by Jeff Foley
The OWASP Amass tool obtains subdomain names by scraping data sources,
recursive brute forcing, crawling web archives, permuting/altering names
and reverse DNS sweeping. Additionally, Amass uses the IP addresses
obtained during resolution to discover associated netblocks and ASNs. All
the information is then used to build maps of the target networks.