OWASP Amass OSINT Reconnaissance

OWASP Amass is a tool written in Go for OSINT Reconnaissance. The project is sponsored by OWASP (the name is a dead giveaway) and it’s hosted in Github.

Installing Amass is easy since there are several alternatives: Snapcraft, compile from source, run the binary or use docker. The Github page is locate here and it has extensive documentation available. The snapcraft page is here.

Configuring API keys

To use external API we’ll need to configure the respective keys and place them in the config.ini file located in ~/amass. The project’s GitHub page has a sample config.ini file.

OSINT: intel command

The intel command collects open source intelligence. This command can be used to find a specific word or IP range:

$ amass intel -org medium

$ amass intel -ip -src -cidr 104.16.0.0/12

Enumeration: enum command

Running the simple command bellow amass will try to collect information through DNS enumeration and network mapping:

$ mass enum -d medium.com

The enum command can receive aditional parameters:

$ amass enum -src -brute -min-for-recursive 2 -d medium.com

Output visualization: viz command

We can then visualize its relations graphically using the d3 library:

$ amass viz -d3

It’s also possible to export the results into Maltego using the parameter -maltego.

Conclusion

Amass is one more tool of our toolbelt design to help us achieve a good reconnaissance.