Anubis子域名枚举信息搜集工具

  • A+
所属分类:网络安全工具

Anubis子域名枚举信息搜集工具

Anubis是一个子域枚举和信息收集工具。Anubis整理来自各种来源的数据,包括HackerTarget,DNSDumpster,x509证书,VirusTotal,Google,Pkey和NetCraft。Anubis还有一个姊妹项目AnubisDB,作为子域的集中存储库。

先决条件

  • NMAP

如果您正在运行Linux,则还需要以下内容:

sudo apt-get install python3-pip python-dev libssl-dev libffi-dev

安装

注意:Python 3.6是必需的

pip3 install anubis-netsec

或者Linux Snap发行版:

snap install anubis

从源代码安装

请注意Anubis仍处于测试阶段。

git clone git@github.com:jonluca/Anubis.git
cd Anubis
pip3 install  -r requirements.txt
pip3 install .

用法

Usage:
  anubis -t TARGET [-o FILENAME] [-noispbarv] [-w SCAN] [-q NUM]
  anubis -h
  anubis --version
  
Options:
  -h --help                       show this help message and exit
  -t --target                     set target (comma separated, no spaces, if multiple)
  -n --with-nmap                  perform an nmap service/script scan
  -o --output                     save to filename
  -i --additional-info            show additional information about the host from Shodan (requires API key)
  -s --ssl                        run an ssl scan and output cipher + chain info
  -p --ip                         outputs the resolved IPs for each subdomain, and a full list of unique ips
  -a --send-to-anubis-db          send results to Anubis-DB
  -r --recursive                  recursively search over all subdomains
  -w --overwrite-nmap-scan SCAN   overwrite default nmap scan (default -nPn -sV -sC)
  -v --verbose                    print debug info and full request output
  -q --queue-workers NUM          override number of queue workers (default: 10, max: 100)
  --version                       show version and exit

Help:
  For help using this tool, please open an issue on the Github repository:
  https://github.com/jonluca/anubis

基本

常见用例

anubis -tipa domain.com -o out.txt

将目标设置为domain.com,(t)输出附加信息(i),如服务器和ISP或服务器托管提供商,然后尝试解析所有URL(p)并输出唯一IP列表并发送到Anubis-DB(a)。最后,将所有结果写入out.txt(o)。

其他

anubis -t reddit.com 最简单的使用Anubis,只是运行子域枚举

Searching for subdomains for 151.101.65.140 (reddit.com)

Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Found 193 subdomains
----------------
fj.reddit.com
se.reddit.com
gateway.reddit.com
beta.reddit.com
ww.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:20.390

anubis -t reddit.com -ip(相当于anubis -t reddit.com --additional-info --ip) - 解析IP并输出唯一身份列表,并通过https://shodan.io提供其他信息

Searching for subdomains for 151.101.65.140
Server Location: San Francisco US - 94107
ISP: Fastly
Found 27 domains
----------------
http://www.np.reddit.com: 151.101.193.140
http://nm.reddit.com: 151.101.193.140
http://ww.reddit.com: 151.101.193.140
http://dg.reddit.com: 151.101.193.140
http://en.reddit.com: 151.101.193.140
http://ads.reddit.com: 151.101.193.140
http://zz.reddit.com: 151.101.193.140
out.reddit.com: 107.23.11.190
origin.reddit.com: 54.172.97.226
http://blog.reddit.com: 151.101.193.140
alb.reddit.com: 52.201.172.48
http://m.reddit.com: 151.101.193.140
http://rr.reddit.com: 151.101.193.140
reddit.com: 151.101.65.140
http://www.reddit.com: 151.101.193.140
mx03.reddit.com: 151.101.193.140
http://fr.reddit.com: 151.101.193.140
rhs.reddit.com: 54.172.97.229
http://np.reddit.com: 151.101.193.140
http://nj.reddit.com: 151.101.193.140
http://re.reddit.com: 151.101.193.140
http://iy.reddit.com: 151.101.193.140
mx02.reddit.com: 151.101.193.140
mailp236.reddit.com: 151.101.193.140
Found 6 unique IPs
52.201.172.48
151.101.193.140
107.23.11.190
151.101.65.140
54.172.97.226
54.172.97.229
Execution took 0:00:04.604

