amass-viz

Generate a D3.js visualization based on database data

$ amass viz -d3 -dir [path/to/database_directory]

$ amass viz -dot -dir [path/to/database_directory]

$ amass viz -gexf -dir [path/to/database_directory]

$ amass viz -graphistry -dir [path/to/database_directory]

$ amass viz -maltego -dir [path/to/database_directory]

amass-viz [options] -d <directory>
amass-viz [options] -f <file>

-d, --dir <directory>
    Specifies the directory containing Amass output files to be visualized.

-f, --file <file>
    Specifies a single Amass output file (e.g., JSON) to be visualized. Less common than directory processing.

-p, --port <port>
    Sets the port number for the local web server launched to display the visualization. Default is often 8080 or 8081.

-ip
    Includes IP addresses as nodes in the generated graph visualization.

-asn
    Includes Autonomous System Numbers (ASNs) as nodes in the generated graph visualization.

-no-open
    Prevents amass-viz from automatically opening the web browser to display the visualization.

-g, --graphml
    Outputs the graph data in GraphML format instead of launching a web-based visualization.

-d3-force
    Uses the D3.js force-directed graph layout for visualization (default behavior).

-d3-tree
    Uses the D3.js tree layout for visualization, suitable for hierarchical data.

-v, --version
    Displays the current version of the amass-viz tool.

-h, --help
    Shows the help message and available command-line options.

amass-viz is an integral component of the OWASP Amass project, designed to transform the vast output of network reconnaissance into understandable and interactive visualizations. It typically processes data from Amass output directories, generating a web-based, force-directed graph that illustrates the relationships between discovered domain names, IP addresses, autonomous system numbers (ASNs), and other infrastructure elements. This visual representation significantly aids analysts in mapping an organization's external attack surface by highlighting intricate connections that might be obscure in raw text output. amass-viz often launches a local web server to serve the interactive graph, allowing users to zoom, pan, and click on nodes for detailed information. It simplifies the complex task of making sense of extensive reconnaissance datasets, making asset discovery more intuitive and actionable.

For large datasets, amass-viz may require significant system resources (CPU/RAM). The interactive visualization in a browser can become complex and less readable with an extremely high number of nodes and edges. Ensure the Amass output directory is correctly specified for proper processing.

The web-based visualization generated by amass-viz offers interactive features such as zooming, panning, and clicking on individual nodes (domains, IPs, ASNs) to reveal associated details and expand connections, facilitating deeper analysis of the attack surface.

While its primary function is interactive web visualization, amass-viz can also output the graph data in the GraphML format. This allows users to import the reconnaissance graph into other dedicated graph analysis and visualization tools like Gephi or yEd for further manipulation and advanced analytics.

amass-viz emerged as a crucial component within the OWASP Amass project, which began development around 2017. Its inclusion addressed the growing need for intuitive data visualization in the realm of external asset discovery. As reconnaissance efforts became more extensive, generating vast amounts of interconnected data, the raw textual output from Amass became challenging to interpret. amass-viz was developed to bridge this gap, providing a visual interface that allows security professionals to quickly grasp complex infrastructure relationships, enhancing the overall utility and impact of the Amass tool suite.

amass(1), dig(1), nslookup(1), whois(1)