getting the first few assets in good shape

caffix · caffix · commit dfc2d0e74cc2 · 2025-06-28T14:41:46.000-04:00
diff --git a/docs/open_asset_model/assets/contact_record.md b/docs/open_asset_model/assets/contact_record.md
@@ -1,152 +1,57 @@
-# :simple-owasp: Contact 
+# :simple-owasp: ContactRecord
 
-The **Contact** entity, which holds assets such as `Email`, `Location`, and `Phone`, is a critical component of comprehensive **Attack Surface Intelligence**. By organizing these assets alongside discovered attributes and relationships, the [Open Asset Model](https://github.com/owasp-amass/open-asset-model) reveals connections across diverse resources, enabling a holistic understanding of the asset landscape.
+The **ContactRecord** asset serves as a connective entity that maintains a reliable audit trail of where contact information was discovered during the *attack surface intelligence* collection process. It plays a critical role in ensuring both flexibility and consistency within the [Open Asset Model](https://github.com/owasp-amass/open-asset-model), as it is uniformly applied wherever contact details are identified—regardless of the specific type of contact information uncovered. Because such information is often found in varied groupings, it's important to preserve the context in which each piece was associated. The **ContactRecord** makes this possible by capturing and storing the discovered contact data alongside its source location, maintaining their relationship within the model.
 
+## :material-contacts: ContactRecord Attributes
 
-Mirroring the adversary's perspective, the **Amass Engine** traces discovery paths, contextualizes insights at each contact point, and identifies exposures to strengthen situational awareness.
-
----
-
-## :material-hexagon-multiple: Collection 
-
-- **Complete Contact Coverage:** Provides a centralized view of standardized contact asset intelligence across **email**, **location**, and **phone**.
-- **Email Insights:** Tracks email connections to link addresses to specific **personnel and operational functions**, offering visibility into business process maturity.
-- **Location Details:** Includes specific location information, from physical addresses and building details to region and locality, for **complete geographic context**.
-- **Phone Numbers:** Captures the relationships between country codes, extensions, and subscriber **numbers with individuals and organizational** structures.
-- **Connected Data:** Traces the contact collection's discovery path to clarify its **origin, validity, and relevance** in investigative and data privacy contexts.
-
----
-
-!!! Info annotate "OAM Taxonomy"
-    The diagrams and data tables below outline the properties and incoming relationships for each `Contact Asset` type: `Email`, `Location`, and `Phone`. # (1)!
-
-1. :material-check-decagram: Required fields are denoted in the data tables.
-
----
-
-## :material-email: Email Address
-
-Email characteristics offer valuable intelligence for profiling and mapping an organization’s internal structure, operational contacts, and network ownership. Analyzing relationships among contact points makes it possible to trace domain ownership, uncover technical support channels, and reveal security response capabilities. This structured email data enriches the understanding of organizational roles and personnel responsibilities, providing a comprehensive view of the asset landscape through an offensive lens.
-
----
-
-!!! Danger "Email Requirements"
-    A full email `address`, formatted as a `string`, is required for mapping the related relationships.
+| Attributes | Type | Required | Description |
+| -------- | ---- | :--------: | ----------- |
+| `discovered_at` | string | :material-check-decagram: | Unique URL or path to the contact information |
 
----   
+## :material-contacts: ContactRecord Outgoing Relations
 
-``` mermaid
+```mermaid
 graph TD
-Contact[("Contact Assets")]
-Email("Email
-Properties")
-
-Email ==> Contact
-
-Person["Person"]
-Organization["Organization"]
-TLSCertificate["Fingerprint"]
-Registration["Registration"]
-
-registrationEmail@{ shape: braces, label: "admin_email
-tech_email
-billing_email
-registrant_email
-abuse_email"}
-
-personEmail@{ shape: braces, label: "email"}
-tlsEmail@{ shape: braces, label: "subject_email_address"}
-
-registrationEmail --> Email
-Registration --o registrationEmail
-
-personEmail --> Email
-Person --o personEmail
-Organization --o personEmail 
-
-tlsEmail --> Email
-TLSCertificate --o tlsEmail
+contact["ContactRecord"]
+fqdn["FQDN"]
+
+simple1@{ shape: braces, label: "fqdn"}
+contact --o simple1
+simple1 --> fqdn
+
+id["Identifier"]
+simple2@{ shape: braces, label: "id"}
+contact --o simple2
+simple2 --> id
+
+org["Organization"]
+simple3@{ shape: braces, label: "organization"}
+contact --o simple3
+simple3 --> org
+
+person["Person"]
+simple4@{ shape: braces, label: "person"}
+contact --o simple4
+simple4 --> person
+
+phone["Phone"]
