Amass

Jul 20, 2023

In-depth DNS enumeration

The OWASP Amass project is focused on DNS enumeration and network infrastructure mapping techniques. These techniques include obtaining subdomain names by scraping web pages, accessing web APIs, recursive brute forcing, crawling web archives, permuting/altering names, reverse DNS sweeping, and querying ASNs and netblocks associated with IP addresses. The information collected during an enumeration is used to build a network map of an organization’s presence on the Internet.

Amass reaches out to over 30 passive data sources to learn about the DNS namespace of a target domain. By default, Amass validates all the names by performing DNS queries across a pool of resolver servers, which spreads out the activity generated by the enumeration. For all IP addresses collected during this process, Amass queries for associated netblocks and ASNs. As additional data sources become available to provide visibility of the Internet, implementations can quickly be developed within Amass due to the simple interfaces worked into the design.



Checkout these related ports:
  • Zonenotify - DNS notify sender written in C
  • Zonecheck - Perform consistency checks on DNS zones
  • Zkt -
  • Yandex-ddns - Use Yandex DNS as a dynamic DNS provider
  • Yadifa - Authoritative nameserver with DNSSEC capabilities
  • Wrapsrv - DNS SRV record command line wrapper
  • Whoseip - Get information about IP addresses country code and network
  • Wdns - Low-level DNS library
  • Walker - Recover zone file information from servers that use DNSSEC
  • Void-zones-tools - Prepare a list of void zones that can be readily fed into Unbound
  • Vizone - Updates the serial number in one or more zonefiles
  • Vhostcname - Synchronize DNS with server names and aliases from Apache vhost
  • Utdns - Proxy UDP/DNS to TCP/DNS
  • Updatedd - Dynamic DNS Update Client supporting multiple services
  • Unbound - Validating, recursive, and caching DNS resolver