OWASP Amass: Journey through the Cyber Threat Map
OWASP Amass is an open source tool developed by the computer security community and maintained by the OWASP Foundation (Open Web Application Security Project). Its main purpose is to help security professionals gather information about an organization’s online assets in order to perform security assessments, penetration testing and attack surface analysis.
The main features of OWASP Amass include:
Information collection: Amass automates the collection of information about online assets, such as domain names, subdomains, IP addresses, SSL/TLS certificates, email servers and more.
Data source integration: The tool can integrate data from a variety of public and private sources, such as search engines, DNS record databases, SSL/TLS certificates, cloud hosting services and social networks, to provide a more complete picture of an organization’s online assets.
Attack Surface Analysis: Amass helps identify potential entry points and vulnerabilities by identifying unauthorized subdomains or exposed services that could be targeted for attack.
Data export: Allows exporting the results of information gathering in different formats, which facilitates its analysis and use in other security tools and processes.
Installation
OWASP Amass can be installed on Linux-based OS by using the below command
go install -v github.com/owasp-amass/amass/v4/...@master
Kali Linux
OWASP Amass is installed by default and can be managed like any other Kali package:
apt-get update
apt-get install amass
to start with amass use the command — help
┌──(diego㉿kali)-[~]
└─$ amass --help
.+++:. : .+++.
+W@@@@@@8 &+W@# o8W8: +W@@@@@@#. oW@@@W#+
&@#+ .o@##. .@@@o@W.o@@o :@@#&W8o .@#: .:oW+ .@#+++&#&
+@& &@& #@8 +@W@&8@+ :@W. +@8 +@: .@8
8@ @@ 8@o 8@8 WW .@W W@+ .@W. o@#:
WW &@o &@: o@+ o@+ #@. 8@o +W@#+. +W@8:
#@ :@W &@+ &@+ @8 :@o o@o oW@@W+ oW@8
o@+ @@& &@+ &@+ #@ &@. .W@W .+#@& o@W.
WW +@W@8. &@+ :& o@+ #@ :@W&@& &@: .. :@o
:@W: o@# +Wo &@+ :W: +@W&o++o@W. &@& 8@#o+&@W. #@: o@+
:W@@WWWW@@8 + :&W@@@@& &W .o#@@W&. :W@WWW@@&
+o&&&&+. +oooo.
v4.1.0
OWASP Amass Project - @owaspamass
In-depth Attack Surface Mapping and Asset Discovery
Usage: amass intel|enum|db [options]
-h Show the program usage message
-help
Show the program usage message
-version
Print the version number of this Amass binary
Subcommands:
amass intel - Discover targets for enumerations
amass enum - Perform enumerations and network mapping
amass db - Manipulate the Amass graph database
Basic Command to enum target
┌──(diego㉿kali)-[~]
└─$ amass enum -d pcolorada.com
It will perform all of the Normal mode and reach out to the discovered assets and attempt to obtain TLS certificates, perform DNS zone transfers, use NSEC walking, and perform web crawling.
amass enum -d pcolorada.com -p 443,80,8000 -active
It will only obtain information from data sources and blindly accept it.
┌──(diego㉿kali)-[~]
└─$ amass enum --passive -d pcolorada.com
Use the -o option to save the output to a file.
┌──(diego㉿kali)-[~]
└─$ amass enum -d pcolorada.com -o output.txt
use more options with enum
┌──(diego㉿kali)-[~]
└─$ amass enum --help
.+++:. : .+++.
+W@@@@@@8 &+W@# o8W8: +W@@@@@@#. oW@@@W#+
&@#+ .o@##. .@@@o@W.o@@o :@@#&W8o .@#: .:oW+ .@#+++&#&
+@& &@& #@8 +@W@&8@+ :@W. +@8 +@: .@8
8@ @@ 8@o 8@8 WW .@W W@+ .@W. o@#:
WW &@o &@: o@+ o@+ #@. 8@o +W@#+. +W@8:
#@ :@W &@+ &@+ @8 :@o o@o oW@@W+ oW@8
o@+ @@& &@+ &@+ #@ &@. .W@W .+#@& o@W.
WW +@W@8. &@+ :& o@+ #@ :@W&@& &@: .. :@o
:@W: o@# +Wo &@+ :W: +@W&o++o@W. &@& 8@#o+&@W. #@: o@+
:W@@WWWW@@8 + :&W@@@@& &W .o#@@W&. :W@WWW@@&
+o&&&&+. +oooo.
v4.1.0
OWASP Amass Project - @owaspamass
In-depth Attack Surface Mapping and Asset Discovery
Usage: amass enum [options] -d DOMAIN
Amasar Intel
The Amass intel subcommand, or module if you wish, can help you gather open source intelligence about the organization and allow you to find more root domain names associated with the organization. To see the available options for this subcommand, just type it in the terminal:
┌──(diego㉿kali)-[~]
└─$ amass intel --help
.+++:. : .+++.
+W@@@@@@8 &+W@# o8W8: +W@@@@@@#. oW@@@W#+
&@#+ .o@##. .@@@o@W.o@@o :@@#&W8o .@#: .:oW+ .@#+++&#&
+@& &@& #@8 +@W@&8@+ :@W. +@8 +@: .@8
8@ @@ 8@o 8@8 WW .@W W@+ .@W. o@#:
WW &@o &@: o@+ o@+ #@. 8@o +W@#+. +W@8:
#@ :@W &@+ &@+ @8 :@o o@o oW@@W+ oW@8
o@+ @@& &@+ &@+ #@ &@. .W@W .+#@& o@W.
WW +@W@8. &@+ :& o@+ #@ :@W&@& &@: .. :@o
:@W: o@# +Wo &@+ :W: +@W&o++o@W. &@& 8@#o+&@W. #@: o@+
:W@@WWWW@@8 + :&W@@@@& &W .o#@@W&. :W@WWW@@&
+o&&&&+. +oooo.
v4.2.0
OWASP Amass Project - @owaspamass
In-depth Attack Surface Mapping and Asset Discovery
Usage: amass intel [options] [-whois -d DOMAIN] [-addr ADDR -asn ASN -cidr CIDR]
-active
is used to collect information about the domain “owasp.org” by performing WHOIS queries to obtain details related to the ownership and registration of the domain.
┌──(diego㉿kali)-[~]
└─$ amass intel -d owasp.org -whois
is used to perform a search for information about a specific organization called a “bank”.
┌──(diego㉿kali)-[~]
└─$ amass intel -org 'banco'
ASN: 37147 - bancobic-as
196.46.21.0/24
ASN: 15356 - THEBANCORP - Thebancorp.com
192.51.48.0/24
OWASP Amass is a powerful and versatile tool that can help organizations strengthen their security posture by providing a complete view of their attack surface and assisting in the early identification of potential vulnerabilities and threats. Its ability to integrate with other tools and its open source nature make it a solid choice for any cybersecurity professional.