Amass API is a Flask-based web application designed to interact with OWASP Amass, enabling domain enumeration via a simple REST API. For example, this API can be used by cybersecurity professionals to automate the discovery of subdomains during penetration testing, saving time and effort compared to manual methods. It provides options for recursive enumeration and brute-forcing subdomains, with results saved in a structured format.
- Perform domain enumeration using Amass, providing an automated and efficient way to discover subdomains without manual intervention.
- Support for recursive enumeration with a configurable minimum for recursion.
- Enable brute-forcing of subdomains.
- API endpoint to fetch results in JSON format.
- Docker
- Docker Compose
You can use the prebuilt Docker image from Docker Hub to quickly deploy the API:
docker pull enrikenur/amass-apiFollow these steps to set up the application:
- Clone the repository:
git clone https://github.com/w95/amass-api cd amass-api - Build and start the application using Docker Compose:
docker-compose up --build
- Once running, access the API at
http://localhost:5000.
Trigger a domain enumeration.
| Parameter | Type | Required | Description |
|---|---|---|---|
domain |
String | Yes | The target domain for enumeration. |
brute |
Boolean | No | Enable brute-forcing of subdomains. Default: false. |
min_for_recursive |
Integer | No | Minimum number of findings to trigger recursion. Default: 2. |
{
"domain": "example.com",
"brute": true,
"min_for_recursive": 2
}- Success:
{ "status": "success", "message": "Amass enumeration completed.", "output": [ "subdomain1.example.com", "subdomain2.example.com" ] } - Error:
{ "status": "error", "message": "Domain is required" }
This project is licensed under the MIT License. See LICENSE for more details.
- OWASP Amass for providing the enumeration tool.
Contributions are welcome! Please fork the repository and submit a pull request with your changes.