OWASP Amass OSINT Reconnaissance
OWASP Amass is a tool written in Go for OSINT Reconnaissance. The project is sponsored by OWASP (the name is a dead giveaway) and it’s hosted in Github.
Installing Amass is easy since there are several alternatives: Snapcraft, compile from source, run the binary or use docker. The Github page is locate here and it has extensive documentation available. The snapcraft page is here.
Configuring API keys
To use external API we’ll need to configure the respective keys and place them in the config.ini file located in ~/amass. The project’s GitHub page has a sample config.ini file.
OSINT: intel command
The intel command collects open source intelligence. This command can be used to find a specific word or IP range:
$ amass intel -org medium
$ amass intel -ip -src -cidr 104.16.0.0/12
Enumeration: enum command
Running the simple command bellow amass will try to collect information through DNS enumeration and network mapping:
$ mass enum -d medium.com
The enum command can receive aditional parameters:
$ amass enum -src -brute -min-for-recursive 2 -d medium.com
Output visualization: viz command
We can then visualize its relations graphically using the d3 library:
$ amass viz -d3
It’s also possible to export the results into Maltego using the parameter -maltego.
Conclusion
Amass is one more tool of our toolbelt design to help us achieve a good reconnaissance.