recon.amass
Enumerate subdomains for a target domain using passive or active reconnaissance methods to support security assessments and bug bounty hunting.
Instructions
Run amass for passive/active subdomain enumeration
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Target domain | |
| passive | No | Passive mode only |
Implementation Reference
- src/tools/recon.ts:131-162 (handler)The main handler function for the 'recon.amass' MCP tool. It checks if the Amass binary is installed, constructs the command arguments (enum -d domain [-passive]), executes it with a 2-minute timeout, parses subdomains from stdout, saves results to Postgres and Redis working memory, and returns a formatted ToolResult.async ({ domain, passive = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('amass'); if (!exists) { return formatToolResult( false, null, 'amass not found. Install from: https://github.com/owasp-amass/amass' ); } const args = ['enum', '-d', domain]; if (passive) args.push('-passive'); const result = await runCommand('amass', args, 120000); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0 && s.includes('.')); await saveTestResult(domain, 'amass', true, { subdomains }); await setWorkingMemory(`recon:${domain}:amass`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'amass', false, null, error.message); return formatToolResult(false, null, error.message); } }
- src/tools/recon.ts:120-129 (schema)The input schema and description for the 'recon.amass' tool, defining required 'domain' string and optional 'passive' boolean.{ description: 'Run amass for passive/active subdomain enumeration', inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, passive: { type: 'boolean', description: 'Passive mode only', default: true }, }, required: ['domain'], },
- src/tools/recon.ts:118-163 (registration)The server.tool() call that registers the 'recon.amass' tool with its schema and handler within the registerReconTools function.server.tool( 'recon.amass', { description: 'Run amass for passive/active subdomain enumeration', inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, passive: { type: 'boolean', description: 'Passive mode only', default: true }, }, required: ['domain'], }, }, async ({ domain, passive = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('amass'); if (!exists) { return formatToolResult( false, null, 'amass not found. Install from: https://github.com/owasp-amass/amass' ); } const args = ['enum', '-d', domain]; if (passive) args.push('-passive'); const result = await runCommand('amass', args, 120000); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0 && s.includes('.')); await saveTestResult(domain, 'amass', true, { subdomains }); await setWorkingMemory(`recon:${domain}:amass`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'amass', false, null, error.message); return formatToolResult(false, null, error.message); } } );
- src/index.ts:35-35 (registration)Call to registerReconTools(server) in the main entrypoint, which triggers the registration of all recon tools including 'recon.amass'.registerReconTools(server);