• Stars
    star
    1,195
  • Rank 39,145 (Top 0.8 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 7 years ago
  • Updated about 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Subdomain enumeration and information gathering tool

Anubis

Build Status Coverage GitHub issues GitHub license

        d8888                   888      d8b
       d88888                   888      Y8P
      d88P888                   888
     d88P 888 88888b.  888  888 88888b.  888 .d8888b
    d88P  888 888 "88b 888  888 888 "88b 888 88K
   d88P   888 888  888 888  888 888  888 888 "Y8888b.
  d8888888888 888  888 Y88b 888 888 d88P 888      X88
 d88P     888 888  888  "Y88888 88888P"  888  88888P'

Anubis is a subdomain enumeration and information gathering tool. Anubis collates data from a variety of sources, including HackerTarget, DNSDumpster, x509 certs, VirusTotal, Google, Pkey, Sublist3r, Shodan, Spyse, and NetCraft. Anubis also has a sister project, AnubisDB, which serves as a centralized repository of subdomains.

Original Medium article release

Getting Started

Prerequisites

  • Nmap (if wanting to run port scans and certain certificate scans)

If you are running Linux, the following are also required:

sudo apt-get install python3-pip python-dev libssl-dev libffi-dev

Installing

Note: Python 3 is required

pip3 install anubis-netsec

Install From Source

Please note Anubis is still in beta.

git clone https://github.com/jonluca/Anubis.git
cd Anubis
pip3 install  -r requirements.txt
pip3 install .

Usage

Usage:
  anubis (-t TARGET | -f FILE) [-o FILENAME]  [-abinoprsSv] [-w SCAN] [-q NUM]
  anubis -h
  anubis (--version | -V)
  
Options:
  -h --help                       show this help message and exit
  -t --target                     set target (comma separated, no spaces, if multiple)
  -f --file                       set target (reads from file, one domain per line)
  -n --with-nmap                  perform an nmap service/script scan
  -o --output                     save to filename
  -i --additional-info            show additional information about the host from Shodan (requires API key)
  -p --ip                         outputs the resolved IPs for each subdomain, and a full list of unique ips
  -a --dont-send-to-anubis-db     don't send results to Anubis-DB
  -r --recursive                  recursively search over all subdomains
  -s --ssl                        run an ssl scan and output cipher + chain info
  -S --silent                     only out put subdomains, one per line
  -w --overwrite-nmap-scan SCAN   overwrite default nmap scan (default -nPn -sV -sC)
  -v --verbose                    print debug info and full request output
  -q --queue-workers NUM          override number of queue workers (default: 10, max: 100)
  -V --version                       show version and exit

Help:
  For help using this tool, please open an issue on the Github repository:
  https://github.com/jonluca/anubis

Basic

Common Use Case

anubis -tip domain.com -o out.txt

Set's target to domain.com, (t) outputs additional information (i) like server and ISP or server hosting provider, then attempts to resolve all URLs (p) and outputs list of unique IPs and sends to Anubis-DB (a). Finally, writes all results to out.txt (o).

Other

anubis -t reddit.com Simplest use of Anubis, just runs subdomain enumeration

Searching for subdomains for 151.101.65.140 (reddit.com)

Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Found 193 subdomains
----------------
fj.reddit.com
se.reddit.com
gateway.reddit.com
beta.reddit.com
ww.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:20.390

anubis -t reddit.com -ip (equivalent to anubis -t reddit.com --additional-info --ip) - resolves IPs and outputs list of uniques, and provides additional information through https://shodan.io

Searching for subdomains for 151.101.65.140
Server Location: San Francisco US - 94107
ISP: Fastly
Found 27 domains
----------------
http://www.np.reddit.com: 151.101.193.140
http://nm.reddit.com: 151.101.193.140
http://ww.reddit.com: 151.101.193.140
http://dg.reddit.com: 151.101.193.140
http://en.reddit.com: 151.101.193.140
http://ads.reddit.com: 151.101.193.140
http://zz.reddit.com: 151.101.193.140
out.reddit.com: 107.23.11.190
origin.reddit.com: 54.172.97.226
http://blog.reddit.com: 151.101.193.140
alb.reddit.com: 52.201.172.48
http://m.reddit.com: 151.101.193.140
http://rr.reddit.com: 151.101.193.140
reddit.com: 151.101.65.140
http://www.reddit.com: 151.101.193.140
mx03.reddit.com: 151.101.193.140
http://fr.reddit.com: 151.101.193.140
rhs.reddit.com: 54.172.97.229
http://np.reddit.com: 151.101.193.140
http://nj.reddit.com: 151.101.193.140
http://re.reddit.com: 151.101.193.140
http://iy.reddit.com: 151.101.193.140
mx02.reddit.com: 151.101.193.140
mailp236.reddit.com: 151.101.193.140
Found 6 unique IPs
52.201.172.48
151.101.193.140
107.23.11.190
151.101.65.140
54.172.97.226
54.172.97.229
Execution took 0:00:04.604

Advanced

anubis -t reddit.com --with-nmap -o temp.txt -i --overwrite-nmap-scan "-F -T5"

Searching for subdomains for 151.101.65.140 (reddit.com)

Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Searching Shodan.io for additional information
Server Location: San Francisco, US - 94107
ISP  or Hosting Company: Fastly
To run a DNSSEC subdomain enumeration, Anubis must be run as root
Starting Nmap Scan
Host : 151.101.65.140 ()
----------
Protocol: tcp
port: 80	state: open
port: 443	state: open
Found 195 subdomains
----------------
nm.reddit.com
ne.reddit.com
sonics.reddit.com
aj.reddit.com
fo.reddit.com
f5.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:26.579

