|
| 1 | +# Setting Up a PostgreSQL Database for OWASP Amass |
| 2 | + |
| 3 | +The OWASP Amass framework can store collected data in a PostgreSQL database. This page walks you through the recommended setup process, including environment variables, database initialization, and configuration in your `config.yaml` file. |
| 4 | + |
| 5 | +> **Note:** These instructions assume PostgreSQL is already installed and running on your system (e.g., `localhost:5432`). You’ll need access to a user with sufficient privileges (typically `postgres`). |
| 6 | +
|
| 7 | +## 1. Define Environment Variables |
| 8 | + |
| 9 | +Before running the setup commands, export the following environment variables to define your database, user, and passwords. These values will be used in the setup process and your Amass configuration. |
| 10 | + |
| 11 | +```bash |
| 12 | +export POSTGRES_USER=postgres |
| 13 | +export POSTGRES_PASSWORD=postgres |
| 14 | +export AMASS_DB=assetdb |
| 15 | +export AMASS_USER=amass |
| 16 | +export AMASS_PASSWORD=amass4OWASP |
| 17 | +``` |
| 18 | + |
| 19 | +??? info "Secrets Management" |
| 20 | + Consider storing these in a `.env` file and loading them with `source .env` to avoid retyping. Never commit secrets to version control. |
| 21 | + |
| 22 | +## 2. Create the Amass Database and User |
| 23 | + |
| 24 | +Run the following commands in your shell to initialize the database and create a dedicated user for Amass. This uses the `psql` CLI with inline SQL for automation. |
| 25 | + |
| 26 | +```bash |
| 27 | +# Add single quotes around the password to handle special characters |
| 28 | +export TEMPPASS="'$AMASS_PASSWORD'" |
| 29 | + |
| 30 | +# Create the database and user |
| 31 | +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL |
| 32 | + \getenv assetdb AMASS_DB |
| 33 | + \getenv username AMASS_USER |
| 34 | + \getenv password TEMPPASS |
| 35 | +
|
| 36 | + CREATE DATABASE :assetdb; |
| 37 | + ALTER DATABASE :assetdb SET timezone TO 'UTC'; |
| 38 | + CREATE USER :username WITH PASSWORD :password; |
| 39 | +EOSQL |
| 40 | +``` |
| 41 | + |
| 42 | +This will: |
| 43 | + |
| 44 | +* Create the `assetdb` database |
| 45 | +* Set its default timezone to UTC (recommended for consistency) |
| 46 | +* Create a new user (`amass`) with the specified password |
| 47 | + |
| 48 | +## 3. Enable Extensions and Grant Privileges |
| 49 | + |
| 50 | +Next, connect to the new database and enable the required PostgreSQL extension and assign privileges to the Amass user. |
| 51 | + |
| 52 | +```bash |
| 53 | +psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$AMASS_DB" <<-EOSQL |
| 54 | + \getenv username AMASS_USER |
| 55 | +
|
| 56 | + CREATE EXTENSION pg_trgm SCHEMA public; |
| 57 | +
|
| 58 | + GRANT USAGE ON SCHEMA public TO :username; |
| 59 | + GRANT CREATE ON SCHEMA public TO :username; |
| 60 | + GRANT ALL ON ALL TABLES IN SCHEMA public TO :username; |
| 61 | +EOSQL |
| 62 | +``` |
| 63 | + |
| 64 | +This will: |
| 65 | + |
| 66 | +* Enable the `pg_trgm` extension (used by Amass for efficient fuzzy string matching) |
| 67 | +* Grant the necessary privileges for Amass to create and manage data within the `public` schema |
| 68 | + |
| 69 | +## 4. Update Your Amass Configuration |
| 70 | + |
| 71 | +Once your database is set up, update your Amass `config.yaml` file with the connection string: |
| 72 | + |
| 73 | +```yaml |
| 74 | +options: |
| 75 | + # Be sure to replace the credentials with values matching your environment |
| 76 | + database: "postgres://amass:amass4OWASP@127.0.0.1:5432/assetdb" |
| 77 | +``` |
| 78 | +
|
| 79 | +??? info "Security Reminder" |
| 80 | + Avoid committing passwords to source control. Where possible, consider injecting the connection string using an environment variable (e.g., `${AMASS_DB_URI}`). |
| 81 | + |
| 82 | +## 5. Test the Connection |
| 83 | + |
| 84 | +You can test whether the Amass framework is successfully connecting to your PostgreSQL database by running a standard enumeration command: |
| 85 | + |
| 86 | +```bash |
| 87 | +amass enum -config config.yaml |
| 88 | +``` |
| 89 | + |
| 90 | +If the configuration is correct, the collected data will be stored in the PostgreSQL backend you configured. |
| 91 | + |
| 92 | +## ✅ You're Done! |
| 93 | + |
| 94 | +Amass is now ready to store data in your PostgreSQL database. This enables you to persist, analyze, and query discovered assets using SQL or integrate with other tooling and dashboards. |
| 95 | + |
| 96 | +## Troubleshooting Tips |
| 97 | + |
| 98 | +* **Connection Refused?** Ensure PostgreSQL is listening on `127.0.0.1:5432` and that the database server is running. |
| 99 | +* **Authentication Failed?** Double-check your environment variable values, especially the user and password. |
| 100 | +* **Extension Errors?** Make sure the `pg_trgm` extension is available and installed. You can check with `\dx` in `psql`. |
| 101 | + |
| 102 | +## See Also |
| 103 | + |
| 104 | +* [Amass Configuration](../configuration/configuration.md) |
| 105 | +* [PostgreSQL Documentation](https://www.postgresql.org/docs/current/index.html) |
| 106 | +* [PostgreSQL `pg_trgm` Extension Docs](https://www.postgresql.org/docs/current/pgtrgm.html) |
| 107 | +* [Managing Environment Variables Securely](https://direnv.net/) |
0 commit comments