Amass

A
Written By Threat NG Staff

Amass is an open-source intelligence (OSINT) tool for network mapping and external asset discovery in cybersecurity. It performs DNS enumeration and network reconnaissance to gather information about a target domain or organization.

Here's what Amass does:

  • DNS Enumeration: Amass queries various DNS servers to discover subdomains, IP addresses, and other DNS records associated with a target domain.

  • Network Mapping: It uses the discovered information to map the target's network infrastructure, identifying potential entry points and vulnerabilities.

  • Data Sources: Amass leverages a wide range of data sources, including public DNS servers, certificate transparency logs, and various online services, to gather comprehensive information.

  • Brute Forcing: It can perform brute-forcing attacks to discover un publicly listed subdomains.

  • API Integration: Amass can be integrated with other security tools and scripts through its API.

Security professionals use Amass to:

  • Identify Attack Surface: Discover unknown assets and potential vulnerabilities.

  • Reconnaissance: Gather information about a target before launching a penetration test.

  • Threat Intelligence: Monitor changes in a target's infrastructure to detect malicious activity.

  • Incident Response: Investigate security incidents and identify compromised systems.

Amass is a powerful tool for cybersecurity professionals and ethical hackers to gain visibility into a target's network infrastructure and improve their security posture.

Query successful

ThreatNG complements Amass by providing a more comprehensive and in-depth analysis of the attack surface Amass discovered. While Amass focuses on DNS enumeration and network mapping, ThreatNG performs external assessments, continuous monitoring, and investigations to identify and assess potential vulnerabilities and risks.

External Discovery:

Like Amass, ThreatNG performs external discovery without requiring any internal access or agents. It uses various techniques to identify and collect information about an organization's internet-facing assets, including websites, subdomains, IP addresses, and cloud services. This complements Amass's DNS enumeration capabilities by providing a broader view of the attack surface.

External Assessment:

ThreatNG's external assessment capabilities go beyond simply identifying assets. It analyzes various factors to assess the organization's susceptibility to cyberattacks and digital risks. Some examples include:

  • Web Application Hijack Susceptibility: ThreatNG analyzes the web application's external components to identify potential entry points for attackers, such as vulnerabilities in code or insecure configurations.  

  • Subdomain Takeover Susceptibility: It assesses the risk of subdomain takeover by analyzing DNS records, SSL certificates, and other factors.  

  • Brand Damage Susceptibility: ThreatNG analyzes various factors, including sentiment analysis of media coverage, financial analysis, and dark web presence, to assess the risk of brand damage.  

  • Data Leak Susceptibility: It evaluates the organization's exposure to data leaks by analyzing cloud and SaaS exposure, dark web presence, and other factors.  

  • Cyber Risk Exposure: ThreatNG considers various parameters, including certificates, subdomain headers, vulnerabilities, and sensitive ports, to determine the overall cyber risk exposure.  

Reporting:

ThreatNG provides various reporting options to cater to different audiences and needs. These include:

  • Executive Reports: High-level summaries of the organization's security posture and risk exposure for executives and decision-makers.

  • Technical Reports: Detailed reports with actionable insights for security professionals and IT teams.

  • Prioritized Reports: Reports that highlight the most critical vulnerabilities and risks that need immediate attention.

  • Security Ratings Reports: Reports that provide an overall security rating for the organization based on various factors.

Continuous Monitoring:

ThreatNG continuously monitors the organization's external attack surface, digital risk, and security ratings. This allows for early detection of new vulnerabilities, changes in the infrastructure, and emerging threats. The continuous monitoring complements Amass's one-time discovery by providing ongoing visibility into the attack surface.

Investigation Modules:

ThreatNG provides various investigation modules that allow security professionals to delve deeper into specific areas of concern. Some examples include:

  • Domain Intelligence: Provides detailed information about the domain, including DNS records, subdomains, IP addresses, and certificates.

  • Sensitive Code Exposure: Identifies and analyzes exposed code repositories to uncover sensitive information such as API keys, access tokens, and database credentials.  

  • Cloud and SaaS Exposure: Evaluate the organization's use of cloud services and SaaS applications, identifying potential risks such as unsanctioned services, impersonations, and open exposed cloud buckets.  

  • Dark Web Presence: Monitors the dark web for mentions of the organization, its employees, or its assets, providing insights into potential threats and compromised information.

Intelligence Repositories:

ThreatNG leverages various intelligence repositories to enrich its analysis and provide context to the findings. These repositories include:

  • Dark web: Provides information about compromised credentials, leaked data, and other threats circulating on the dark web.

  • Ransomware events and groups: Tracks ransomware attacks and groups to identify potential threats to the organization.

  • Known vulnerabilities: Maintains a database of known vulnerabilities to assess the organization's exposure to existing threats.

  • ESG violations: Tracks environmental, social, and governance violations to assess the organization's ESG risk exposure.

Examples of ThreatNG Helping:

  • ThreatNG can identify a subdomain vulnerable to takeover, which Amass may have discovered but not flagged as a risk.

  • ThreatNG can detect a sensitive API key exposed in a public code repository, allowing the organization to revoke it before it is exploited.

  • ThreatNG can identify an unsanctioned cloud service an employee uses, which may pose a security risk to the organization.

  • ThreatNG can detect a mention of the organization on a dark web forum, indicating a potential threat or data breach.

ThreatNG complements Amass by providing a more comprehensive and in-depth attack surface analysis. It goes beyond simply identifying assets by performing external assessments, continuous monitoring, and investigations to identify and assess potential vulnerabilities and risks. This allows organizations to better understand their security posture and take proactive measures to mitigate risks.

Threat NG Staff
Previous

Ahmia Dark Web Search
Next

Amplitude