What is new about AMASS
Amass is a famous discovery tool that is quite popular among security professionals and has recently seen significant improvements, including the introduction of ‘the Open Asset Model and Asset Database’ and ‘oam-tools’.
I was using an older version of Amass (v3.23.3) due to using Parrot repositories, which was the latest version before the big changes. Since I prefer using newer versions, I switched to v4.2.0 using Go installation.
While using it, I found that it removed the subdomains ‘track’, ‘viz’ and ‘db’, and I noticed that the output is completely different from what I was previously familiar with.
for example:
$ amass enum -d example.com
example.com (FQDN) --> ns_record --> a.iana-servers.net (FQDN)
example.com (FQDN) --> ns_record --> b.iana-servers.net (FQDN)
example.com (FQDN) --> a_record --> 93.184.216.34 (IPAddress)
example.com (FQDN) --> aaaa_record --> 2606:2800:220:1:248:1893:25c8:1946 (IPAddress)
b.iana-servers.net (FQDN) --> a_record --> 199.43.133.53 (IPAddress)
b.iana-servers.net (FQDN) --> aaaa_record --> 2001:500:8d::53 (IPAddress)
93.184.216.0/24 (Netblock) --> contains --> 93.184.216.34 (IPAddress)
15133 (ASN) --> managed_by --> EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business (RIROrganization)
15133 (ASN) --> announces --> 93.184.216.0/24 (Netblock)
a.iana-servers.net (FQDN) --> a_record --> 199.43.135.53 (IPAddress)
a.iana-servers.net (FQDN) --> aaaa_record --> 2001:500:8f::53 (IPAddress)
2001:500:8f::/48 (Netblock) --> contains --> 2001:500:8f::53 (IPAddress)
199.43.135.0/24 (Netblock) --> contains --> 199.43.135.53 (IPAddress)
2001:500:8d::/48 (Netblock) --> contains --> 2001:500:8d::53 (IPAddress)
199.43.133.0/24 (Netblock) --> contains --> 199.43.133.53 (IPAddress)
2606:2800:220::/48 (Netblock) --> contains --> 2606:2800:220:1:248:1893:25c8:1946 (IPAddress)
26710 (ASN) --> managed_by --> ICANN-ANYCASTED-SERVICES - ICANN (RIROrganization)
26710 (ASN) --> announces --> 2001:500:8f::/48 (Netblock)
26710 (ASN) --> announces --> 199.43.135.0/24 (Netblock)
26710 (ASN) --> announces --> 2001:500:8d::/48 (Netblock)
26710 (ASN) --> announces --> 199.43.133.0/24 (Netblock)
15133 (ASN) --> announces --> 2606:2800:220::/48 (Netblock)
www.example.com (FQDN) --> a_record --> 93.184.216.34 (IPAddress)
www.example.com (FQDN) --> aaaa_record --> 2606:2800:220:1:248:1893:25c8:1946 (IPAddress)
The enumeration has finishedWhen I went back to the GitHub repository, I found that starting from v4, they had introduced ‘the Open Asset Model and Asset Database’
According to https://github.com/owasp-amass/amass/releases/tag/v4.0.1
The Open Asset Model (OAM) enhances the way we define and understand assets exposed on the internet. Traditionally, asset specifications have been confined to technical, infrastructure-specific details. However, this narrow approach limits organizations’ ability to grasp the full scope of their attack surface.
The OAM breaks these barriers, enabling users to encompass both digital and physical assets, empowering organizations to see the bigger picture.
At the core of the OAM lies its ability to capture intricate relationships among different asset types, mirroring the real-world interconnectedness that exists between assets. This approach allows security professionals to identify critical attack vectors that might otherwise remain hidden.
In brief, the Open Asset Model (OAM) enables a better understanding of the attack surface by capturing complex interrelationships between digital and physical assets
Now, oam-tools are responsible for analyzing and managing what Amass has discovered.
continuing from the last example , example how to show discovered IPs :
$ oam_subs -show -ip -d example.com
example.com 93.184.216.34,2606:2800:220:1:248:1893:25c8:1946
www.example.com 2606:2800:220:1:248:1893:25c8:1946,93.184.216.34
OAM Tool Suite v0.1.1 https://github.com/owasp-amass/oam-tools
--------------------------------------------------------------------------------
2 names discovered
--------------------------------------------------------------------------------
ASN: 15133 - EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business
93.184.216.0/24 2 Subdomain Name(s)
2606:2800:220::/48 2 Subdomain Name(s)Rendering a D3 v4 force simulation HTML visualization
oam_viz -d3 -d example.com
The Open Asset Model is still in the early stages and may encounter some issues. I haven’t used it extensively to make a definitive statement. You might want to consider using Amass v3.23.3 for traditional usage, for me I will keep going with the newer version
I recommend referring to the Amass and oam-tools documentations for a better understanding and to harness the full power of the Amass tool.