LinuxCommandLibrary

amass-db

Manage and query the Amass data store

TLDR

List all performed enumerations in the database

$ amass db -dir [path/to/database_directory] -list
copy


Show results for a specified enumeration index and domain name
$ amass db -dir [path/to/database_directory] -d [domain_name] -enum [index_from_list] -show
copy


List all found subdomains of a domain within an enumeration
$ amass db -dir [path/to/database_directory] -d [domain_name] -enum [index_from_list] -names
copy


Show a summary of the found subdomains within an enumeration
$ amass db -dir [path/to/database_directory] -d [domain_name] -enum [index_from_list] -summary
copy

SYNOPSIS

amass db [global-options] <subcommand> [sub-flags]

PARAMETERS

-db string
    Database filename (default: "amass")

-dir string
    Directory for database files (default: ".")

-addr, -a stringArray
    IP addresses to filter results

-asn, -A intArray
    ASNs to filter results

-cidr, -c stringArray
    CIDRs to filter results

-domain, -d stringArray
    Domains to filter results

-hash, -h stringArray
    Name hashes to filter

-max, -m int
    Max results returned (default: 1000000)

-regex, -r string
    Regex to match results

-scope
    Scope-filtered results only

-src, -s stringArray
    Data sources to filter

-tag, -t stringArray
    Tags to filter results

-tls
    TLS certificate names only

DESCRIPTION

The amass db (or amass-db) tool handles operations on the SQLite database used by OWASP Amass for storing network mapping data, including discovered domain names, IP addresses, ASNs, netblocks, and infrastructure details from reconnaissance scans.

Key functionalities include initializing databases, querying records with filters (domains, tags, sources, TLS certs), exporting/importing data, removing entries, and generating statistics. Filters like -domain, -addr, -tag, and regex support precise data retrieval. It's crucial for analyzing large-scale enumeration outputs without rerunning scans, enabling offline review and integration with other tools.

Databases are stored in a specified directory as SQLite files, ensuring fast queries and persistence across Amass sessions. Usage is subcommand-based, with shared options for flexibility.

CAVEATS

SQLite format only; requires write permissions on directory. Large DBs may slow queries without indexes. Subcommand-specific flags vary.

SUBCOMMANDS

init: Initialize DB
status: DB info/stats
names: List names
addresses: List IPs
netblocks: Netblocks
asns: ASNs
ptrs: PTR records
srvs: SRV records
tlds: TLDs
hashes: Name hashes
stats: Summary stats
remove: Delete records
import: Load data
export: Output to file/JSON

HISTORY

Introduced in OWASP Amass v3 (2018) by Jeff Foley; enhanced in v4 with better querying and export. Evolved from GraphDB to SQLite for simplicity.

SEE ALSO

amass(1), sqlite3(1)

Copied to clipboard