OWASP Amass

OWASP Amass

OWASP Amass is an open source network mapping and asset discovery tool. It can passively collect information from public sources like certificate transparency logs and search engines to map out an organization's external attack surface.
Security & Privacy Network Security
OWASP Amass image
network-mapping asset-discovery reconnaissance
OWASP Amass alternatives ➤

OWASP Amass: Open Source Network Mapping and Asset Discovery Tool

An open source network mapping and asset discovery tool that collects information from public sources like certificate transparency logs and search engines to map out an organization's external attack surface.

What is OWASP Amass?

OWASP Amass is an open source network mapping and asset discovery tool developed by Jeff Foley. It can be used to passively map out an organization's external attack surface by collecting information from public sources like certificate transparency logs, search engines, subdomain brute forcing, and more.

Some key features of OWASP Amass include:

  • Integration with data sources like crt.sh, CertSpotter, DNSDB, AlienVault OTX, etc. to discover subdomains and other assets
  • Active subdomain brute forcing as well as scraping of web archives
  • Network service scanning to accurately identify listening TCP ports associated with discovered assets
  • Comprehensive HTML reports that outline all discovered assets

OWASP Amass is useful for offensive security activities like penetration testing, red teaming, and attack surface mapping. It can help identify external assets that could be vulnerable entry points into an organization's network. The information gathered by Amass can feed into other security tools for further enumeration and exploitation.

As an open source tool, OWASP Amass benefits from contributions by the security community. It runs on Linux, Windows, and macOS and is free to use.

OWASP Amass Features

Features

  1. Passive subdomain enumeration
  2. Active subdomain enumeration
  3. IP and ASN lookup
  4. Brute forcing
  5. Web scraping
  6. Visualization

Pricing

  • Open Source

Pros

Open source

Extensive functionality

Active and passive enumeration

Integrates with other tools

Customizable

Cons

Steep learning curve

Resource intensive

No GUI

Requires API keys for some features

Official Links

Official Website
https://www.owasp.org/index.php/OWASP_Amass_Pro...

The Best OWASP Amass Alternatives

Top Security & Privacy and Network Security and other similar apps like OWASP Amass

Here are some alternatives to OWASP Amass:

Sublist3r icon
Sublist3r
Sn0int icon
sn0int
Lepus Subdomain finder icon
Lepus Subdomain finder
BitNinja Server Security icon
BitNinja Server Security
Anubis Subdomain enumeration icon
Anubis Subdomain enumeration
Dnscan icon
Dnscan
Suggest an alternative ❐

Sublist3r icon

Sublist3r

Sublist3r is an open source subdomain enumeration and discovery tool for penetration testers. It is used to identify subdomains of a target domain that an attacker could use to find network vulnerabilities. Sublist3r has several useful features:It collects subdomains from many different sources including search engines, DNS dumpsters, certificates, etc....
Sublist3r image
Sn0int icon

Sn0int

sn0int is an open source intelligence (OSINT) automation tool used for gathering information about IP addresses, domains, and hash values. It has powerful capabilities for information gathering and analysis during threat hunting, cybercrime investigations, and reconnaissance activities.Some key features of sn0int include:Automated OSINT collection from public data sources, search engines,...
Sn0int image
Lepus Subdomain finder icon

Lepus Subdomain finder

Lepus Subdomain finder is an open-source reconnaissance tool used to discover subdomains of a given domain. It is written in Rust programming language making it very fast and efficient.Lepus utilizes various techniques to find subdomains like:Brute-force - Trying common subdomain names against the domainCertificates transparency logs - Finding subdomains from...
Lepus Subdomain finder image
BitNinja Server Security icon

BitNinja Server Security

BitNinja Server Security is a powerful security solution designed specifically to protect web servers from cyber threats. It works by analyzing all traffic in real-time to detect and block malicious requests before they can compromise the server.Some key features of BitNinja include:Real-time traffic analysis - Uses machine learning to inspect...
BitNinja Server Security image
Anubis Subdomain enumeration icon

Anubis Subdomain enumeration

Anubis is an open-source command-line tool for subdomain enumeration and information gathering during offensive security assessments. It employs active enumeration techniques to find subdomains of a given root domain name.Some of the key features of Anubis include:Multi-threaded subdomain brute forcing using wordlistsCollection of subdomains from sources like certificate transparency logs,...
Anubis Subdomain enumeration image
Dnscan icon

Dnscan

Dnscan is an open source command line tool for subdomain scanning and enumeration. It is designed to find subdomains of a target domain by using various OSINT techniques like search engine scraping, certificate transparency logs, subdomain brute forcing etc.Some key features of Dnscan are:Fast and multi-threaded subdomain scanning engineSupports brute-force...
Dnscan image