Running the tests

Run tests on their own, in native pytest environment

pytest

Built With

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Authors

  • JonLuca DeCaro - Initial work - Anubis

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Acknowledgments

More Repositories

1

vite-typescript-ssr-react

πŸš€ A Vite Typescript SSR React boilerplate!
TypeScript
342
star
2

mimessage

iMessage Wrapped, Semantic Search, and AI Chats
TypeScript
131
star
3

har-to-openapi

HAR to OpenAPI spec generator
TypeScript
84
star
4

MasterRepo

APT Repository list and Debian install file for Cydia
Shell
79
star
5

RideShare-Trip-Stats

Chrome Extension to visualize your uber trip statistics
TypeScript
66
star
6

Anubis-DB

Database to store previously found subdomains
TypeScript
57
star
7

Never-Ending-Netflix

πŸ“ΊChrome extension that skips title sequences, automatically plays the next episode, and never asks you if you're still watching on Netflix!
JavaScript
53
star
8

Stream-Enhancer-Site

Actual site that converts m3u8 to a video stream
CSS
35
star
9

electron-extension-installer

Install extensions into devtools
TypeScript
35
star
10

Stream-Enhancer

Watch your favorite streams without ads or interruptions!
JavaScript
32
star
11

PasteBinApp

iOS app for PasteBin
Swift
27
star
12

Federalist-Papers-NLP

Attribution of the Federalist Papers through NLTK/SciKit and ML
Jupyter Notebook
26
star
13

USC-Schedule-Helper

Chrome Extension for USC Students to help with Web Registration!
JavaScript
21
star
14

repo-refactor

Refactor any directory into a different language
C++
19
star
15

javascript-heap-inspector

TypeScript
16
star
16

UberOrLyft

Compare the prices of Uber and Lyft from your browser!
JavaScript
14
star
17

Phone-Audio-Processing

Work done on signal processing in python, resampling audio, and reversing short time fourier transforms
Python
10
star
18

USC-Class-Notifier-API

Rewrite of https://github.com/jonluca/USC-Schedule-of-Classes-API
TypeScript
7
star
19

source-map-cloner

TypeScript
7
star
20

dotfiles

My customized shell and dev environment
Shell
6
star
21

Textbookbot

Slackbot to automatically grab textbooks by ISBN
Python
6
star
22

Burp-Copy-As-Node

Burp extension to copy a request as a node.js requests function
Java
6
star
23

candy-crush-hack

A Java GUI for hacking Candy Crush save game files
Java
6
star
24

Interesting-Snippets

Interesting snippets of text
5
star
25

OpenTable-Reservation-Maker

Python
5
star
26

PasteEnabler

Allows you to copy + paste even on sites that attempt to block you
JavaScript
5
star
27

SPF-Research

Research for my SPF/DKIM/DMARC article
Python
5
star
28

resy-api

Resy API client
TypeScript
4
star
29

blog

Personal Blog
JavaScript
4
star
30

seated-api

Reversing Seateds API
Jupyter Notebook
4
star
31

Perfect-Prime

Chrome Extension to automatically skip trailers and recaps and play the next episode on Amazon Prime
JavaScript
4
star
32

Window-Differ

Finds unique global variables on a given window
JavaScript
4
star
33

GitHub

iOS app to browse GitHub projects!
Swift
3
star
34

PaperCloud

Word cloud of academic papers and their authors
JavaScript
3
star
35

buggy-avassetwriter

This is a repo containing sample code demonstrating the bugginess of ScreenCaptureKit and AVAssetWriter
Swift
3
star
36

BulkReddit

Download large amounts of posts for offline viewing
JavaScript
3
star
37

json-schema-walker

Walk through the properties of a json schema
TypeScript
2
star
38

ts-hnsw

TypeScript
2
star
39

Degallerify

Chrome Extension to change all imgur gallery links on a page to direct links
JavaScript
2
star
40

watermark-remover

Remove watermarks from pdfs
TypeScript
2
star
41

debundler

Debundle and de-obfuscate webpages
JavaScript
1
star
42

Infographics-Moderator-Toolbox

Infographics Tools
Python
1
star
43

PitchforkReviews

Put the rating for Pitchfork reviews on the main page
JavaScript
1
star
44

SimplifyMe

JavaScript
1
star
45

jonlu.ca

Source for my personal website
HTML
1
star
46

Clear-Reddit-Unmoderated

Script to quickly approve all unmoderated posts
Python
1
star
47

AmazeSolver

Algorithm to solve the Amaze!!! Game
HTML
1
star
48

Blackboard-Clone

Phishing clone for Blackboard
JavaScript
1
star
49

Churning-Tools

Tools to help the churning hobby
Python
1
star
50

repo

My tweaks and code. Open source, now and forever
HTML
1
star
51

AddToAmex

Chrome extension to quickly add all new Amex offers to your accounts!
JavaScript
1
star
52

protobuf-extractor

Extract protobuf files from a website
JavaScript
1
star
53

Churning-Traffic-Stats

Data and code for quarterly analysis of traffic to /r/churning
Python
1
star
54

jonluca

NPM introduction!
JavaScript
1
star
55

discord-forum-export

Bot to export forum posts
TypeScript
1
star