Open Asset Model¶
The Open Asset Model (OAM) redefines the understanding of an organization’s attack surface. Shifting the paradigm away from narrow, internet infrastructure-focused collection, the Amass Open Asset Model broadens its scope to include both physical and digital assets. This approach delivers a complete view of an organization’s assets and their relationships, ensuring full visibility into the potential risks and attack vectors that might otherwise be overlooked.
Key Features¶
- Complete Asset Visibility: Covers both physical and digital assets for a comprehensive view.
- Standardized Asset Framework: Ensures consistency in asset classification and data exchange across organizations.
- Seamless Data Transfer: Facilitates efficient sharing of standardized asset inventories.
- Broader Attack Surface Intelligence: Identifies vulnerabilities beyond IT infrastructure.
- Community-Driven: Developed and continuously refined by security experts within the OWASP Amass ecosystem.
- Risk Mapping: Exposes hidden attack vectors by mapping relationships between assets.
Open Asset Taxonomy
The Open Asset Model organizes assets into Contact, Registration, Infrastructure, People, Organization, and Fingerprint classes, bridging the relationships within and across these specifications.
Explore each asset type and their distinct relationships:¶
-
Contact
Link email addresses, phone numbers, and locations to people or organizations
-
Registration
Gather domain insights, including Whois and registrar details
-
Infrastructure
Identify IPs, networks, and systems to reveal key components
-
People
Collect names, locations, and attributes to build individual profiles
-
Organization
Uncover entity designations, locations, and operational details to expose connections
-
Fingerprint
Examine hashed server responses to detect unique configurations