Open Asset Model¶
The Open Asset Model (OAM) redefines the understanding of an attack surface. Shifting the paradigm away from narrow, internet infrastructure-focused collection, the OAM framework broadens its scope to include both physical and digital assets. This approach delivers a realistic view of assets and their lesser-known associations, utilizing adversarial tactics to gain visibility into potential risks and attack vectors that might otherwise be overlooked.
Key Benefits¶
- Deep Attack Surface Intelligence: Identifies both physical and digital assets, moving beyond IT infrastructure.
- Standardized Asset Framework: Ensures consistency in asset classification, facilitating efficient data exchange and streamlined analysis.
- Cyclic Discovery: Recursively approaches data exploration, leveraging each finding to dynamically expand the target scope.
- Community-Driven: Developed and continuously refined by security experts within the OWASP Amass ecosystem.
- Risk Mapping: Exposes hidden attack vectors by mapping asset relationships and tracking their changes over time.
Open Asset Taxonomy
The Open Asset Model organizes assets into Contact, Registration, Infrastructure, People, Organization, and Fingerprint classes, bridging the relationships within and across these specifications.
Explore each asset type and their distinct relationships:¶
-
Contact
Link email addresses, phone numbers, and locations to people or organizations
-
Registration
Gather domain insights, including Whois and registrar details
-
Infrastructure
Identify IPs, networks, and systems to reveal key components
-
People
Collect names, locations, and attributes to build individual profiles
-
Organization
Uncover entity designations, locations, and operational details to expose connections
-
Fingerprint
Examine hashed server responses to detect unique configurations