def test_send_to_anubis(self):
self.domains.append("www.example.com")
send_to_anubisdb(
self, ["example.com"]) # Send to anubis db takes in an array
self.assertTrue("Error" not in sys.stdout.getvalue())
send_to_anubisdb(self, ["example.com", "www.example.com"])
self.assertTrue("multiple" in sys.stdout.getvalue())
send_to_anubisdb(self, ["example"])
self.assertTrue("Error" in sys.stdout.getvalue())
def run(self):
# Retrieve IP of target and run initial configurations
self.init()
# If multiple targets, create scans for each
for i in range(len(self.options["TARGET"])):
# Default scans that run every time
target = self.options["TARGET"][i]
ColorPrint.green(f"Working on target: {target}")
threads = [
threading.Thread(target=dns_zonetransfer, args=(self, target)),
threading.Thread(target=subdomain_hackertarget,
args=(self, target)),
threading.Thread(target=search_subject_alt_name,
args=(self, target)),
threading.Thread(target=search_netcraft, args=(self, target)),
threading.Thread(target=search_crtsh, args=(self, target)),
threading.Thread(target=search_dnsdumpster,
args=(self, target)),
threading.Thread(target=search_anubisdb, args=(self, target))
]
# Additional options - shodan.io scan
if self.options["--additional-info"]:
threads.append(
threading.Thread(target=search_shodan, args=(self, )))
# Additional options - nmap scan of dnssec script and a host/port scan
if self.options["--with-nmap"]:
threads.append(
threading.Thread(target=dnssecc_subdomain_enum,
args=(self, target)))
threads.append(
threading.Thread(target=scan_host, args=(self, )))
# Start all threads and wait for them to finish
for x in threads:
x.start()
for x in threads:
x.join()
# Run a recursive search on each subdomain - rarely useful, but nice to have
# just in case
if self.options["--recursive"]:
recursive_search(self)
# remove duplicates and clean up
self.domains = self.clean_domains(self.domains)
self.dedupe = set(self.domains)
print("Found", len(self.dedupe), "subdomains")
print("----------------")
if self.options["--ip"]:
self.resolve_ips()
else:
for domain in self.dedupe:
cleaned_domain = domain.strip()
ColorPrint.green(cleaned_domain)
if self.options['--silent']:
sys.stdout.write(cleaned_domain, override=True)
if self.options["--send-to-anubis-db"]:
send_to_anubisdb(self, [target])
# reset per domain
self.domains = list()
def run(self):
# Retrieve IP of target and run initial configurations
self.init()
ColorPrint.green("Searching for subdomains for " + self.ip + " (" +
self.options["TARGET"] + ")\n")
# Default scans that run every time
threads = [
Thread(target=dns_zonetransfer(self, self.options["TARGET"])),
Thread(
target=search_subject_alt_name(self, self.options["TARGET"])),
Thread(
target=subdomain_hackertarget(self, self.options["TARGET"])),
Thread(target=search_virustotal(self, self.options["TARGET"])),
Thread(target=search_pkey(self, self.options["TARGET"])),
Thread(target=search_netcraft(self, self.options["TARGET"])),
Thread(target=search_crtsh(self, self.options["TARGET"])),
Thread(target=search_dnsdumpster(self, self.options["TARGET"])),
Thread(target=search_anubisdb(self, self.options["TARGET"]))
]
# Additional options - ssl cert scan
if self.options["--ssl"]:
threads.append(
Thread(target=ssl_scan(self, self.options["TARGET"])))
# Additional options - shodan.io scan
if self.options["--additional-info"]:
threads.append(Thread(target=search_shodan(self)))
# Additional options - nmap scan of dnssec script and a host/port scan
if self.options["--with-nmap"]:
threads.append(
Thread(target=dnssecc_subdomain_enum(self,
self.options["TARGET"])))
threads.append(Thread(target=scan_host(self)))
# Additional options - brute force common subdomains
if self.options["--brute-force"]:
threads.append(
Thread(target=brute_force(self, self.options["TARGET"])))
# Start all threads
for x in threads:
x.start()
# Wait for all of them to finish
for x in threads:
x.join()
# remove duplicates and clean up
if self.options["--recursive"]:
self.recursive_search()
self.domains = self.clean_domains(self.domains)
self.dedupe = set(self.domains)
print("Found", len(self.dedupe), "subdomains")
print("----------------")
if self.options["--ip"]:
self.resolve_ips()
else:
for domain in self.dedupe:
ColorPrint.green(domain.strip())
if not self.options["--no-anubis-db"]:
