Analysis updated 2026-06-24
Map every public subdomain and IP block tied to a given root domain for a pentest
Build an asset inventory of internet facing systems for a security team
Run bug bounty reconnaissance with combined passive and active DNS techniques
Generate a network graph image of an organization's external attack surface
| owasp-amass/amass | googlecloudplatform/terraformer | sqshq/sampler | |
|---|---|---|---|
| Stars | 14,545 | 14,531 | 14,563 |
| Language | Go | Go | Go |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 3/5 | 3/5 | 2/5 |
| Audience | ops devops | ops devops | ops devops |
Figures from each repo's GitHub metadata at analysis time.
Useful recon needs API keys for several third party data sources, and active scans can hit rate limits or trigger detection.
OWASP Amass is a network mapping tool that helps security people figure out everything an organisation has exposed to the public internet. It is run from the command line and written in Go. The project is published by OWASP, a non-profit that focuses on web and application security, and it is listed as one of OWASP's flagship projects. The job Amass does is sometimes called attack surface mapping or external asset discovery. Given a domain name or a company, it tries to find all the related hosts, subdomains, IP ranges, and other internet-facing assets. It does this with two kinds of techniques. The first is open source information gathering, which means querying public sources like search engines, certificate logs, and DNS records. The second is active reconnaissance, which means sending queries directly to the discovered systems to confirm what is really there. The README points to a generated network graph image as an example of the kind of map the tool can build. The project can be installed as a Go binary, pulled as a Docker image from owaspamass on Docker Hub, or downloaded as a pre-built release from the GitHub releases page. The README itself keeps the install section short and sends readers to a separate Amass documentation repository for the full instructions. There is also a community Discord server, which the project asks users to use for installation and usage questions instead of opening GitHub issues. Amass is licensed under Apache 2.0 with some subcomponents under separate licenses, and it accepts outside contributors through its CONTRIBUTING guide. The README itself is short and is mostly a set of pointers to the documentation site, the Discord, the docs repo, and the releases page rather than a detailed user manual.
OWASP Amass is a command line attack surface mapping tool, written in Go, that discovers an organization's exposed hosts, subdomains, and IP ranges using public sources and active recon.
Mainly Go. The stack also includes Go, Docker, DNS.
Apache 2.0 means you can use, modify, and redistribute the code, including in commercial products, as long as you preserve license notices.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.