explaingit

owasp-amass/amass

Analysis updated 2026-06-24

14,545GoAudience · ops devopsComplexity · 3/5LicenseSetup · moderate

TLDR

OWASP Amass is a command line attack surface mapping tool, written in Go, that discovers an organization's exposed hosts, subdomains, and IP ranges using public sources and active recon.

Mindmap

mindmap
  root((amass))
    Inputs
      Domain name
      Company name
      API keys for data sources
    Outputs
      Subdomain list
      Network graph
      IP and ASN data
    Use Cases
      External recon
      Bug bounty scoping
      Asset inventory
      Pentest preparation
    Tech Stack
      Go
      Docker
      DNS
      Certificate logs
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Map every public subdomain and IP block tied to a given root domain for a pentest

USE CASE 2

Build an asset inventory of internet facing systems for a security team

USE CASE 3

Run bug bounty reconnaissance with combined passive and active DNS techniques

USE CASE 4

Generate a network graph image of an organization's external attack surface

What is it built with?

GoDockerDNS

How does it compare?

owasp-amass/amassgooglecloudplatform/terraformersqshq/sampler
Stars14,54514,53114,563
LanguageGoGoGo
Setup difficultymoderatemoderateeasy
Complexity3/53/52/5
Audienceops devopsops devopsops devops

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Useful recon needs API keys for several third party data sources, and active scans can hit rate limits or trigger detection.

Apache 2.0 means you can use, modify, and redistribute the code, including in commercial products, as long as you preserve license notices.

In plain English

OWASP Amass is a network mapping tool that helps security people figure out everything an organisation has exposed to the public internet. It is run from the command line and written in Go. The project is published by OWASP, a non-profit that focuses on web and application security, and it is listed as one of OWASP's flagship projects. The job Amass does is sometimes called attack surface mapping or external asset discovery. Given a domain name or a company, it tries to find all the related hosts, subdomains, IP ranges, and other internet-facing assets. It does this with two kinds of techniques. The first is open source information gathering, which means querying public sources like search engines, certificate logs, and DNS records. The second is active reconnaissance, which means sending queries directly to the discovered systems to confirm what is really there. The README points to a generated network graph image as an example of the kind of map the tool can build. The project can be installed as a Go binary, pulled as a Docker image from owaspamass on Docker Hub, or downloaded as a pre-built release from the GitHub releases page. The README itself keeps the install section short and sends readers to a separate Amass documentation repository for the full instructions. There is also a community Discord server, which the project asks users to use for installation and usage questions instead of opening GitHub issues. Amass is licensed under Apache 2.0 with some subcomponents under separate licenses, and it accepts outside contributors through its CONTRIBUTING guide. The README itself is short and is mostly a set of pointers to the documentation site, the Discord, the docs repo, and the releases page rather than a detailed user manual.

Copy-paste prompts

Prompt 1
Walk me through running amass enum against example.com and explain the output sections
Prompt 2
Compare amass with subfinder and assetfinder for subdomain discovery
Prompt 3
Show me how to plug API keys for VirusTotal and Censys into amass so it pulls richer data
Prompt 4
Help me schedule a weekly amass scan in Docker and diff the results over time

Frequently asked questions

What is amass?

OWASP Amass is a command line attack surface mapping tool, written in Go, that discovers an organization's exposed hosts, subdomains, and IP ranges using public sources and active recon.

What language is amass written in?

Mainly Go. The stack also includes Go, Docker, DNS.

What license does amass use?

Apache 2.0 means you can use, modify, and redistribute the code, including in commercial products, as long as you preserve license notices.

How hard is amass to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is amass for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.