Amass is an open-source tool developed by OWASP that performs comprehensive attack surface mapping and asset discovery for organizations and security professionals. The tool focuses on identifying and enumerating external assets associated with target domains through various reconnaissance techniques. It utilizes multiple data sources including DNS records, certificate transparency logs, web archives, and search engines to discover subdomains, IP addresses, and other network infrastructure components. Amass provides several operational modes including passive information gathering that relies on public data sources without directly interacting with target systems, and active reconnaissance that performs direct queries and scans. The tool can map relationships between discovered assets and visualize the attack surface through network graphs. The platform supports integration with various APIs and data sources to enhance discovery capabilities. It includes features for DNS enumeration, subdomain discovery, certificate analysis, and ASN mapping. Results can be exported in multiple formats for further analysis and integration with other security tools. Amass is designed to help security teams understand their external attack surface by identifying potentially unknown or forgotten assets that could present security risks.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A distributed AWS security auditing tool that continuously enumerates and scans internet-facing AWS services to identify potentially misconfigured resources.
DeTCT is a digital risk discovery and protection platform that monitors attack surfaces, vulnerabilities, data leaks, brand impersonation, and third-party risks to help organizations manage their cyber risk posture.
Pentera Surface is an external attack surface management platform that continuously maps, monitors, and validates web-facing assets through automated reconnaissance and safe exploitation testing.
FortiRecon is a SaaS-based Continuous Threat Exposure Management service that combines Attack Surface Management, Brand Protection, and Adversary Centric Intelligence to provide visibility into internal and external risks for early threat detection and response.
A Python-based tool for external attack surface discovery and reconnaissance across large-scale networks, focusing on IP address and subdomain enumeration.
Panorays is a third-party cyber risk management platform that combines external attack surface monitoring with automated security questionnaires to assess, remediate, and continuously monitor vendor security postures.
A multi-cloud DNS security tool that detects dangling DNS records and potential subdomain takeover vulnerabilities by scanning cloud infrastructure and DNS zones.
A threat exposure management platform that unifies security operations by discovering assets, prioritizing vulnerabilities based on risk, and providing guided remediation across an organization's attack surface.
A Go-based tool for discovering and inventorying internet-facing AWS assets across single or multiple accounts to help maintain comprehensive cloud attack surface visibility.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.