Hackers Choice

Amass : In-Depth DNS Enumeration and Network Mapping

Amass : In-Depth DNS Enumeration and Network Mapping

By Yashdeep Raj •  2019-06-07T07:01:56.480Z •  Hacking Tools


The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping.

Additionally, it uses the IP addresses obtained during resolution to discover associated netblocks and ASNs. All the information is then used to build maps of the target networks.

Information Gathering Techniques Used:

  • DNS: Basic enumeration, Brute forcing (upon request), Reverse DNS sweeping, Subdomain name alterations/permutations, Zone transfers (upon request)
  • Scraping: Ask, Baidu, Bing, CommonCrawl, DNSDumpster, DNSTable, Dogpile, Exalead, FindSubdomains, Google, IPv4Info, Netcraft, PTRArchive, Riddler, SiteDossier, Yahoo
  • Certificates: Active pulls (upon request), Censys, CertDB, CertSpotter, Crtsh, Entrust
  • APIs: AlienVault, BinaryEdge, BufferOver, CIRCL, DNSDB, HackerTarget, PassiveTotal, Robtex, SecurityTrails, Shodan, ThreatCrowd, Twitter, Umbrella, URLScan, VirusTotal
  • Web Archives: ArchiveIt, ArchiveToday, Arquivo, LoCArchive, OpenUKArchive, UKGovArchive, Wayback


Using Docker

sudo docker build -t amass https://github.com/OWASP/Amass.git
  • Run the Docker image:
sudo docker run amass –passive -d example.com

The wordlists maintained in the git repository are available in /wordlists/ within the docker container. For example, to use all.txt:

sudo docker run amass -w /wordlists/all.txt -d example.com

From Source

If you prefer to build your own binary from the latest release of the source code, make sure you have a correctly configured Go >= 1.10 environment. More information about how to achieve this can be found on the golang website.Then, take the following steps:

  • Download OWASP :
go get -u github.com/OWASP/Amass/…
  • If you wish to rebuild the binaries from the source code:
cd $GOPATH/src/github.com/OWASP/Amass 
go install ./…

At this point, the binaries should be in $GOPATH/bin.

  • Several wordlists can be found in the following directory:
ls $GOPATH/src/github.com/OWASP/Amass/wordlists/

Packages Maintained by the Amass Project

Homebrew (macOS)

For Homebrew on Mac, the following two commands will install it into your macOS environment:

brew tap caffix/amass 
brew install amass


If your operating environment supports Snap, you can click here to install, or perform the following from the command-line:

sudo snap install amass

On Kali, follow these steps to install Snap and it + use AppArmor (for autoload):

sudo apt install snapd 
sudo systemctl start snapd 
sudo systemctl enable snapd 
sudo systemctl start apparmor 
sudo systemctl enable apparmor

Add the Snap bin directory to your PATH:

export PATH=$PATH:/snap/bin

Periodically, execute the following command to update all your snap packages:

sudo snap refresh

Packages Maintained by a Third-party


cd /usr/ports/dns/amass/ && make install clean 
pkg install amass

Nix or NixOS

nix-env -f ‘<nixpkgs>’ -iA amass

Pentoo Linux

sudo emerge net-analyzer/amass

Periodically, execute the following command to update all packages:

sudo pentoo-updater


Powered by Froala Editor

Yashdeep Raj
 You may also like
Download our apps
Get it on Google Play