The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.
Information Gathering Techniques Used:
How to Install
sudo snap install amass
On Kali , follow these steps to install Snap and Amass + use AppArmor (for autoload):
sudo apt install snapd sudo systemctl start snapd sudo systemctl enable snapd sudo systemctl start apparmor sudo systemctl enable apparmor
Add the Snap bin directory to your PATH:
Periodically, execute the following command to update all your snap packages:
sudo snap refresh
For Homebrew on Mac , the following two commands will install Amass into your macOS environment:
brew tap caffix/amass brew install amass
Build the Docker image:
sudo docker build -t amass https://github.com/OWASP/Amass.git
Run the Docker image:
sudo docker run amass --passive -d example.com
The wordlists maintained in the Amass git repository are available in
/wordlists/ within the docker container. For example, to use
sudo docker run amass -w /wordlists/all.txt -d example.com
If you prefer to build your own binary from the latest release of the source code, make sure you have a correctly configured Go >= 1.10 environment. More information about how to achieve this can be found on the golang website. Then, take the following steps:
Download OWASP Amass:
go get -u github.com/OWASP/Amass/...
If you wish to rebuild the binaries from the source code:
go install ./...
At this point, the binaries should be in _ $GOPATH/bin _ .
Several wordlists can be found in the following directory:
Go to the User's Guide for additional information.