LinuxCommandLibrary
GitHub F-Droid Google Play Store

amass

Attack surface mapping and asset discovery

TLDR

Enumerate subdomains passively
$ amass enum -passive -d [example.com]
copy
Active enumeration with DNS resolution and brute forcing
$ amass enum -active -brute -d [example.com]
copy
Enumerate with output file
$ amass enum -d [example.com] -o [output.txt]
copy
Retrieve discovered subdomain names from the database
$ amass subs -names -d [example.com]
copy
Find associations between discovered assets
$ amass assoc -d [example.com]
copy

SYNOPSIS

amass command [options]

DESCRIPTION

amass is an OWASP project for in-depth attack surface mapping and asset discovery. It performs DNS enumeration, subdomain brute-forcing, and leverages numerous data sources including search engines, certificate transparency logs, and APIs.The tool builds a comprehensive map of an organization's external network footprint, identifying subdomains, related domains, and network blocks. Collected data is stored in a graph database; enum populates the database while subs, assoc, and viz present results from it.Since version 5.0 the engine and collection are separated: enum drives the collection engine, and analysis subcommands query the stored graph afterwards.

PARAMETERS

enum

Interface with the engine to perform asset discovery and network mapping.
subs
Analyze and present discovered subdomains from the graph database.
assoc
Find associations between discovered assets.
track
Identify newly discovered assets over time.
viz
Generate graph visualizations of collected data.
-d domain
Target domain names (comma-separated).
-passive
Only use passive data sources (no DNS resolution).
-active
Use active methods such as zone transfers and certificate grabbing.
-brute
Execute subdomain brute forcing after searches.
-ip
Show IP addresses of discovered names.
-names
With subs, print only the discovered names.
-o file
Output file path.
-dir path
Directory containing the output and graph database.
-config file
YAML configuration file.
-timeout minutes
Number of minutes to run before quitting.

CONFIGURATION

~/.config/amass/config.yaml

Main configuration file for data sources, API keys, and enumeration settings (YAML since v4).

CAVEATS

Active enumeration generates significant DNS traffic and may be detected. Many data sources require API keys for full access. Results vary based on configured sources. As of v5, results are written to the graph database; use subs to retrieve names rather than relying solely on enum -o.

HISTORY

amass was created by Jeff Foley and became an official OWASP project. It gained widespread adoption in the security community for reconnaissance and bug bounty hunting.

SEE ALSO

subfinder(1), dnsenum(1), nmap(1)

RESOURCES

Source code · Homepage · Documentation

Copied to clipboard
Kai

AltStyle によって変換されたページ (->オリジナル) /