recon.amass
Enumerate subdomains for a target domain using passive or active reconnaissance methods to identify potential attack surfaces.
Instructions
Run amass for passive/active subdomain enumeration
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | Target domain | |
| passive | No | Passive mode only |
Implementation Reference
- src/tools/recon.ts:131-162 (handler)Handler function that runs the Amass subdomain enumeration tool. Checks for installation, executes with domain and optional passive mode, parses subdomains, stores results in Postgres and Redis, handles errors.
async ({ domain, passive = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('amass'); if (!exists) { return formatToolResult( false, null, 'amass not found. Install from: https://github.com/owasp-amass/amass' ); } const args = ['enum', '-d', domain]; if (passive) args.push('-passive'); const result = await runCommand('amass', args, 120000); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0 && s.includes('.')); await saveTestResult(domain, 'amass', true, { subdomains }); await setWorkingMemory(`recon:${domain}:amass`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'amass', false, null, error.message); return formatToolResult(false, null, error.message); } } - src/tools/recon.ts:122-129 (schema)Input schema defining required 'domain' string and optional 'passive' boolean for the recon.amass tool.
inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, passive: { type: 'boolean', description: 'Passive mode only', default: true }, }, required: ['domain'], }, - src/tools/recon.ts:118-163 (registration)Registers the 'recon.amass' tool on the MCP server within the registerReconTools function, specifying name, description, input schema, and handler.
server.tool( 'recon.amass', { description: 'Run amass for passive/active subdomain enumeration', inputSchema: { type: 'object', properties: { domain: { type: 'string', description: 'Target domain' }, passive: { type: 'boolean', description: 'Passive mode only', default: true }, }, required: ['domain'], }, }, async ({ domain, passive = true }: any): Promise<ToolResult> => { try { const exists = await checkCommandExists('amass'); if (!exists) { return formatToolResult( false, null, 'amass not found. Install from: https://github.com/owasp-amass/amass' ); } const args = ['enum', '-d', domain]; if (passive) args.push('-passive'); const result = await runCommand('amass', args, 120000); const subdomains = result.stdout .split('\n') .filter((s) => s.trim().length > 0 && s.includes('.')); await saveTestResult(domain, 'amass', true, { subdomains }); await setWorkingMemory(`recon:${domain}:amass`, subdomains, 3600); return formatToolResult(true, { subdomains, count: subdomains.length, raw: result.stdout, }); } catch (error: any) { await saveTestResult(domain, 'amass', false, null, error.message); return formatToolResult(false, null, error.message); } } ); - src/index.ts:35-35 (registration)Top-level call to registerReconTools which includes the recon.amass tool registration.
registerReconTools(server);