- Notifications
You must be signed in to change notification settings - Fork159
Subdomain enumeration and information gathering tool
License
jonluca/Anubis
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
d8888 888 d8b d88888 888 Y8P d88P888 888 d88P 888 88888b. 888 888 88888b. 888 .d8888b d88P 888 888 "88b 888 888 888 "88b 888 88K d88P 888 888 888 888 888 888 888 888 "Y8888b. d8888888888 888 888 Y88b 888 888 d88P 888 X88 d88P 888 888 888 "Y88888 88888P" 888 88888P'Anubis is a subdomain enumeration and information gathering tool. Anubis collates data from a variety of sources,including HackerTarget, DNSDumpster, x509 certs, VirusTotal, Google, Pkey, Shodan, Spyse, and NetCraft.Anubis also has a sister project,AnubisDB, which serves as a centralizedrepository of subdomains.
Original Medium article release
- Nmap (if wanting to run port scans and certain certificate scans)
If you are running Linux, the following are also required:
sudo apt-get install python3-pip python-dev libssl-dev libffi-dev
Note: Python 3 is required
pip3 install anubis-netsec
Please note Anubis is still in beta.
git clone https://github.com/jonluca/Anubis.gitcd Anubispip3 install -r requirements.txtpip3 install .Usage: anubis (-t TARGET | -f FILE) [-o FILENAME] [-bdinoprsSv] [-w SCAN] [-q NUM] anubis -h anubis (--version | -V) Options: -h --help show this help message and exit -t --target set target (comma separated, no spaces, if multiple) -f --file set target (reads from file, one domain per line) -n --with-nmap perform an nmap service/script scan -o --output save to filename -i --additional-info show additional information about the host from Shodan (requires API key) -p --ip outputs the resolved IPs for each subdomain, and a full list of unique ips -d --send-to-anubis-db send results to Anubis-DB -r --recursive recursively search over all subdomains -s --ssl run an ssl scan and output cipher + chain info -S --silent only out put subdomains, one per line -w --overwrite-nmap-scan SCAN overwrite default nmap scan (default -nPn -sV -sC) -v --verbose print debug info and full request output -q --queue-workers NUM override number of queue workers (default: 10, max: 100) -V --version show version and exitHelp: For help using this tool, please open an issue on the Github repository: https://github.com/jonluca/anubisNote: If you'd like to use the shodan.io API, make sure to prefix the command withSHODAN_API_KEY=yourkey
anubis -tip domain.com -o out.txt
Set's target todomain.com, (t) outputs additional information (i) like server and ISP or server hosting provider,then attempts to resolve all URLs (p) and outputs list of unique IPs and sends to Anubis-DB (a). Finally, writes allresults to out.txt (o).
anubis -t reddit.com Simplest use of Anubis, just runs subdomain enumeration
Searching for subdomains for 151.101.65.140 (reddit.com)Testing for zone transfersSearching for Subject Alt NamesSearching HackerTargetSearching VirusTotalSearching Pkey.inSearching NetCraft.comSearching crt.shSearching DNSDumpsterSearching Anubis-DBFound 193 subdomains----------------fj.reddit.comse.reddit.comgateway.reddit.combeta.reddit.comww.reddit.com... (truncated for readability)Sending to AnubisDBSubdomain search took 0:00:20.390anubis -t reddit.com -ip (equivalent toanubis -t reddit.com --additional-info --ip) - resolves IPs and outputs listof uniques, and provides additional information throughhttps://shodan.io
Searching for subdomains for 151.101.65.140Server Location: San Francisco US - 94107ISP: FastlyFound 27 domains----------------http://www.np.reddit.com: 151.101.193.140http://nm.reddit.com: 151.101.193.140http://ww.reddit.com: 151.101.193.140http://dg.reddit.com: 151.101.193.140http://en.reddit.com: 151.101.193.140http://ads.reddit.com: 151.101.193.140http://zz.reddit.com: 151.101.193.140out.reddit.com: 107.23.11.190origin.reddit.com: 54.172.97.226http://blog.reddit.com: 151.101.193.140alb.reddit.com: 52.201.172.48http://m.reddit.com: 151.101.193.140http://rr.reddit.com: 151.101.193.140reddit.com: 151.101.65.140http://www.reddit.com: 151.101.193.140mx03.reddit.com: 151.101.193.140http://fr.reddit.com: 151.101.193.140rhs.reddit.com: 54.172.97.229http://np.reddit.com: 151.101.193.140http://nj.reddit.com: 151.101.193.140http://re.reddit.com: 151.101.193.140http://iy.reddit.com: 151.101.193.140mx02.reddit.com: 151.101.193.140mailp236.reddit.com: 151.101.193.140Found 6 unique IPs52.201.172.48151.101.193.140107.23.11.190151.101.65.14054.172.97.22654.172.97.229Execution took 0:00:04.604anubis -t reddit.com --with-nmap -o temp.txt -i --overwrite-nmap-scan "-F -T5"
Searching for subdomains for 151.101.65.140 (reddit.com)Testing for zone transfersSearching for Subject Alt NamesSearching HackerTargetSearching VirusTotalSearching Pkey.inSearching NetCraft.comSearching crt.shSearching DNSDumpsterSearching Anubis-DBSearching Shodan.io for additional informationServer Location: San Francisco, US - 94107ISP or Hosting Company: FastlyTo run a DNSSEC subdomain enumeration, Anubis must be run as rootStarting Nmap ScanHost : 151.101.65.140 ()----------Protocol: tcpport: 80state: openport: 443state: openFound 195 subdomains----------------nm.reddit.comne.reddit.comsonics.reddit.comaj.reddit.comfo.reddit.comf5.reddit.com... (truncated for readability)Sending to AnubisDBSubdomain search took 0:00:26.579Run tests on their own, in native pytest environment
pytest
- CLI Boilerplate bySkele-CLI
Please readCONTRIBUTING.md for details on our code ofconduct, and the process for submitting pull requests to us.
- JonLuca DeCaro -Initial work -Anubis
See also the list ofcontributors who participated in this project.
This project is licensed under the MIT License - see theLICENSE.md file for details
About
Subdomain enumeration and information gathering tool