OWASP Amass

OWASP Amass is an attack surface intelligence framework designed to give security professionals an adversary’s-eye view of an organisation’s external footprint. At its core, it performs DNS enumeration and network mapping by querying a wide array of passive data sources — certificate transparency logs, search engines, passive DNS databases, threat intelligence platforms, and code repositories — then validates and expands findings through active techniques such as DNS brute-forcing, zone transfer attempts, NSEC zone walking, TLS certificate scraping, and web crawling. The result is a detailed graph of assets: subdomains, IP addresses, ASNs, WHOIS records, and the relationships linking them.

What sets Amass apart from simpler subdomain enumeration tools is the Open Asset Model (OAM). OAM is a formal data schema that represents both digital (hostnames, URLs, certificates) and physical (IP blocks, ASNs, organisations) assets along with typed relationship edges. All findings are persisted in a PostgreSQL asset database, enabling historical diffs, long-term infrastructure tracking, and querying over time — capabilities that elevate Amass from a one-shot recon script to a continuous attack surface management platform. The framework also supports Docker Compose orchestration for multi-container enterprise deployments.

As an OWASP Flagship Project with 14,000+ GitHub stars, Amass is integrated into numerous professional workflows: Maltego graph visualisation, Kali Linux inclusion, and widespread use in bug bounty reconnaissance pipelines. With over 50 supported data sources and active development, it is one of the most capable open-source external reconnaissance tools available, suitable for everything from solo penetration testers to enterprise red teams needing continuous asset inventory.