In-depth Attack Surface Mapping and Asset Discovery By OWASP
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Go to file
caffix 89a83c60ca
v3.22.2 release
7 days ago
.github Fixed the Docker workflow 4 months ago
cmd/amass additional updates related to HTTP requests 1 month ago
config moved all active techniques to the scripting engine 3 weeks ago
datasrcs moved the reverse DNS sweeping into the scripting engine 2 weeks ago
doc removed more Snapcraft stuff 2 weeks ago
enum moved the reverse DNS sweeping into the scripting engine 2 weeks ago
examples removed support for Snapcraft and Cloudflare 3 weeks ago
format v3.22.2 release 7 days ago
images removed more Snapcraft stuff 2 weeks ago
intel updated copyright and license information 1 month ago
limits updated copyright and license information 1 month ago
net moved all active techniques to the scripting engine 3 weeks ago
requests updated copyright and license information 1 month ago
resources moved the reverse DNS sweeping into the scripting engine 2 weeks ago
systems performance improvements for passive mode 7 days ago
viz updated copyright and license information 1 month ago
.codeclimate.yml Update to project management file 2 years ago
.dockerignore removed more Snapcraft stuff 2 weeks ago
.gitattributes Updates related to CI/CD 2 years ago
.gitignore Exclude Jetbrains IDE confguration files 12 months ago
.goreleaser.yaml Fixed indentation errors 1 year ago
.mailmap updated project configurations and documentation 3 years ago fixed a typo in the instructions for contributing 3 years ago
Dockerfile Updated the Docker workflow 6 months ago updates to project information 3 years ago
LICENSE added and updated informational files 6 years ago removed support for Snapcraft and Cloudflare 3 weeks ago Added mentions 2 years ago
codecov.yml Update to project management file 2 years ago
go.mod updated dependencies 3 weeks ago
go.sum updated dependencies 3 weeks ago


OWASP Flagship GitHub Release Docker Images Follow on Twitter Chat on Discord

GitHub Test Status GoDoc License Go Report CodeFactor Maintainability Codecov

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.

Information Gathering Techniques Used:

Technique Data Sources
APIs 360PassiveDNS, Ahrefs, AnubisDB, BeVigil, BinaryEdge, BufferOver, BuiltWith, C99, Chaos, CIRCL, DNSDB, DNSRepo, Deepinfo, Detectify, FOFA, FullHunt, GitHub, GitLab, GrepApp, Greynoise, HackerTarget, Hunter, IntelX, LeakIX, Maltiverse, Mnemonic, Netlas, Pastebin, PassiveTotal, PentestTools, Pulsedive, Quake, SOCRadar, Searchcode, Shodan, Spamhaus, Sublist3rAPI, ThreatBook, ThreatMiner, URLScan, VirusTotal, Yandex, ZETAlytics, ZoomEye
Certificates Active pulls (optional), Censys, CertCentral, CertSpotter, Crtsh, Digitorus, FacebookCT
DNS Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing
Routing ASNLookup, BGPTools, BGPView, BigDataCloud, IPdata, IPinfo, RADb, Robtex, ShadowServer, TeamCymru
Scraping AbuseIPDB, Ask, Baidu, Bing, CSP Header, DNSDumpster, DNSHistory, DNSSpy, DuckDuckGo, Gists, Google, HackerOne, HyperStat, PKey, RapidDNS, Riddler, Searx, SiteDossier, Yahoo
Web Archives Arquivo, CommonCrawl, HAW, PublicWWW, UKWebArchive, Wayback
WHOIS AlienVault, AskDNS, DNSlytics, ONYPHE, SecurityTrails, SpyOnWeb, WhoisXMLAPI

Installation Go Version Docker Images GitHub Downloads

You can find some additional installation variations in the Installation Guide.

Prebuilt Packages

  1. Simply unzip the package
  2. Put the precompiled binary into your path
  3. Start using OWASP Amass!


brew tap caffix/amass
brew install amass

Docker Container

  1. Install Docker
  2. Pull the Docker image by running docker pull caffix/amass
  3. Run docker run -v OUTPUT_DIR_PATH:/.config/amass/ caffix/amass enum -d

The volume argument allows the Amass graph database to persist between executions and output files to be accessed on the host system. The first field (left of the colon) of the volume option is the amass output directory that is external to Docker, while the second field is the path, internal to Docker, where amass will write the output files.

From Sources

  1. Install Go and setup your Go workspace
  2. Download OWASP Amass by running go install -v
  3. At this point, the binary should be in $GOPATH/bin

Documentation GoDoc

Use the Installation Guide to get started.

Go to the User's Guide for additional information.

See the Tutorial for example usage.

See the Amass Scripting Engine Manual for greater control over your enumeration process.

Troubleshooting Chat on Discord

If you need help with installation and/or usage of the tool, please join our Discord server where community members can best help you.

🛑 Please avoid opening GitHub issues for support requests or questions!

Contributing Contribute Yes Chat on Discord

We are always happy to get new contributors on board! Please check to learn how to contribute to our codebase, and join our Discord Server to discuss current project goals.

For a list of all contributors to the OWASP Amass Project please visit our


Accenture Logo Accenture

"Accentures adversary simulation team has used Amass as our primary tool suite on a variety of external enumeration projects and attack surface assessments for clients. Its been an absolutely invaluable basis for infrastructure enumeration, and were really grateful for all the hard work thats gone into making and maintaining it its made our job much easier!"

- Max Deighton, Accenture Cyber Defense Manager

Visma Logo Visma

"For an internal red team, the organisational structure of Visma puts us against a unique challenge. Having sufficient, continuous visibility over our external attack surface is an integral part of being able to efficiently carry out our task. When dealing with hundreds of companies with different products and supporting infrastructure we need to always be on top of our game.

For years, OWASP Amass has been a staple in the asset reconnaissance field, and keeps proving its worth time after time. The tool keeps constantly evolving and improving to adapt to the new trends in this area."

- Joona Hoikkala (@joohoi) & Alexis Fernández (@six2dez), Visma Red Team

Did you write a blog post, magazine article or do a podcast about OWASP Amass? Or maybe you held or joined a conference talk or meetup session, a hacking workshop or public training where this project was mentioned?

Add it to our ever-growing list of by forking and opening a Pull Request!

Top Mentions

Licensing License

This program is free software: you can redistribute it and/or modify it under the terms of the Apache license. OWASP Amass and any contributions are Copyright © by Jeff Foley 2017-2023. Some subcomponents have separate licenses.

Network graph