def test_send_to_anubis(self): self.domains.append("www.example.com") send_to_anubisdb( self, ["example.com"]) # Send to anubis db takes in an array self.assertTrue("Error" not in sys.stdout.getvalue()) send_to_anubisdb(self, ["example.com", "www.example.com"]) self.assertTrue("multiple" in sys.stdout.getvalue()) send_to_anubisdb(self, ["example"]) self.assertTrue("Error" in sys.stdout.getvalue())
def run(self): # Retrieve IP of target and run initial configurations self.init() # If multiple targets, create scans for each for i in range(len(self.options["TARGET"])): # Default scans that run every time target = self.options["TARGET"][i] ColorPrint.green(f"Working on target: {target}") threads = [ threading.Thread(target=dns_zonetransfer, args=(self, target)), threading.Thread(target=subdomain_hackertarget, args=(self, target)), threading.Thread(target=search_subject_alt_name, args=(self, target)), threading.Thread(target=search_netcraft, args=(self, target)), threading.Thread(target=search_crtsh, args=(self, target)), threading.Thread(target=search_dnsdumpster, args=(self, target)), threading.Thread(target=search_anubisdb, args=(self, target)) ] # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append( threading.Thread(target=search_shodan, args=(self, ))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( threading.Thread(target=dnssecc_subdomain_enum, args=(self, target))) threads.append( threading.Thread(target=scan_host, args=(self, ))) # Start all threads and wait for them to finish for x in threads: x.start() for x in threads: x.join() # Run a recursive search on each subdomain - rarely useful, but nice to have # just in case if self.options["--recursive"]: recursive_search(self) # remove duplicates and clean up self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: cleaned_domain = domain.strip() ColorPrint.green(cleaned_domain) if self.options['--silent']: sys.stdout.write(cleaned_domain, override=True) if self.options["--send-to-anubis-db"]: send_to_anubisdb(self, [target]) # reset per domain self.domains = list()
def run(self): # Retrieve IP of target and run initial configurations self.init() ColorPrint.green("Searching for subdomains for " + self.ip + " (" + self.options["TARGET"] + ")\n") # Default scans that run every time threads = [ Thread(target=dns_zonetransfer(self, self.options["TARGET"])), Thread( target=search_subject_alt_name(self, self.options["TARGET"])), Thread( target=subdomain_hackertarget(self, self.options["TARGET"])), Thread(target=search_virustotal(self, self.options["TARGET"])), Thread(target=search_pkey(self, self.options["TARGET"])), Thread(target=search_netcraft(self, self.options["TARGET"])), Thread(target=search_crtsh(self, self.options["TARGET"])), Thread(target=search_dnsdumpster(self, self.options["TARGET"])), Thread(target=search_anubisdb(self, self.options["TARGET"])) ] # Additional options - ssl cert scan if self.options["--ssl"]: threads.append( Thread(target=ssl_scan(self, self.options["TARGET"]))) # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append(Thread(target=search_shodan(self))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( Thread(target=dnssecc_subdomain_enum(self, self.options["TARGET"]))) threads.append(Thread(target=scan_host(self))) # Additional options - brute force common subdomains if self.options["--brute-force"]: threads.append( Thread(target=brute_force(self, self.options["TARGET"]))) # Start all threads for x in threads: x.start() # Wait for all of them to finish for x in threads: x.join() # remove duplicates and clean up if self.options["--recursive"]: self.recursive_search() self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: ColorPrint.green(domain.strip()) if not self.options["--no-anubis-db"]: send_to_anubisdb(self, self.options["TARGET"])
def run(self): # Retrieve IP of target and run initial configurations self.init() # If multiple targets, create scans for each for i in range(len(self.options["TARGET"])): # Default scans that run every time target = self.options["TARGET"][i] threads = [ threading.Thread(target=dns_zonetransfer, args=(self, target)), threading.Thread(target=subdomain_hackertarget, args=(self, target)), threading.Thread(target=search_subject_alt_name, args=(self, target)), threading.Thread(target=search_virustotal, args=(self, target)), # threading.Thread(target=search_pkey, args=(self, target)), # Removed pkey as of June 18 2018 due to issues on their end (not connecting) threading.Thread(target=search_netcraft, args=(self, target)), threading.Thread(target=search_crtsh, args=(self, target)), threading.Thread(target=search_dnsdumpster, args=(self, target)), threading.Thread(target=search_anubisdb, args=(self, target)) ] # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append( threading.Thread(target=search_shodan, args=(self, ))) # Additional options - ssl if self.options["--ssl"]: threads.append( threading.Thread(target=ssl_scan, args=(self, target))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( threading.Thread(target=dnssecc_subdomain_enum, args=(self, target))) threads.append( threading.Thread(target=scan_host, args=(self, ))) # Start all threads and wait for them to finish for x in threads: x.start() for x in threads: x.join() # Run a recursive search on each subdomain - rarely useful, but nice to have # just in case if self.options["--recursive"]: recursive_search(self) # remove duplicates and clean up self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: ColorPrint.green(domain.strip()) if self.options["--send-to-anubis-db"]: send_to_anubisdb(self, self.options["TARGET"])
def run(self): # Retrieve IP of target and run initial configurations self.init() for i in range(len(self.options["TARGET"])): # Default scans that run every time target = self.options["TARGET"][i] threads = [ threading.Thread(target=dns_zonetransfer, args=(self, target)), threading.Thread(target=search_subject_alt_name, args=(self, target)), threading.Thread(target=subdomain_hackertarget, args=(self, target)), threading.Thread(target=search_virustotal, args=(self, target)), threading.Thread(target=search_pkey, args=(self, target)), threading.Thread(target=search_netcraft, args=(self, target)), threading.Thread(target=search_crtsh, args=(self, target)), threading.Thread(target=search_dnsdumpster, args=(self, target)), threading.Thread(target=search_anubisdb, args=(self, target)) ] print('test') # Additional options - ssl cert scan if self.options["--ssl"]: threads.append( threading.Thread(target=ssl_scan, args=(self, target))) # Additional options - shodan.io scan if self.options["--additional-info"]: threads.append( threading.Thread(target=search_shodan, args=(self, ))) # Additional options - nmap scan of dnssec script and a host/port scan if self.options["--with-nmap"]: threads.append( threading.Thread(target=dnssecc_subdomain_enum, args=(self, target))) threads.append( threading.Thread(target=scan_host, args=(self, ))) # Additional options - brute force common subdomains if self.options["--brute-force"]: threads.append( threading.Thread(target=brute_force, args=(self, target))) # Start all threads for x in threads: x.start() # Wait for all of them to finish for x in threads: x.join() # remove duplicates and clean up if self.options["--recursive"]: recursive_search(self) self.domains = self.clean_domains(self.domains) self.dedupe = set(self.domains) print("Found", len(self.dedupe), "subdomains") print("----------------") if self.options["--ip"]: self.resolve_ips() else: for domain in self.dedupe: ColorPrint.green(domain.strip()) if self.options["--send-to-anubis-db"]: send_to_anubisdb(self, self.options["TARGET"])
def test_send_to_anubis(self): self.domains.append("www.example.com") send_to_anubisdb(self, "example.com") self.assertTrue("Error" not in sys.stdout.getvalue())