Amass
In-depth attack surface mapping and asset discovery
Recon & OSINT9 commands
#recon#subdomains#osint#mapping
Installation
1Install via package manager or Go
2Configure API keys
3Verify installation
# Using Go
go install -v github.com/owasp-amass/amass/v4/...@master
# macOS
brew install amass
# Kali Linux
apt install amass
# Verify
amass -versionBasic Usage
Amass performs network mapping and external asset discovery
# Passive enumeration
amass enum -passive -d example.com
# Active enumeration
amass enum -active -d example.com -p 80,443,8080
# With brute force
amass enum -brute -d example.com -w wordlist.txt
# Intel gathering
amass intel -whois -d example.comCommand Reference
9 commands
1Perform subdomain enumeration
enum2Gather intelligence on targets
intel3Passive mode only
-passive4Enable active techniques
-active5Enable brute force
-brute6Wordlist for brute force
-w7Target domain
-d8Output file
-o9Config file path
-configWhen to Use
1
Comprehensive asset discovery2
When you need more than subdomains3
Finding related domains and ASNs4
Building complete attack surface mapNotes & Tips
1
More thorough but slower than subfinder2
Configure data sources in config.yaml3
Use -passive for stealth4
Database stored in ~/.config/amass/Common Errors & Solutions
Slow performance
Use -passive mode or limit data sources in config
Memory issues
Limit concurrent requests with -max-dns-queries