provocativo_
back to the arsenal
// arsenal·Recon & OSINTIntermediateFOSS

Amass

OWASP project for in-depth attack-surface mapping and subdomain enumeration.

Recon & OSINT

$ amass --help

Amass

// what it is

Description

Go-based subdomain enumerator that combines 80+ passive sources with active brute-forcing, ASN-walking, and certificate-transparency pivots. The bug-bounty community standard for surface mapping.

// use cases

What people use it for

  • Discover subdomains and forgotten assets
  • ASN-walk to find an organization's full IP space
  • Continuous attack-surface monitoring

// commands

The commands you'll type

Passive enumeration

$ amass enum -passive -d target.tld

Active brute + recursive

$ amass enum -active -brute -d target.tld -o subs.txt

// facts

category
Recon & OSINT
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Intermediate

// links

// related in Recon & OSINT

Recon & OSINTBeginner

Nmap/en-map/

The Network Mapper — Fyodor's port-scanner and host-discovery framework.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTIntermediate

Masscan

Internet-scale TCP port scanner — claims 10M packets/second on the right hardware.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTBeginner

Shodan

Search engine for internet-connected devices — banners, certs, screenshots.

Freemium
WEB·LIN·WIN·MAC
open entry →