Skip to content
@owasp-amass

OWASP Amass Project

In-depth Attack Surface Mapping and Asset Discovery

OWASP Flagship GitHub Release License Docker Images Follow on Twitter Chat on Discord

Our Goal

In-depth OSINT collection and external attack surface mapping for everyone!

The OWASP Amass Project has developed a system to help information security professionals perform mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques.

The system includes key efforts and tools to help understand attack surfaces:

You can find detailed installation instructions and documentation in the Amass Docs repo.

If you have any questions about the OWASP Amass Project, please email the project leader Jeff Foley, or contact us on the project's Discord server (Discord is highly preferred).

Corporate Supporters

WhoisXML API Logo

Testimonials

"For FortifyData, Amass is an invaluable tool in our arsenal for quickly and accurately determining asset footprints for cyber risk assessment. It reliably provides superior results without false positives. Further, the OAM database model provides inherent benefits beyond asset footprinting, such as identifying third parties associated with the target and nth-party detection. Working closely with the Amass team, we've watched Amass steadily enhance its capabilities. Our clients are deeply impressed with the results our platform generates using Amass data. We look forward to continuing to work with Amass and supporting its development!"

- J. Eric Smith, VP of Technology Services Delivery

"Accenture’s adversary simulation team has used Amass as our primary tool suite on a variety of external enumeration projects and attack surface assessments for clients. It’s been an absolutely invaluable basis for infrastructure enumeration, and we’re really grateful for all the hard work that’s gone into making and maintaining it – it’s made our job much easier!"

- Max Deighton, Accenture Cyber Defense Manager

"For an internal red team, the organisational structure of Visma puts us against a unique challenge. Having sufficient, continuous visibility over our external attack surface is an integral part of being able to efficiently carry out our task. When dealing with hundreds of companies with different products and supporting infrastructure we need to always be on top of our game.

For years, OWASP Amass has been a staple in the asset reconnaissance field, and keeps proving its worth time after time. The tool keeps constantly evolving and improving to adapt to the new trends in this area."

- Joona Hoikkala (@joohoi) & Alexis Fernández (@six2dez), Visma Red Team

Participation

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

How can I participate in the project?

All you have to do is make the Project Leader aware of your available time to contribute to the project. It is also important to let the leader know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leader is key.

If I am not a programmer can I participate in the project?

Yes, you can certainly participate in the project if you are not a programmer. The project needs different skills and expertise at different times during its development. Currently, we are looking for researchers, programmers, testers, writers, and graphic designers.

Pinned Loading

  1. amass amass Public

    In-depth attack surface mapping and asset discovery

    Go 12.2k 1.9k

  2. open-asset-model open-asset-model Public

    Asset definitions for an organization's external attack surface

    Go 45 11

  3. asset-db asset-db Public

    Database interaction layer to store open-asset-models in sqlite3 and postgres

    Go 16 12

Repositories

Showing 9 of 9 repositories
  • asset-db Public

    Database interaction layer to store open-asset-models in sqlite3 and postgres

    owasp-amass/asset-db’s past year of commit activity
    Go 16 Apache-2.0 12 3 4 Updated Dec 20, 2024
  • amass Public

    In-depth attack surface mapping and asset discovery

    owasp-amass/amass’s past year of commit activity
    Go 12,198 1,910 172 25 Updated Dec 9, 2024
  • amass-docker-compose Public

    OWASP Amass Docker Compose for setting up a full instance of the infrastructure

    owasp-amass/amass-docker-compose’s past year of commit activity
    Shell 29 Apache-2.0 5 2 0 Updated Nov 30, 2024
  • open-asset-model Public

    Asset definitions for an organization's external attack surface

    owasp-amass/open-asset-model’s past year of commit activity
    Go 45 Apache-2.0 11 0 0 Updated Nov 13, 2024
  • docs Public
    owasp-amass/docs’s past year of commit activity
    1 Apache-2.0 1 0 0 Updated Oct 21, 2024
  • .github Public
    owasp-amass/.github’s past year of commit activity
    1 0 0 0 Updated Oct 21, 2024
  • resolve Public

    DNS resolver pools written in Go

    owasp-amass/resolve’s past year of commit activity
    Go 42 Apache-2.0 11 1 1 Updated Aug 17, 2024
  • certspotter Public Forked from SSLMate/certspotter

    CT Log Monitor for the Amass Containerized Environments

    owasp-amass/certspotter’s past year of commit activity
    Go 1 MPL-2.0 89 0 0 Updated Jun 9, 2024
  • homebrew-amass Public

    The OWASP Amass Homebrew Formula

    owasp-amass/homebrew-amass’s past year of commit activity
    Ruby 15 Apache-2.0 5 2 0 Updated Sep 10, 2023