OWASP Amass
Attack surface mapping engine: DNS, certificates, APIs, scraping, and graphing for deep asset discovery.
Why it is included
OWASP-flagship breadth beyond simple subdomain lists—used in ASM programs.
Best for
Enterprise-style external mapping and graph review in authorized programs.
Strengths
- Data integration depth
- Graph output
- Active + passive modes
Limitations
- Configuration and API key setup can be heavy
Good alternatives
Subfinder · theHarvester
Related tools
Security & Privacy
Subfinder
Passive subdomain enumeration aggregating many OSINT sources with resolver validation options.
Security & Privacy
Nuclei
Fast vulnerability scanner driven by YAML templates—used for recon, misconfigs, CVEs, and custom checks at scale.
Security & Privacy
OWASP ZAP
OWASP flagship web app scanner and proxy: automated checks, manual request tampering, scripting, and CI integrations.
Security & Privacy
theHarvester
E-mail, subdomain, and host harvesting from search engines, PGP servers, and common OSINT APIs.
Security & Privacy
Metasploit Framework
Modular exploitation framework with payloads, encoders, auxiliaries, and integration points for exploit development.
Security & Privacy
sqlmap
Automatic SQL injection and database takeover helper with fingerprinting, data exfiltration, and OS-shell paths.