Greeting Everyone! Today we are going to look on a important information gathering tool amass . According to OWASP The OWASP Amass Project has developed a tool to help information security professionals perform network mapping of attack surfaces and perform external asset discovery using open source information gathering and active reconnaissance techniques.
Why AMASS?
Amass is based on OWASP, which should provide status and confidence in the results. It is actively help penetration tester to mapping of the organisation’s attack surface.
AMASS Basically based On different sub command :
amass intel –
It help us to Discover targets for enumeration .
amass enum –
It help us to Perform enumerations and easy to network mapping of your target.
amass viz –
It based On Visualize enumeration results on our Specified Target.
amass track –
It help us to Track differences between enumerations on our target.
amass db –
It help tester to Manipulate the Amass graph database on specify target .
How To Install amass:
Visit For Guide: https://github.com/OWASP/Amass
Simply install By using command:
→ go get -u http://github.com/OWASP/Amass/…
→ amass enum –list
Usage Of AMASS :
amass intel –
amass intel is subcommand of amass project which help a tester to collect Open source ntelligence on our target Organisation it help us to find out further root domain of our target
Check Sub command Of amass intel By typing command:
→ amass intel
using this sub command it help to collect number of information gathering techniques and data sources based on WHOIS and IPv4 Info, in order to obtain intelligence and parent domains owned by the target .
Now we are going to reverse WHOIS Search on specific domain ! To find We will used Command:
→ amass intel -d target.com -whois
As above Picture we have found WHO Is Record based On Our target as we used intel (subdomain) -d (refer to host ) -whois (what we are finding for).
Now, Lets find target which name consist “Tesla ” it will find out all organisation name based on “Tesla ” Here Command We will use:
→ amass intel -org tesla
As above using sub command we find out all organization name which name “tesla” As we used -org for Find out organization based on our supply input.
amass enum –
Amass enum which help us to perform DNS enumeration & mapping our target in order to determine the attack surface exposed by organisations. This enumeration findings are stored in a graph database . Lets find subdomain Of our target Using amass enum subdomain now we are asking amass to find out all subdomains for “www.abc.com” to determine passively we will to use Command:
→ amass enum -passive -d target.com -src
As above we found all possible subdomain passively we used -passive ,
Now, We can use -ip to find out subdomain along with their IP address Here , we will use command: → amass enum -ip -d target.com
As above We have find out all subdomains including their IP by passing value -ip . -enum sub command powefull tool for discovering target subdomains .
amass viz –
amass viz sub command which help us to visualize all the gathered information we have already collected inside amass graph directory . To generation d3-force HTML graph based On Our collected Information we will use command:
→ amass viz -d3 -dir resultdirectory
this help us to graph mapping our collected Information we used -d3 for Format -dir which consist collected data based On Our target .
amass track –
amass track which help to analyze result based On enumeration result against Our target. That help to compare our finding supposed it adjust all finding and compare each on , Here we will use command:
→ amass track -config /root/amass/config.ini -dir targetdata -d target.com-last 2
As above command it alerting us if in previous step subdomain is not identified then it compare result here we used -last 2 based on compare enumeration against our target .
amass db –
using amass db which actually help to interact with graph database supposed we have run different enumeration on our target domain which is stored in amass graph database inside our directory based on our different enumeration phase,
Lets find graph db by using command:
→ amass db -dir target.com(directory) -list
as above command list out all graph database from our specify amass path.
For More References : https://owasp.org/www-project-amass/
So today we have discussed how to utilized amass tool in your penetration testing phase which help to gather more information about your target amass is easy to use which is available on open source.
Thanks!