgotten subdomains to define an organization's total reachable footprint.

The project utilizes passive-source data aggregation from external APIs and public databases alongside active DNS brute-forcing and recursive subdomain expansion. It employs a graph-based asset mapping system to visualize the relationships between discovered domains and IP addresses, supported by a modular plugin system for integrating third-party discovery services.

The framework covers broader capabilities including network reconnaissance, public asset discovery, and the preparation of security audits by mapping all reachable entry points. These processes are managed through a concurrent worker pipeline to accelerate the scanning and resolution of large target sets.

Features

Attack Surface Mappers - Identifies and catalogs internet-facing infrastructure to assess and map an organization's total attack surface.

Reconnaissance Frameworks - Provides an automated suite for gathering intelligence and visualizing the reachable footprint of a target.

Multi-Source Data Aggregation - Aggregates asset information from multiple external APIs and public databases to identify subdomains.

Graph Databases - Utilizes a graph database to map and visualize the relationships between discovered domains and IP addresses.

Asset Discovery Tools - Automatically enumerates and inventories internet-facing infrastructure and network boundaries.

Attack Surface Mapping - Discovers and documents internet-facing assets to visualize the total reachable footprint of an organization.

Open Source Intelligence Tools - Collects and analyzes publicly available data from DNS and public records to define an attack surface.

Subdomain Enumeration Tools - Employs a discovery engine to find hidden subdomains using OSINT and permutation techniques.

Subdomain Enrichment Utilities - Automatically feeds discovered subdomains back into discovery engines to expand and refine the infrastructure map.

Network Reconnaissance Tools - Gathers detailed information about target networks to identify active services and potential entry points.

Resource Discovery Brute-Forcing - Implements automated DNS guessing using wordlists and permutation logic to find non-indexed network resources.

Network Security Auditing - Maps all reachable public assets to ensure total coverage of entry points for network security reviews.

Modular Plugin Systems - Provides a modular plugin system for integrating third-party discovery services without altering the core engine.

Worker Pool Models - Uses a multi-threaded worker pool model to accelerate the scanning and resolution of large target sets.

Network Security Tools - Tool for in-depth subdomain enumeration and network mapping.

Reconnaissance - In-depth attack surface mapping and asset discovery.

Reconnaissance Tools - In-depth attack surface mapping and asset discovery.

Subdomain Enumeration - In-depth attack surface mapping and subdomain enumeration.

DNS Security - Subdomain discovery via scraping, crawling, and archive analysis.

Domain Enumeration - Comprehensive utility for subdomain enumeration and network mapping.

Network Discovery and Enumeration - Tool for network mapping and external asset discovery.

Network Reconnaissance - Comprehensive subdomain enumeration and mapping.

Network Security Analysis - Performs subdomain enumeration via scraping and brute forcing.

Reconnaissance and Dorking - Perform network mapping and external asset discovery.

Subdomain Enumeration - In-depth attack surface mapping and asset discovery tool.

OWASPAmass

Features

Star history