owasp-amass/amass

OWASP Amass is a network mapping tool that helps security people figure out everything an organisation has exposed to the public internet. It is run from the command line and written in Go. The project is published by OWASP, a non-profit that focuses on web and application security, and it is listed as one of OWASP's flagship projects. The job Amass does is sometimes called attack surface mapping or external asset discovery. Given a domain name or a company, it tries to find all the related hosts, subdomains, IP ranges, and other internet-facing assets. It does this with two kinds of techniques. The first is open source information gathering, which means querying public sources like search engines, certificate logs, and DNS records. The second is active reconnaissance, which means sending queries directly to the discovered systems to confirm what is really there. The README points to a generated network graph image as an example of the kind of map the tool can build. The project can be installed as a Go binary, pulled as a Docker image from owaspamass on Docker Hub, or downloaded as a pre-built release from the GitHub releases page. The README itself keeps the install section short and sends readers to a separate Amass documentation repository for the full instructions. There is also a community Discord server, which the project asks users to use for installation and usage questions instead of opening GitHub issues. Amass is licensed under Apache 2.0 with some subcomponents under separate licenses, and it accepts outside contributors through its CONTRIBUTING guide. The README itself is short and is mostly a set of pointers to the documentation site, the Discord, the docs repo, and the releases page rather than a detailed user manual.