+simple5@{ shape: braces, label: "phone"}
+contact --o simple5
+simple5 --> phone
+
+url["URL"]
+simple6@{ shape: braces, label: "url"}
+contact --o simple6
+simple6 --> url
 ```
 
 ---
 
-
-### :material-email: Email Properties
-
-| Property | Type | Required | Description |
-| -------- | ---- | :--------: | ----------- |
-| `address` | string | :material-check-decagram: | The full email address |
-| `local` | string | - | The local part of the email address |
-| `domain` | string | - | The part of the address after the @ symbol |
-
-
-#### Incoming Relationships
-
-| Relationship | Type |
-| ------------ | ---- |
-| `admin_email` | [`Whois`](#whois) |
-| `tech_email` | [`Whois`](#whois) |
-| `billing_email` | [`Whois`](#whois) |
-| `registrant_email` | [`Whois`](#whois) |
-| `email` | [`Person`](#person) |
-| `email` | [`Organization`](#organization) |
-| `abuse_email` | [`Registrar`](#registrar) |
-| `subject_email_address` | [`TLSCertificate`](#tls-certificate) |
-
----
-
-## :material-map-marker: Location
-
-| Property | Type | Required | Description |
-| -------- | ---- | :--------: | ----------- |
-| `formatted_address` | string | - | The formatted address |
-| `building_number` | string | - | the number of the building at the location |
-| `street_name` | string | - | the name of the street at the location |
-| `unit` | string | - | the unit number at the location |
-| `building` | string | - | the name of the building at the location |
-| `town` | string | - | the name town or city at the location |
-| `locality` | string | - | the locality at the location |
-| `region` | string | - | the name of the region or state at the location |
-| `country_code` | string | - | the ISO 3166-1 alpha-2 country code |
-| `postal_code` | string | - | the postal code at the location |
-
-
-#### Incoming Relationships
-
-| Relationship | Type |
-| ------------ | ---- |
-| `admin_location` | [`Whois`](#whois) |
-| `tech_location` | [`Whois`](#whois) |
-| `billing_location` | [`Whois`](#whois) |
-| `registrant_location` | [`Whois`](#whois) |
-| `location` | [`Person`](#person) |
-| `location` | [`Organization`](#organization) |
-| `subject_state_or_province` | [`TLSCertificate`](#tls-certificate) |
-| `subject_locality` | [`TLSCertificate`](#tls-certificate) |
-
----
-
-## :material-phone: Phone
-
-| Property | Type | Required | Description |
-| -------- | ---- | :--------: | ----------- |
-| `type` | string | - | The type of phone number |
-| `raw` | string | :material-check-decagram: | The raw phone number |
-| `e164` | string | - | The E.164 formatted phone number |
-| `country_abbrev` | string | - | The ISO 3166-1 alpha-2 country code |
-| `country_code` | string | - | The ISO 3166-1 numeric country code |
-| `subscriber_number` | string | - | The subscriber number |
-| `ext` | string | - | The extension of the phone number |
-
-
-#### Incoming Relationships
-
-| Relationship | Type |
-| ------------ | ---- |
-| `admin_phone` | [`Whois`](#whois) |
-| `tech_phone` | [`Whois`](#whois) |
-| `billing_phone` | [`Whois`](#whois) |
-| `registrant_phone` | [`Whois`](#whois) |
-| `phone_number` | [`Person`](#person) |
-| `phone_number` | [`Organization`](#organization) |
-| `abuse_phone` | [`Registrar`](#registrar) |
+| Relation Label | Relation Type | Assets | Description |
+| :--------------: | :---------------: | :--------------: | :------------ |
+| `fqdn` | [`SimpleRelation`](#simple_relation) | [`FQDN`](#fqdn) | Represents a FQDN discovered in the contact information |
+| `id` | [`SimpleRelation`](#simple_relation) | [`Identifier`](#identifer) | Represents an ID (e.g. email address) in the contact information |
+| `organization` | [`SimpleRelation`](#simple_relation) | [`Organization`](#organization) | Represents an organization name in the contact information |
+| `person` | [`SimpleRelation`](#simple_relation) | [`Person`](#person) | Represents a person's name discovered with the contact information |
+| `phone` | [`SimpleRelation`](#simple_relation) | [`Phone`](#phone) | Represents a phone number in the contact information |
+| `url` | [`SimpleRelation`](#simple_relation) | [`URL`](#url) | Represents an URL discovered in the contact information |
diff --git a/docs/open_asset_model/assets/fqdn.md b/docs/open_asset_model/assets/fqdn.md
@@ -1,8 +1,6 @@
 # :simple-owasp: FQDN
 
-The **FQDN**, or **Fully Qualified Domain Name (FQDN)**, asset represents a complete and unambiguous domain name that specifies the exact location of a device or resource within a **Domain Name System (DNS)** namespace on the internet. DNS names are critical components of **open-source intelligence (OSINT)** and a comprehensive **attack surface intelligence** collection process. By organizing these assets alongside discovered attributes and relationships, the [Open Asset Model](https://github.com/owasp-amass/open-asset-model) reveals connections across diverse resources, enabling a holistic understanding of the asset landscape.
-
----
+The *Fully Qualified Domain Name* (**FQDN**) asset represents a complete and unambiguous domain name that precisely identifies the location of a device or resource within the *Domain Name System (DNS)* hierarchy. FQDNs are foundational elements in *open-source intelligence (OSINT)* and are essential to building a thorough *attack surface intelligence* profile. Within the [Open Asset Model](https://github.com/owasp-amass/open-asset-model), these assets are organized along with their associated attributes and relationships, helping to uncover connections between otherwise disparate resources. This structured representation enables a more comprehensive and contextualized view of an organization’s digital footprint.
 
 ## :material-dns: FQDN Attributes
 
@@ -12,7 +10,7 @@ The **FQDN**, or **Fully Qualified Domain Name (FQDN)**, asset represents a comp
 
 ## :material-dns: FQDN Outgoing Relations
 
-``` mermaid
+```mermaid
 graph TD
 fqdn1["FQDN (e.g. owasp.org)"]
 fqdn2["FQDN (e.g. vpn.owasp.org)"]
@@ -52,7 +50,7 @@ regrel --> domrec
 ---
 
 | Relation Label | Relation Type | Assets | Description |
-| :--------------: | :--------------: | :----------: | :---------- |
+| :--------------: | :---------------: | :--------------: | :------------ |
 | `dns_record` | [`BasicDNSRelation`](#basic_dns_relation) | [`FQDN`](#fqdn), [`IPAddress`](#ip_address) | Used for most RR types |
 | `dns_record` | [`PrefDNSRelation`](#pref_dns_relation) | [`FQDN`](#fqdn) | Used for RR types that have a preference attribute |
 | `dns_record` | [`SRVDNSRelation`](#srv_dns_relation) | [`FQDN`](#fqdn) | Used to support the SRV RR type |
diff --git a/docs/open_asset_model/assets/index.md b/docs/open_asset_model/assets/index.md
@@ -1 +1,112 @@
 # :simple-owasp: `Assets`
+
+In the [OWASP](https://owasp.org) [Open Asset Model](https://github.com/owasp-amass/open-asset-model), an asset represents any discrete, observable element in the external environment of an organization that holds security or operational relevance. Assets can range from technical resources like domain names and IP addresses to organizational constructs such as legal entities and brand names. What makes assets central to the model is that they serve as the primary objects of analysis—entities that can be discovered, attributed, linked, enriched, and ultimately assessed for risk. Each asset is uniquely identified, carries contextual metadata such as confidence and source of discovery, and participates in a web of typed relationships that form a dynamic, queryable graph of an organization's external footprint.
+
+## Why *Assets* Are the First‑Class Citizens
+
+In the **Open Asset Model (OAM)**, *assets* are the atomic units of knowledge that describe an organization’s externally observable footprint.  Every other class in the model—attributes, properties, relations—exists to enrich or contextualize an asset.  By treating *everything discoverable* (from a DNS name to a cloud storage bucket) as an asset, we gain three strategic advantages:
+
+1. **Uniform Vocabulary** – Analysts, tools, and automation pipelines can exchange data without bespoke translation layers.
+2. **Composable Reasoning** – Graph analytics, enrichment, and risk scoring can be applied consistently because every node shares a common set of metadata fields (`id`, `confidence`, `source` …).
+3. **Auditability** – Each asset retains a pointer to discovery provenance, making it trivial to reproduce findings or trace errors.
+
+## Asset Definition
+
+> **Asset**: *An identifiable object—digital, network, or legal—that an organization owns, operates, or relies on and that can be observed from outside the security perimeter.*
+
+An asset is **not** just a label; it is a self‑contained document that answers three questions:
+
+1. **What is it?**\
+   A type‑specific schema (e.g., *FQDN*, *TLSCertificate*, *AutonomousSystem*).
+2. **Where did it come from?**\
+   One or more *DiscoveryMethods* with timestamps and collection method.
+3. **How certain are we?**\
+   A *confidence* score that downstream pipelines can use to gate actions.