send_to_anubisdb(self, self.options["TARGET"])
def run(self):
# Retrieve IP of target and run initial configurations
self.init()
# If multiple targets, create scans for each
for i in range(len(self.options["TARGET"])):
# Default scans that run every time
target = self.options["TARGET"][i]
threads = [
threading.Thread(target=dns_zonetransfer, args=(self, target)),
threading.Thread(target=subdomain_hackertarget,
args=(self, target)),
threading.Thread(target=search_subject_alt_name,
args=(self, target)),
threading.Thread(target=search_virustotal,
args=(self, target)),
# threading.Thread(target=search_pkey, args=(self, target)),
# Removed pkey as of June 18 2018 due to issues on their end (not connecting)
threading.Thread(target=search_netcraft, args=(self, target)),
threading.Thread(target=search_crtsh, args=(self, target)),
threading.Thread(target=search_dnsdumpster,
args=(self, target)),
threading.Thread(target=search_anubisdb, args=(self, target))
]
# Additional options - shodan.io scan
if self.options["--additional-info"]:
threads.append(
threading.Thread(target=search_shodan, args=(self, )))
# Additional options - ssl
if self.options["--ssl"]:
threads.append(
threading.Thread(target=ssl_scan, args=(self, target)))
# Additional options - nmap scan of dnssec script and a host/port scan
if self.options["--with-nmap"]:
threads.append(
threading.Thread(target=dnssecc_subdomain_enum,
args=(self, target)))
threads.append(
threading.Thread(target=scan_host, args=(self, )))
# Start all threads and wait for them to finish
for x in threads:
x.start()
for x in threads:
x.join()
# Run a recursive search on each subdomain - rarely useful, but nice to have
# just in case
if self.options["--recursive"]:
recursive_search(self)
# remove duplicates and clean up
self.domains = self.clean_domains(self.domains)
self.dedupe = set(self.domains)
print("Found", len(self.dedupe), "subdomains")
print("----------------")
if self.options["--ip"]:
self.resolve_ips()
else:
for domain in self.dedupe:
ColorPrint.green(domain.strip())
if self.options["--send-to-anubis-db"]:
send_to_anubisdb(self, self.options["TARGET"])
def run(self):
# Retrieve IP of target and run initial configurations
self.init()
for i in range(len(self.options["TARGET"])):
# Default scans that run every time
target = self.options["TARGET"][i]
threads = [
threading.Thread(target=dns_zonetransfer, args=(self, target)),
threading.Thread(target=search_subject_alt_name,
args=(self, target)),
threading.Thread(target=subdomain_hackertarget,
args=(self, target)),
threading.Thread(target=search_virustotal,
args=(self, target)),
threading.Thread(target=search_pkey, args=(self, target)),
threading.Thread(target=search_netcraft, args=(self, target)),
threading.Thread(target=search_crtsh, args=(self, target)),
threading.Thread(target=search_dnsdumpster,
args=(self, target)),
threading.Thread(target=search_anubisdb, args=(self, target))
]
print('test')
# Additional options - ssl cert scan
if self.options["--ssl"]:
threads.append(
threading.Thread(target=ssl_scan, args=(self, target)))
# Additional options - shodan.io scan
if self.options["--additional-info"]:
threads.append(
threading.Thread(target=search_shodan, args=(self, )))
# Additional options - nmap scan of dnssec script and a host/port scan
if self.options["--with-nmap"]:
threads.append(
threading.Thread(target=dnssecc_subdomain_enum,
args=(self, target)))
threads.append(
threading.Thread(target=scan_host, args=(self, )))
# Additional options - brute force common subdomains
if self.options["--brute-force"]:
threads.append(
threading.Thread(target=brute_force, args=(self, target)))
# Start all threads
for x in threads:
x.start()
# Wait for all of them to finish
for x in threads:
x.join()
# remove duplicates and clean up
if self.options["--recursive"]:
recursive_search(self)
self.domains = self.clean_domains(self.domains)
self.dedupe = set(self.domains)
print("Found", len(self.dedupe), "subdomains")
print("----------------")
if self.options["--ip"]:
self.resolve_ips()
else:
for domain in self.dedupe:
ColorPrint.green(domain.strip())
if self.options["--send-to-anubis-db"]:
send_to_anubisdb(self, self.options["TARGET"])
def test_send_to_anubis(self):
self.domains.append("www.example.com")
send_to_anubisdb(self, "example.com")
self.assertTrue("Error" not in sys.stdout.getvalue())
