OWASP Amass

Official Mastodon account for #OWASP #Amass! The project focused on #automation of attack surface mapping and external #assetdiscovery

2025-07-07

If you're planning to attend @defcon 33, and would like to quickly get up to speed on the upcoming Amass v5.0 release, then please consider registering for this workshop being hosted in the @owasp Community Room!

#security #infosec #owasp #recon #osint #DEFCON #attacksurface

lu.ma/hf83v61c

OWASP Amass boosted:
Paolo Fabio Zaino ☮️🌍💻🎸🎮☕️🍩🍕DarkL0rd@mastodon.online
2024-06-21

Given all the recent updates to the #CROWler #gpt I have decided to rename it to "The CROWler Support" as it can now provide support on everything, not just the rulesets creation/debugging. The link has changed, so here is the new link for everyone. Enjoy and happy content discovery development!

#CyberSecurity #ContentDiscovery #crawler #AI #ChatGPT

chatgpt.com/g/g-dEfqHkqrW-the-

2024-06-02

@onarklog @owasp @redteamvillage_ @defcon it’s available now when using the Amass Docker Compose, which also contains enhanced versions of the project components

github.com/owasp-amass/amass-d

2024-05-22

The @owasp amass project will have a workshop on ‘Learning the New Amass Collection Engine’ in @redteamvillage_ at @defcon 32! We hope to see you there! #security #infosec #redteam #osint #recon #easm

2024-04-11

The Amass Project received a glowing testimonial from an organization leveraging the @owasp #attacksurface mapping system:

"For FortifyData, Amass is an invaluable tool in our arsenal for quickly and accurately determining asset footprints for cyber risk assessment. It reliably provides superior results without false positives. Further, the OAM database model provides inherent benefits beyond asset footprinting, such as identifying third parties associated with the target and nth-party detection. Working closely with the Amass team, we've watched Amass steadily enhance its capabilities. Our clients are deeply impressed with the results our platform generates using Amass data. We look forward to continuing to work with Amass and supporting its development!"

J. Eric Smith, VP Technology Services Delivery

Please let us know if your organization has a testimonial to share as well!

OWASP Amass boosted:
2024-03-15

The @owasp @amass project has released the beta version of its Docker Compose! There are some obvious benefits to using this to run your attack surface mapping infrastructure:

- Having the framework automatically setup for you
- Being able to run Amass within a Windows environment
- Gaining the performance benefits of the PostgreSQL DBMS
- Using the @grafana dashboard to visualize the Open Asset Model data

The compose also allows you to leverage the IP2Location LITE geo information database to investigate and filter assets discovered.

github.com/owasp-amass/amass-d

2023-09-13

The @owasp #attacksurface #intelligence collection tool v4.2 has been released and recently reached 10k stars on @github! 🙌 🎉

Great job #Amass contributors, corporate supporters, and community! @zerofox @ipinfoio @six2dez @Jhaddix

#asm #easm #osint #osint4good #recon #attacksurfacemanagement

github.com/owasp-amass/amass/r

OWASP Amass boosted:
2023-08-22

It was a pleasure speaking at the @reconvillage #defcon this year about the Open Asset Model👇, which is an improvement to #recon data standards donated by @zerofox to the @amass project!

github.com/owasp-amass/open-as

#security #infosec #osint #osint4good #asm #attacksurface #opensource #datamanagement @owasp

2023-07-20

The @owasp Amass Project is happy to announce the next release, version 4.0! This major version brings some exciting new features 👇

The Open Asset Model, which is the data model being used to represent assets exposed on the Internet! The taxonomy currently includes asset types previously enumerated by Amass, but the model will soon be expanded to include new types and relationships.

The Asset DB is our new database interaction layer, written in Go, for storing open-asset-model data in sqlite3 and @postgresql. The assets are queried similar to how nodes are accessed in a #graphdatabase system and have relationships to each other.

A new config file that will be easier to setup and written in #yaml. Credentials for data sources will be acquired from separate locations and no longer be included in the file. In summary, you will have a cleaner and simpler experience configuring Amass.

Moving forward, the project will be expanding the Open Asset Model and developing a new collection engine that’s capable of discovering all asset types in the model!

#attacksurface #infosec #osint #recon #bugbounty #vulnerabilitymanagement #threatintel #redteam

2023-02-02

If you could have the data collected by Amass in any database management system, which one would you prefer?

OWASP Amass boosted:
2023-01-19

It appears that #chatgpt can now answer all your questions about @amass. I’ll just see you at the next @defcon conference 😉

OWASP Amass boosted:
garthoid (he/him)garthoid@infosec.exchange
2022-12-10
OWASP Amass boosted:
2022-12-01

It was a pleasure to speak at the NYC @owasp chapter meetup to introduce the @amass project, and future directions, on its mission to help organizations with #attacksurfacemanagement

Beware: I definitely needed to take more breaks to drink water during this talk 🤷‍♂️​

#osint #recon #security #infosec #attacksurface #opensource

youtube.com/watch?v=tGitZO8EkM

OWASP Amass boosted:
2022-11-29

It's awesome to be a Fox!

I recently joined ZeroFox and had a discussion with them about the #owasp @amass project!

zerofox.com/blog/an-interview-

OWASP Amass boosted:
2022-11-22

It was a pleasure being able to speak with Sanoop Thomas about the @amass project on the SecTools Podcast episode #44 this weekend!

infoseccampus.com/podcast/sect

OWASP Amass boosted:
2022-11-10

Previously, users of #owasp @amass found this helpful:

1) amass intel -whois -config amass.ini -d domain.tld -o domains.txt

2) amass enum -config amass.ini -df domains.txt

3) amass db -names -df domains.txt -o hosts.txt

4) nmap -Pn -sV -A -iL hosts.txt -oN results.txt

#osint #recon #attacksurface #redteam #bugbounty #securityassessments #AttackSurfaceMapping #attacksurfacemgmt #opensource #opensourceintelligence

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst