This repo is currently in a beta state. Use at your own risk
The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques.
git clone https://github.com/owasp-amass/amass-docker-compose.git
amass
)cd amass-docker-compose
config/assetdb.env
file and assign a new POSTGRES_PASSWORD and AMASS_PASSWORD. Save. This cannot be performed after you start the Docker Compose and the database has been created.config.yaml
file, being sure to replace the password field of the database
value with the password you assigned as your AMASS_PASSWORD. Save.datasources.yaml
file by uncommenting data sources and adding account credentials.amass
command execution.docker compose run --rm amass enum -d owasp.org
assetdb
is a PostgreSQL database reachable from your localhost on port 5432.docker compose run --rm amass enum -d owasp.org
http://127.0.0.1:3000
IP2LOCATION-LITE-DB11.CSV
and IP2LOCATION-LITE-DB11.IPV6.CSV
files and copy them into the compose directory.upload_ip2loc_data.sh
script to insert the geo information into the database.cd amass-docker-compose
docker compose down
config/assetdb.env
, config/config.yaml
, and config/datasources.yaml
files.assetdb
, data
, and logs
git pull origin master
cd amass-docker-compose
docker compose down
docker compose build --pull --no-cache
"Accenture’s adversary simulation team has used Amass as our primary tool suite on a variety of external enumeration projects and attack surface assessments for clients. It’s been an absolutely invaluable basis for infrastructure enumeration, and we’re really grateful for all the hard work that’s gone into making and maintaining it – it’s made our job much easier!"
- Max Deighton, Accenture Cyber Defense Manager
"For an internal red team, the organisational structure of Visma puts us against a unique challenge. Having sufficient, continuous visibility over our external attack surface is an integral part of being able to efficiently carry out our task. When dealing with hundreds of companies with different products and supporting infrastructure we need to always be on top of our game.
For years, OWASP Amass has been a staple in the asset reconnaissance field, and keeps proving its worth time after time. The tool keeps constantly evolving and improving to adapt to the new trends in this area."
- Joona Hoikkala (@joohoi) & Alexis Fernández (@six2dez), Visma Red Team
If you need help with installation and/or usage of the tool, please join our Discord server where community members can best help you.
:stop_sign: Please avoid opening GitHub issues for support requests or questions!
This program is free software: you can redistribute it and/or modify it under the terms of the Apache license. OWASP Amass and any contributions are Copyright © by Jeff Foley 2017-2024. Some subcomponents have separate licenses.