高级

anubis -t reddit.com --with-nmap -o temp.txt -is --overwrite-nmap-scan "-F -T5"

Searching for subdomains for 151.101.65.140 (reddit.com)

Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Running SSL Scan
Available TLSv1.0 Ciphers:
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
Available TLSv1.2 Ciphers:
    TLS_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_AES_128_CBC_SHA
    TLS_RSA_WITH_3DES_EDE_CBC_SHA
 * Certificate Information:
     Content
       SHA1 Fingerprint:                  f8d1965323111e86e6874aa93cc7c52969fb22bf
       Common Name:                       *.reddit.com
       Issuer:                            DigiCert SHA2 Secure Server CA
       Serial Number:                     11711178161886346105980166697563149367
       Not Before:                        2015-08-17 00:00:00
       Not After:                         2018-08-21 12:00:00
       Signature Algorithm:               sha256
       Public Key Algorithm:              RSA
       Key Size:                          2048
       Exponent:                          65537 (0x10001)
       DNS Subject Alternative Names:     ['*.reddit.com', 'reddit.com', '*.redditmedia.com', 'engine.a.redditmedia.com', 'redditmedia.com', '*.redd.it', 'redd.it', 'www.redditstatic.com', 'imgless.reddituploads.com', 'i.reddituploads.com', '*.thumbs.redditmedia.com']

     Trust
       Hostname Validation:               OK - Certificate matches reddit.com
       AOSP CA Store (7.0.0 r1):          OK - Certificate is trusted
       Apple CA Store (OS X 10.11.6):     OK - Certificate is trusted
       Java 7 CA Store (Update 79):       OK - Certificate is trusted
       Microsoft CA Store (09/2016):      OK - Certificate is trusted
       Mozilla CA Store (09/2016):        OK - Certificate is trusted
       Received Chain:                    *.reddit.com --> DigiCert SHA2 Secure Server CA
       Verified Chain:                    *.reddit.com --> DigiCert SHA2 Secure Server CA --> DigiCert Global Root CA
       Received Chain Contains Anchor:    OK - Anchor certificate not sent
       Received Chain Order:              OK - Order is valid
       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain

     OCSP Stapling
       OCSP Response Status:              successful
       Validation w/ Mozilla Store:       OK - Response is trusted
       Responder Id:                      0F80611C823161D52F28E78D4638B42CE1C6D9E2
       Cert Status:                       good
       Cert Serial Number:                08CF7DA9B222C9D983C50D993F2F5437
       This Update:                       Dec 16 16:20:41 2017 GMT
       Next Update:                       Dec 23 15:35:41 2017 GMT
 * OpenSSL Heartbleed:
                                          OK - Not vulnerable to Heartbleed
 * HTTP Security Headers:
       NOT SUPPORTED - Server did not send an HSTS header

     HTTP Public Key Pinning (HPKP)
       NOT SUPPORTED - Server did not send an HPKP header

     Computed HPKP Pins for Current Chain
      0 - *.reddit.com                                  3FUu+FYb3IyHxicQEMs5sSzs207fuv25p7NGRIPDaAw=
      1 - DigiCert SHA2 Secure Server CA                5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=
      2 - DigiCert Global Root CA                       r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=
Searching Shodan.io for additional information
Server Location: San Francisco, US - 94107
ISP  or Hosting Company: Fastly
To run a DNSSEC subdomain enumeration, Anubis must be run as root
Starting Nmap Scan
Host : 151.101.65.140 ()
----------
Protocol: tcp
port: 80	state: open
port: 443	state: open
Found 195 subdomains
----------------
nm.reddit.com
ne.reddit.com
sonics.reddit.com
aj.reddit.com
fo.reddit.com
f5.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:26.579

运行测试

运行所有覆盖测试

 python3 setup.py test

在原生Pytest环境中自行运行测试

pytest

下载地址

部分内容被隐藏
需登陆后可查看
CE安全网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: