All Projects → jonluca → Anubis

jonluca / Anubis

Licence: mit
🔓Subdomain enumeration and information gathering tool

Programming Languages

python
139335 projects - #7 most used programming language

Projects that are alternatives of or similar to Anubis

Amass
In-depth Attack Surface Mapping and Asset Discovery
Stars: ✭ 6,284 (+770.36%)
Mutual labels:  subdomain, network-security, information-gathering
recce
Domain availbility checker
Stars: ✭ 30 (-95.84%)
Mutual labels:  information-security, information-gathering
matrix
mirror of https://mypdns.org/my-privacy-dns/matrix as it is obviously no longer safe to do Girhub nor have we no longer any trust in them. See https://mypdns.org/my-privacy-dns/porn-records/-/issues/1347
Stars: ✭ 32 (-95.57%)
Mutual labels:  information-security, network-security
Cyberscan
CyberScan: Network's Forensics ToolKit
Stars: ✭ 280 (-61.22%)
Mutual labels:  information-gathering, network-security
netizenship
a commandline #OSINT tool to find the online presence of a username in popular social media websites like Facebook, Instagram, Twitter, etc.
Stars: ✭ 33 (-95.43%)
Mutual labels:  information-security, information-gathering
Scylla
The Simplistic Information Gathering Engine | Find Advanced Information on a Username, Website, Phone Number, etc.
Stars: ✭ 424 (-41.27%)
Mutual labels:  information-security, information-gathering
penetration testing
🎩 [penetration testing Book], Kali Magic, Cryptography, Hash Crack, Botnet, Rootkit, Malware, Spyware, Python, Go, C|EH.
Stars: ✭ 57 (-92.11%)
Mutual labels:  information-security, network-security
Zxrequestblock
基于NSURLProtocol一句话实现iOS应用底层所有网络请求拦截(含网页ajax请求拦截【不支持WKWebView】)、一句话实现防抓包(使Thor,Charles,Burp等代理抓包方式全部失效,且即使开启了代理,也不影响App内部的正常请求)。包含http-dns解决方法,有效防止DNS劫持。用于分析http,https请求等
Stars: ✭ 160 (-77.84%)
Mutual labels:  network, network-security
Webkiller
Tool Information Gathering Write By Python.
Stars: ✭ 300 (-58.45%)
Mutual labels:  information-gathering, kali
Oneforall
OneForAll是一款功能强大的子域收集工具
Stars: ✭ 4,202 (+481.99%)
Mutual labels:  subdomain, information-gathering
Badkarma
network reconnaissance toolkit
Stars: ✭ 353 (-51.11%)
Mutual labels:  information-gathering, network-security
gosint
Gosint is a distributed asset information collection and vulnerability scanning platform
Stars: ✭ 344 (-52.35%)
Mutual labels:  information-security, information-gathering
pwk scripts
Automation scripts in preparation for PWK/OSCP labs
Stars: ✭ 16 (-97.78%)
Mutual labels:  kali, network-security
ICP-Checker
ICP备案查询,可查询企业或域名的ICP备案信息,自动完成滑动验证,保存结果到Excel表格,适用于2022年新版的工信部备案管理系统网站,告别频繁拖动验证,以及某站*工具要开通VIP才可查看备案信息的坑
Stars: ✭ 119 (-83.52%)
Mutual labels:  information-security, information-gathering
Ivre
Network recon framework, published by @cea-sec & @ANSSI-FR. Build your own, self-hosted and fully-controlled alternatives to Shodan / ZoomEye / Censys and GreyNoise, run your Passive DNS service, collect and analyse network intelligence from your sensors, and much more!
Stars: ✭ 2,331 (+222.85%)
Mutual labels:  network, network-security
phomber
Phomber is infomation grathering tool that reverse search phone numbers and get their details, written in python3.
Stars: ✭ 59 (-91.83%)
Mutual labels:  information-security, information-gathering
2016lykagguvenligivesizmatestleri
Network Security Notes ☔️
Stars: ✭ 75 (-89.61%)
Mutual labels:  network, network-security
Scilla
🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration
Stars: ✭ 116 (-83.93%)
Mutual labels:  network, information-gathering
Osmedeus
Fully automated offensive security framework for reconnaissance and vulnerability scanning
Stars: ✭ 3,391 (+369.67%)
Mutual labels:  subdomain, information-gathering
Chimera
Chimera is a (shiny and very hack-ish) PowerShell obfuscation script designed to bypass AMSI and commercial antivirus solutions.
Stars: ✭ 463 (-35.87%)
Mutual labels:  information-security, kali

Anubis

Build Status Coverage GitHub issues GitHub license

        d8888                   888      d8b
       d88888                   888      Y8P
      d88P888                   888
     d88P 888 88888b.  888  888 88888b.  888 .d8888b
    d88P  888 888 "88b 888  888 888 "88b 888 88K
   d88P   888 888  888 888  888 888  888 888 "Y8888b.
  d8888888888 888  888 Y88b 888 888 d88P 888      X88
 d88P     888 888  888  "Y88888 88888P"  888  88888P'

Anubis is a subdomain enumeration and information gathering tool. Anubis collates data from a variety of sources, including HackerTarget, DNSDumpster, x509 certs, VirusTotal, Google, Pkey, and NetCraft. Anubis also has a sister project, AnubisDB, which serves as a centralized repository of subdomains.

Original Medium article release

Getting Started

Prerequisites

  • Nmap (if wanting to run port scans and certain certificate scans)

If you are running Linux, the following are also required:

sudo apt-get install python3-pip python-dev libssl-dev libffi-dev

Installing

Note: Python 3 is required

pip3 install anubis-netsec

Install From Source

Please note Anubis is still in beta.

git clone https://github.com/jonluca/Anubis.git
cd Anubis
pip3 install  -r requirements.txt
pip3 install .

Usage

Usage:
  anubis (-t TARGET | -f FILE) [-o FILENAME]  [-abinoprsv] [-w SCAN] [-q NUM]
  anubis -h
  anubis --version
  
Options:
  -h --help                       show this help message and exit
  -t --target                     set target (comma separated, no spaces, if multiple)
  -f --file                       set target (reads from file, one domain per line)
  -n --with-nmap                  perform an nmap service/script scan
  -o --output                     save to filename
  -i --additional-info            show additional information about the host from Shodan (requires API key)
  -p --ip                         outputs the resolved IPs for each subdomain, and a full list of unique ips
  -a --send-to-anubis-db          send results to Anubis-DB
  -r --recursive                  recursively search over all subdomains
  -s --ssl                        run an ssl scan and output cipher + chain info
  -S --silent                     only out put subdomains, one per line
  -w --overwrite-nmap-scan SCAN   overwrite default nmap scan (default -nPn -sV -sC)
  -v --verbose                    print debug info and full request output
  -q --queue-workers NUM          override number of queue workers (default: 10, max: 100)
  --version                       show version and exit

Help:
  For help using this tool, please open an issue on the Github repository:
  https://github.com/jonluca/anubis

Basic

Common Use Case

anubis -tipa domain.com -o out.txt

Set's target to domain.com, (t) outputs additional information (i) like server and ISP or server hosting provider, then attempts to resolve all URLs (p) and outputs list of unique IPs and sends to Anubis-DB (a). Finally, writes all results to out.txt (o).

Other

anubis -t reddit.com Simplest use of Anubis, just runs subdomain enumeration

Searching for subdomains for 151.101.65.140 (reddit.com)

Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Found 193 subdomains
----------------
fj.reddit.com
se.reddit.com
gateway.reddit.com
beta.reddit.com
ww.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:20.390

anubis -t reddit.com -ip (equivalent to anubis -t reddit.com --additional-info --ip) - resolves IPs and outputs list of uniques, and provides additional information through https://shodan.io

Searching for subdomains for 151.101.65.140
Server Location: San Francisco US - 94107
ISP: Fastly
Found 27 domains
----------------
http://www.np.reddit.com: 151.101.193.140
http://nm.reddit.com: 151.101.193.140
http://ww.reddit.com: 151.101.193.140
http://dg.reddit.com: 151.101.193.140
http://en.reddit.com: 151.101.193.140
http://ads.reddit.com: 151.101.193.140
http://zz.reddit.com: 151.101.193.140
out.reddit.com: 107.23.11.190
origin.reddit.com: 54.172.97.226
http://blog.reddit.com: 151.101.193.140
alb.reddit.com: 52.201.172.48
http://m.reddit.com: 151.101.193.140
http://rr.reddit.com: 151.101.193.140
reddit.com: 151.101.65.140
http://www.reddit.com: 151.101.193.140
mx03.reddit.com: 151.101.193.140
http://fr.reddit.com: 151.101.193.140
rhs.reddit.com: 54.172.97.229
http://np.reddit.com: 151.101.193.140
http://nj.reddit.com: 151.101.193.140
http://re.reddit.com: 151.101.193.140
http://iy.reddit.com: 151.101.193.140
mx02.reddit.com: 151.101.193.140
mailp236.reddit.com: 151.101.193.140
Found 6 unique IPs
52.201.172.48
151.101.193.140
107.23.11.190
151.101.65.140
54.172.97.226
54.172.97.229
Execution took 0:00:04.604

Advanced

anubis -t reddit.com --with-nmap -o temp.txt -i --overwrite-nmap-scan "-F -T5"

Searching for subdomains for 151.101.65.140 (reddit.com)

Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Searching Shodan.io for additional information
Server Location: San Francisco, US - 94107
ISP  or Hosting Company: Fastly
To run a DNSSEC subdomain enumeration, Anubis must be run as root
Starting Nmap Scan
Host : 151.101.65.140 ()
----------
Protocol: tcp
port: 80	state: open
port: 443	state: open
Found 195 subdomains
----------------
nm.reddit.com
ne.reddit.com
sonics.reddit.com
aj.reddit.com
fo.reddit.com
f5.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:26.579

Running the tests

Run all test with coverage

 python3 setup.py test

Run tests on their own, in native pytest environment

pytest

Built With

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Authors

  • JonLuca DeCaro - Initial work - Anubis

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Acknowledgments

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].