appsec.fyi — amass

Complete Guide to Amass Tool (2025 Edition)

Fri, 17 Apr 2026 14:13:20 +0000

Library for comprehensive Amass recon and subdomain enumeration, covering installation on Kali Linux, Termux, and Windows WSL. It details Amass modules like Enum, Intel, Viz, Track, and DB, and provides basic usage examples for discovering subdomains, mapping DNS, and performing passive and active recon. The guide also includes pro tips for bug bounty hunters and installation via GitHub binary.

Amass Cheat Sheet: 70+ Commands for Recon & Bug Bounty

Fri, 10 Apr 2026 01:56:40 +0000

Cheatsheet of 70+ Amass commands for reconnaissance and bug bounty hunting, detailing installation on Kali Linux, beginner and advanced techniques, and real penetration testing scenarios. This resource helps cybersecurity professionals discover subdomains, exposed infrastructure, and attack surfaces by leveraging open-source intelligence, DNS queries, and brute force methods. It also covers Amass's legal usage, its inclusion in Kali Linux, and alternatives like Subfinder and Sublist3r for comprehensive domain enumeration.

Using OWASP Amass with Netlas Module

Mon, 06 Apr 2026 02:03:34 +0000

Library for reconnaissance and attack surface mapping, OWASP Amass integrates with the Netlas module. This guide details Amass installation via pre-built packages, source compilation, or Homebrew, and its configuration to leverage Netlas API keys within `datasources.yaml` for enhanced subdomain enumeration. Users can then execute `amass enum -d -include Netlas` to specifically query Netlas data or `amass enum -d -o ` to combine Netlas with other configured sources.

How to Use Amass for Subdomain Enumeration and Recon Like a Pro

Fri, 03 Apr 2026 15:58:38 +0000

Library for comprehensive subdomain enumeration and attack surface discovery. Amass employs passive OSINT techniques, leveraging Certificate Transparency logs, Shodan, Censys, and public datasets, alongside active methods like DNS brute-forcing, permutations, and scraping. It supports DNS resolution and validation, brute-forcing with custom wordlists, reverse WHOIS and ASN lookups, and infrastructure mapping via graph databases, enabling visualization with `amass viz` and change detection with `amass track`.

amass — Automated Attack Surface Mapping | Daniel Miessler

Thu, 14 Aug 2025 04:28:30 +0000

Tool for mapping attack surfaces, amass automates information gathering across multiple dimensions, integrating data from DNS enumeration, scraping various search engines, certificate transparency logs, and numerous APIs. It offers subcommands like `intel` for initial reconnaissance, `enum` for subdomain discovery and attack surface mapping, `viz` for visualizing results (including D3 and Maltego formats), `track` for historical analysis, and `db` for database management. Amass prioritizes diverse input sources and consistent developer attention, making it a robust solution for both offensive and defensive security operations.

Haklukes Guide to AmassHow to Use Amass More Effectively for Bug Bounties

Thu, 28 Oct 2021 23:35:00 +0000

Haklukes Guide to AmassHow to Use Amass More Effectively for Bug Bounties

OWASP Amass - Users' Guide

Thu, 28 Oct 2021 23:22:00 +0000

Library for internet exposure investigation; this guide details OWASP Amass tool usage for subdomain enumeration via DNS and network mapping. It covers basic commands like `amass enum -d example.com` and advanced options including active enumeration (TLS certificates, zone transfers, web crawling) with `amass enum -active -d example.com`, passive data source utilization with `amass enum --passive -d example.com`, and Docker integration. The guide also explains configuration file management, API key storage, graph database persistence (file-based or PostgreSQL), and how findings from previous enumerations are leveraged.

Amass/config.ini at master OWASP/Amass

Thu, 28 Oct 2021 23:22:00 +0000

Amass/config.ini at master OWASP/Amass

OWASP Amass - An Extensive Tutorial

Thu, 28 Oct 2021 23:22:00 +0000

Library for passive and active reconnaissance, Amass facilitates subdomain discovery and external attack surface mapping using over 80 data sources. Its three subcommands, `intel`, `enum`, and `db`, support techniques like brute-forcing, DNS zone transfers, and certificate transparency log analysis, with findings stored in a graph database.

OWASP/Amass

Thu, 28 Oct 2021 23:21:00 +0000

Library for network asset discovery and attack surface mapping. This entry details installation instructions for Amass across various platforms including macOS (resolving "unidentified developer" warnings), Docker, Go compilation, Homebrew, FreeBSD, Kali Linux, NixOS, Gentoo, and Pentoo. It covers building Docker images, persisting graph databases, utilizing wordlists, and compiling from source with Go 1.18+.

How to Use OWASP Amass: An Extensive Tutorial

Thu, 28 Oct 2021 23:14:00 +0000

Library for continuous subdomain discovery and external attack surface mapping, OWASP Amass offers multiple subcommands: `intel` for open-source intelligence gathering, `enum` for DNS enumeration and network mapping, `viz` for visualizing results, `track` for monitoring changes, and `db` for manipulating the graph database. It supports numerous data sources and techniques, including WHOIS, certificate transparency logs, DNS zone transfers, and brute-forcing, making it a comprehensive tool for penetration testers and security researchers.

amass — Automated Attack Surface Mapping | Daniel Miessler

Tue, 12 Nov 2019 19:08:49 +0000

Tool for automated attack surface mapping, `amass` gathers information across multiple dimensions, leveraging various input sources like DNS enumeration, scraping from search engines (Baidu, Bing, Google), certificate transparency logs (Censys, Crtsh), APIs (Shodan, VirusTotal), and web archives. Its modules include `intel` for information gathering, `enum` for attack surface mapping, `viz` for visualization, `track` for historical data, and `db` for database manipulation. Examples showcase finding organizations via `-org` and discovering domains within CIDR ranges using `-cidr`.