OWASP Amass Logo

OWASP Amass

0
Free
Visit Website

The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. Information Gathering Techniques Used: Technique Data Sources APIs 360PassiveDNS, Ahrefs, AnubisDB, BeVigil, BinaryEdge, BufferOver, BuiltWith, C99, Chaos, CIRCL, DNSDB, DNSRepo, Deepinfo, Detectify, FOFA, FullHunt, GitHub, GitLab, GrepApp, Greynoise, HackerTarget, Hunter, IntelX, LeakIX, Maltiverse, Mnemonic, Netlas, Pastebin, PassiveTotal, PentestTools, Pulsedive, Quake, SOCRadar, Searchcode, Shodan, Spamhaus, Sublist3rAPI, SubdomainCenter, ThreatBook, ThreatMiner, URLScan, VirusTotal, Yandex, ZETAlytics, ZoomEye Certificates Active pulls (optional), Censys, CertCentral, CertSpotter, Crtsh, Digitorus, FacebookCT DNS Brute forcing, Reverse DNS sweeping, NSEC zone walking, Zone transfers, FQDN alterations/permutations, FQDN Similarity-based Guessing Routing ASNLookup, BGPTools, BGPView, BigDataCloud, IPdata, IPinfo, RADb, Robtex, ShadowServer, TeamCymru Scraping AbuseIPDB, Ask, Baidu, Bing, CSP Header, DNSDumpster, DNSHistory, DNSSpy, DuckDuckGo, Gists, Google, HackerOne, HyperStat, PKey, RapidDNS

FEATURES

ALTERNATIVES

A powerful tool for extracting passwords and performing various Windows security operations.

A standalone man-in-the-middle attack framework used for phishing login credentials and bypassing 2-factor authentication.

Ivy is a payload creation framework for executing arbitrary VBA source code directly in memory, utilizing programmatical access to load, decrypt, and execute shellcode.

Chameleon aids in evading proxy categorization to bypass internet filters.

A managed code hooking template for .NET assemblies, enabling API hooking, code injection, and runtime manipulation.

Open-source project for building instrumented environments to simulate attacks and test detections.

A DNS rebinding attack framework for security researchers and penetration testers.

OWASP OWTF is a penetration testing framework focused on efficiency and alignment with security standards.