recon.amass
Enumerate subdomains for a target domain using passive or active reconnaissance methods to identify potential attack surfaces.
Instructions
Run amass for passive/active subdomain enumeration
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Target domain | |
| passive | No | Passive mode only |
Implementation Reference
- src/tools/recon.ts:131-162 (handler)Handler function that runs the Amass subdomain enumeration tool. Checks for installation, executes with domain and optional passive mode, parses subdomains, stores results in Postgres and Redis, handles errors.async ({ domain, passive = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('amass'); if (!exists) { return formatToolResult( false, null, 'amass not found. Install from: https://github.com/owasp-amass/amass' ); } const args = ['enum', '-d', domain]; if (passive) args.push('-passive'); const result = await runCommand('amass', args, 120000); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0 && s.includes('.')); await saveTestResult(domain, 'amass', true, { subdomains }); await setWorkingMemory(`recon:${domain}:amass`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'amass', false, null, error.message); return formatToolResult(false, null, error.message); } }
- src/tools/recon.ts:122-129 (schema)Input schema defining required 'domain' string and optional 'passive' boolean for the recon.amass tool.inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, passive: { type: 'boolean', description: 'Passive mode only', default: true }, }, required: ['domain'], },
- src/tools/recon.ts:118-163 (registration)Registers the 'recon.amass' tool on the MCP server within the registerReconTools function, specifying name, description, input schema, and handler.server.tool( 'recon.amass', { description: 'Run amass for passive/active subdomain enumeration', inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, passive: { type: 'boolean', description: 'Passive mode only', default: true }, }, required: ['domain'], }, }, async ({ domain, passive = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('amass'); if (!exists) { return formatToolResult( false, null, 'amass not found. Install from: https://github.com/owasp-amass/amass' ); } const args = ['enum', '-d', domain]; if (passive) args.push('-passive'); const result = await runCommand('amass', args, 120000); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0 && s.includes('.')); await saveTestResult(domain, 'amass', true, { subdomains }); await setWorkingMemory(`recon:${domain}:amass`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'amass', false, null, error.message); return formatToolResult(false, null, error.message); } } );
- src/index.ts:35-35 (registration)Top-level call to registerReconTools which includes the recon.amass tool registration.registerReconTools(server);