An Introduction to OWASP Amass 4

Recon
Written By Garth B

The OWASP Amass project is an open-source, actively developed security tool with extensive community support that focuses on information gathering and reconnaissance. It helps security researchers and penetration testers discover and map the attack surface of their target networks by using a variety of data sources. Whether you are a penetration tester, an auditor, a security researcher or the CISO/IT manager, you have several valid reasons for mapping out the external attack surface of an organisation. This process is also referred to as reconnaissance or information gathering.

Version 4 is a major revision of Amass. If you are familiar with earlier versions then you will need to change your approach to understand how it is organized and how this "framework" works.

Regardless of past experience you may wonder where to start. This and subsequent blog posts attempt to help you quickly become productive with Amass 4 by breaking the process into discrete steps and providing an orbital view of the components and their guides.

The Orbital View

In the beginning, OWASP Amass was a self contained tool that you configured with a single configuration file and the security researcher invoked it from the command line. It had sub-commands, a variety of command line parameters, and based on the configuration, it generated results stored in its own SQLite database. Over time the tool gained popularity and its ability to determine attack surfaces expanded.

And there was much rejoicing.

As the tool evolved the team recognized the limitations of a single self contained tool. They imagined an “ecosystem” revolving around something called an “Open Asset Model” (OAM), and how this ecosystem would expand collaboration and capabilities.

But as you view the Amass GitHub account since the release of version 4, you may wonder where to start. If you are a Amass 3 user you may question what changes are required to your setup and your workflow.

To address these questions, lets start with the Amass GitHub Account.

Amass Github

As Amass 4 has reorganized its architecture to be an ecosystem, so too has the GitHub repository changed to reflect the new architecture. Different elements of the framework are in different repositories under the overall `OWASP Amass Project` banner at https://github.com/owasp-amass.

Within this project are 11 repositories. Lets look at some of the important ones:

  • open-asset-model. This is a community-driven effort to uniformly describe assets that belong to both organizations and individuals. It describes the assets and their relationships between each other.

  • amass. The command line tool with installations and usage guides.

  • config. All the code that parses the new format configuration file.

  • oam-tools. This repo has a collection of helper tools to convert old config files and extract collected data from the database.

  • homebrew-amass. All the magic that goes into making a Mac homebrew formula.

  • Resolve. A DNS Brute forcer.

  • asset-db. The Database code that supports storing data collected while running the command line tool. It supports either Postgres or SQLite3.

  • engine. Although empty now it will contain an in-depth attack surface discovery engine with the Open Asset Model.

  • docker-compose. A Docker Compose for setting up a full instance of the infrastructure. This is in Beta state at the time of this writing so beware. The docker-compose repository will be interesting to watch as it attempts to make deployment easier and adds Grafana integration for monitoring.

What’s Next

This has been a very brief introduction to OWASP Amass 4. Part 2 introduces the Open Asset Model, Database, as well as project and data source configuration.

Garth B https://www.linkedin.com/in/garthoid
Previous

An Introduction to OWASP Amass 4 - Part 2 - The Data