Recon & OSINT

Amass

In-depth DNS enumeration and attack-surface mapping.

osintdnsrecon

amass — terminal

$ amass enum -d example.com

What it does

OWASP Amass maps an organization's external attack surface through DNS enumeration, scraping, and dozens of data sources to discover subdomains and related assets. It's a go-to for building a complete picture of internet-facing infrastructure.

Source

https://github.com/owasp-amass/amass ↗

More Recon & OSINT tools

SubfinderPassive subdomain discovery at scale.dnsxFast, multi-purpose DNS toolkit for resolution and probing.theHarvesterEmail, subdomain, and host OSINT gathering.MetagoofilMetadata extraction from public documents.

Need hosted scanning instead of local tooling?

Run a scan in the browser →