OWASP Amass icon

OWASP Amass

OWASP Amass is an open source network mapping and asset discovery tool. It can passively collect information from public sources like certificate transparency logs and search engines to map out an organization's external attack surface.
OWASP Amass alternatives ➤

What is OWASP Amass?

OWASP Amass is an open source network mapping and asset discovery tool developed by Jeff Foley. It can be used to passively map out an organization's external attack surface by collecting information from public sources like certificate transparency logs, search engines, subdomain brute forcing, and more.

Some key features of OWASP Amass include:

  • Integration with data sources like crt.sh, CertSpotter, DNSDB, AlienVault OTX, etc. to discover subdomains and other assets
  • Active subdomain brute forcing as well as scraping of web archives
  • Network service scanning to accurately identify listening TCP ports associated with discovered assets
  • Comprehensive HTML reports that outline all discovered assets

OWASP Amass is useful for offensive security activities like penetration testing, red teaming, and attack surface mapping. It can help identify external assets that could be vulnerable entry points into an organization's network. The information gathered by Amass can feed into other security tools for further enumeration and exploitation.

As an open source tool, OWASP Amass benefits from contributions by the security community. It runs on Linux, Windows, and macOS and is free to use.

Official Links

Official Website
www.owasp.org/index.php/OWASP_Amass_Pro...

The Best OWASP Amass Alternatives

Top Apps like OWASP Amass

Sublist3r, sn0int, Lepus Subdomain finder, BitNinja Server Security, Anubis Subdomain enumeration, Dnscan are some alternatives to OWASP Amass.
Sugggest an alternative ❐

Sublist3r

Sublist3r is an open source subdomain enumeration and discovery tool for penetration testers. It is used to identify subdomains of a target domain that an attacker could use to find network vulnerabilities. Sublist3r has several useful features:It collects subdomains from many different sources including search engines, DNS...

Sn0int

sn0int is an open source intelligence (OSINT) automation tool used for gathering information about IP addresses, domains, and hash values. It has powerful capabilities for information gathering and analysis during threat hunting, cybercrime investigations, and reconnaissance activities.Some key features of sn0int include:Automated OSINT collection from public...

Lepus Subdomain finder

Lepus Subdomain finder is an open-source reconnaissance tool used to discover subdomains of a given domain. It is written in Rust programming language making it very fast and efficient.Lepus utilizes various techniques to find subdomains like:Brute-force - Trying common subdomain names against the domainCertificates transparency logs - Finding...

BitNinja Server Security

BitNinja Server Security is a powerful security solution designed specifically to protect web servers from cyber threats. It works by analyzing all traffic in real-time to detect and block malicious requests before they can compromise the server.Some key features of BitNinja include:Real-time traffic analysis - Uses machine learning...

Anubis Subdomain enumeration

Anubis is an open-source command-line tool for subdomain enumeration and information gathering during offensive security assessments. It employs active enumeration techniques to find subdomains of a given root domain name.Some of the key features of Anubis include:Multi-threaded subdomain brute forcing using wordlistsCollection of subdomains from sources like certificate...

Dnscan

Dnscan is an open source command line tool for subdomain scanning and enumeration. It is designed to find subdomains of a target domain by using various OSINT techniques like search engine scraping, certificate transparency logs, subdomain brute forcing etc.Some key features of Dnscan are:Fast and multi-threaded subdomain scanning...