+
+## Asset Taxonomy (Partial)
+
+| Category               | Example Asset Types                                    | Typical Sources                       |
+| ---------------------- | ------------------------------------------------------ | ------------------------------------- |
+| **Network & DNS**      | `FQDN`, `IPAddress`, `AutonomousSystem`, `Netblock` | DNS enumeration, passive DNS, RDAP |
+| **Products & Services**       | `Product`, `ProductRelease`, `Service`      | DNS, Port scanning, banner grabbing    |
+| **Organization**       | `Organization`, `Account`, `FundsTransfer`                 | GLEIF, business registries       |
+| **Identity & Contact** | `ContactRecord`, `Identifier`, `Phone`, `Location`         | TLS certs, WHOIS, RDAP, websites     |
+| **Cryptographic**      | `TLSCertificate`                             | CT logs, public websites         |
+
+*This list is intentionally open‑ended; community pull requests routinely add new asset types as technology evolves.*
+
+## Core Asset Attributes
+
+Every asset embeds a minimal yet powerful set of metadata:
+
+```json
+type: "FQDN"
+value: "login.example.com"
+created_at: "2025-06-11"
+last_seen: "2025-06-27"
+```
+
+Additional attributes are type‑specific—for instance, an `IPAddress` has the **address** field, while an `Organization` stores jurisdiction and registration numbers.
+
+## Relationships: Building the Graph
+
+Assets rarely exist in isolation.  The model expresses **typed, directed edges** such as:
+
+- `dns_record` – *FQDN* → *IPAddress*
+- `contains` – *Netblock* → *IPAddress*
+- `announces` – *AutonomousSystem* → *Netblock*
+- `registration` – *Netblock* → *IPNetRecord*
+
+These links turn the asset collection into a searchable **property graph**, enabling path‑finding queries like *“Which IP ranges host domains that roll up to Acme Corp’s legal entities?”*
+
+## Lifecycle in the Discovery Pipeline
+
+```mermaid
+flowchart LR
+  subgraph Discovery Engine
+    A[Raw OSINT] --> B(Parse & Normalize)
+    B --> C(Create Asset)
+    C -->|Deduplicate| D[Graph DB]
+    D --> E(Enrichment / Risk Scoring)
+  end
+```
+
+1. **Parse & Normalize** – A discovery plugin converts evidence into the canonical asset schema.
+2. **Create Asset** – New or updated asset documents are emitted with provenance.
+3. **Deduplicate** – The graph layer merges assets sharing the same unique `key`.
+4. **Enrichment** – Plugins append properties, such as alternative names, vulnerabilities, etc.
+5. **Analytics & Export** – Downstream tools run path queries, generate reports, or feed alerting pipelines.
+
+## Quick Example: From Evidence to Asset
+
+Imagine Amass extracts the email address *security@example.com* from the footer of *www.example.com*:
+
+```text
+Source URL: https://www.example.com
+Evidence: "Contact us at security@example.com for vulnerabilities."
+```
+
+The *web scraper* module produces:
+
+```json
+type: "ContactRecord"
+discovered_at: "http://www.example.com"
+value: "security@example.com"
+created_at: "2025-06-28"
+last_seen: "2025-06-28"
+```
+
+An edge will be created between the **ContactRecord** and **Identifier** containing the email address (security@example.com). Future encounters with the same email address will reference the same asset in the graph.
+
+## Where to Go Next
+
+Take a look at the pages with details for every asset type.
+
+- [Relations](../relations/index.md) – Overview of Relations in the Open Asset Model.
+- [Properties](../properties/index.md) - Overview of a Property in the Open Asset Model.
+- [Triples](../assetdb/triples.md) – Querying the graph with SPARQL‑inspired triples.
+- [Assoc Tool](../framework_tools/assoc.md) – Using the command-line tool that queries the graph.
+
+---
+
+*© 2025 Jeff Foley — Licensed under Apache 2.0.*
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -10,7 +10,7 @@ site_description: "In-depth OSINT collection and external attack surface mapping
 site_author: OWASP Amass Contributors
 remote_branch: gh-pages
 
-#copyright: 
+#copyright: 2025 Jeff Foley
 
 theme:
   name: 'material'
@@ -22,14 +22,14 @@ theme:
     - media: '(prefers-color-scheme: light)'
       scheme: default
       primary: 'black'
-      accent: 'red'
+      accent: 'blue'
       toggle:
         icon: material/toggle-switch
         name: Switch to dark mode
     - media: '(prefers-color-scheme: dark)'
       scheme: slate
       primary: 'black'
-      accent: 'red'
+      accent: 'blue'
       toggle:
         icon: material/toggle-switch-off-outline
         name: Switch to light mode
