In-depth attack surface management for everyone!

The OWASP Amass Project has developed a framework to help information security professionals perform network mapping of attack surfaces and external asset discovery using open source intelligence gathering and reconnaissance techniques.

The framework includes key efforts and tools to help understand attack surfaces:

• Collection Engine - for in-depth attack surface mapping and asset discovery
• The Amass Tool - for executing a collection engine from the command-line
• Asset Database - for easy storage, navigation, and management of data in an OAM database
• Open Asset Model - for a uniform way to communicate assets exposed on the Internet
• OAM Tools - for extracting, manipulating, and analyzing data in an OAM database

If you have any questions about the OWASP Amass Project, please email the project leader Jeff Foley, or contact us on the project's Discord server (Discord is highly preferred).

"Accenture’s adversary simulation team has used Amass as our primary tool suite on a variety of external enumeration projects and attack surface assessments for clients. It’s been an absolutely invaluable basis for infrastructure enumeration, and we’re really grateful for all the hard work that’s gone into making and maintaining it – it’s made our job much easier!"

- Max Deighton, Accenture Cyber Defense Manager

"For an internal red team, the organisational structure of Visma puts us against a unique challenge. Having sufficient, continuous visibility over our external attack surface is an integral part of being able to efficiently carry out our task. When dealing with hundreds of companies with different products and supporting infrastructure we need to always be on top of our game.

For years, OWASP Amass has been a staple in the asset reconnaissance field, and keeps proving its worth time after time. The tool keeps constantly evolving and improving to adapt to the new trends in this area."

- Joona Hoikkala (@joohoi) & Alexis Fernández (@six2dez), Visma Red Team

The Open Web Application Security Project (OWASP) is a nonprofit foundation that works to improve the security of software. All of our projects, tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

All you have to do is make the Project Leader aware of your available time to contribute to the project. It is also important to let the leader know how you would like to contribute and pitch in to help the project meet its goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leader is key.

Yes, you can certainly participate in the project if you are not a programmer. The project needs different skills and expertise at different times during its development. Currently, we are looking for researchers, programmers, testers, writers, and graphic designers.