Anubis, a subdomain enumerator, and information gathering tool.
- It collates data from a variety of sources to provide one of the most comprehensive tools for subdomain enumeration. It pulls subdomains from public sources, indexed search results, and AnubisDB, a centralized, open API for subdomains.
- It is able to identify all key servers behind the domains and output any IPs of interest. For instance, running the same command as above with the -p flag gives us all the unique resolved IP addresses, which allows a security researcher to get a more comprehensive idea of the scope of their target.
- It is also able to extract information from less used, but potentially rewarding avenues, including DNSSEC subdomain lists and Zone Transfers.
Tighter requirements, brought back sslyze
pip3 install anubis-netsec
orgit clone https://github.com/jonluca/Anubis.git cd Anubis pip3 install -r requirements.txt
Will install it as CLI program, most likely to /usr/local/bin/anubis on *nix machines.
Simple Use Case
anubis -tip domain.com -o out.txt
Set’s target to domain.com, outputs additional information like server and ISP or server hosting provider, then attempts to resolve all URLs and outputs list of unique IPs. Finally, writes all results to out.txt.
anubis -t reddit.com
The simplest use of Anubis just runs subdomain enumeration
anubis -t reddit.com -ip (equivalent to anubis -t reddit.com --additional-info --ip)
anubis -t reddit.com --with-nmap -o temp.txt -is --overwrite-nmap-scan "-F -T5"
Copyright (c) 2018 JonLuca De Caro