About Anubis
Anubis is a powerful subdomain enumeration and information collection tool that can help researchers organize data from various data sources, including HackerTarget, DNSPumpster, x509 certs, VirusTotal, Google, Pkey, Sublist3r,
Shodan , Spyse, and NetCraft. It is worth mentioning that Anubis also has a sister project called
AnubisDB , which mainly serves as a centralized repository for subdomains.
tool dependency
If you need to use Anubis to perform port scanning and certificate scanning, you need to use Nmap. If you are using a Linux operating system, you can use the following command to complete the installation of dependent components:
sudo apt-get install python3-pip python-dev libssl-dev libffi-dev
tool installation
The tool is developed based on Python 3, so we first need to install and configure the Python 3 environment on the local device. Next, run the following commands:
pip3 install anubis-netsec
Source installation
Researchers can use the following command to clone the project source code locally:
git clone https://github.com/jonluca/Anubis.git
Next, switch to the project directory and use the pip3 command and requirements.txt to install the dependencies required by the tool:
cd Anubis
pip3 install -r requirements.txt
pip3 install .
tool use
View help information
Usage:
anubis (-t TARGET | -f FILE) [-o FILENAME] [-abinoprsSv] [-w SCAN] [-q NUM]
anubis -h
anubis (--version | -V)
Options:
-h --help 显示帮助信息和退出
-t --target 设置目标(多个目标用逗号分隔)
-f --file 设置目标(从文件读取,每个域名单独一行)
-n --with-nmap 执行Nmap服务/脚本扫描
-o --output 输出数据存储文件名
-i --additional-info 显示主机的额外信息(Shodan API)
-p --ip 输出每个子域名解析的IP地址
-a --dont-send-to-anubis-db 不将结果发送至Anubis-DB
-r --recursive 递归搜索所有子域名
-s --ssl 执行SSL扫描并输出其他信息
-S --silent 只输出子域名,每个域名一行
-w --overwrite-nmap-scan SCAN 覆盖默认Nmap扫描(默认为-nPn -sV -sC)
-v --verbose 打印调试信息和完整请求输出
-q --queue-workers NUM 修改Worker队列数量(默认为10,最大为10)
-V --version 显示工具版本和退出
Help:
For help using this tool, please open an issue on the Github repository:
https://github.com/jonluca/anubis
basic use
anubis -tip domain.com -o out.txt
Among them, domain.com is the target domain name.
anubis -t reddit.com
The above command will run the subdomain enumeration directly, and the result is as follows:
Searching for subdomains for 151.101.65.140 (reddit.com)
Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Found 193 subdomains
----------------
fj.reddit.com
se.reddit.com
gateway.reddit.com
beta.reddit.com
ww.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:20.390
anubis -t reddit.com -ip
The above command is equivalent to anubis -t reddit.com --additional-info
–ip. This command will resolve the IP address of the subdomain and collect additional information through Shodan. The command displays the following results:
Searching for subdomains for 151.101.65.140
Server Location: San Francisco US - 94107
ISP: Fastly
Found 27 domains
----------------
http://www.np.reddit.com: 151.101.193.140
http://nm.reddit.com: 151.101.193.140
http://ww.reddit.com: 151.101.193.140
http://dg.reddit.com: 151.101.193.140
http://en.reddit.com: 151.101.193.140
http://ads.reddit.com: 151.101.193.140
http://zz.reddit.com: 151.101.193.140
out.reddit.com: 107.23.11.190
origin.reddit.com: 54.172.97.226
http://blog.reddit.com: 151.101.193.140
alb.reddit.com: 52.201.172.48
http://m.reddit.com: 151.101.193.140
http://rr.reddit.com: 151.101.193.140
reddit.com: 151.101.65.140
http://www.reddit.com: 151.101.193.140
mx03.reddit.com: 151.101.193.140
http://fr.reddit.com: 151.101.193.140
rhs.reddit.com: 54.172.97.229
http://np.reddit.com: 151.101.193.140
http://nj.reddit.com: 151.101.193.140
http://re.reddit.com: 151.101.193.140
http://iy.reddit.com: 151.101.193.140
mx02.reddit.com: 151.101.193.140
mailp236.reddit.com: 151.101.193.140
Found 6 unique IPs
52.201.172.48
151.101.193.140
107.23.11.190
151.101.65.140
54.172.97.226
54.172.97.229
Execution took 0:00:04.604
advanced use
anubis -t reddit.com --with-nmap -o temp.txt -i --overwrite-nmap-scan "-F -T5"
The execution results are as follows:
Searching for subdomains for 151.101.65.140 (reddit.com)
Testing for zone transfers
Searching for Subject Alt Names
Searching HackerTarget
Searching VirusTotal
Searching Pkey.in
Searching NetCraft.com
Searching crt.sh
Searching DNSDumpster
Searching Anubis-DB
Searching Shodan.io for additional information
Server Location: San Francisco, US - 94107
ISP or Hosting Company: Fastly
To run a DNSSEC subdomain enumeration, Anubis must be run as root
Starting Nmap Scan
Host : 151.101.65.140 ()
----------
Protocol: tcp
port: 80 state: open
port: 443 state: open
Found 195 subdomains
----------------
nm.reddit.com
ne.reddit.com
sonics.reddit.com
aj.reddit.com
fo.reddit.com
f5.reddit.com
... (truncated for readability)
Sending to AnubisDB
Subdomain search took 0:00:26.579
at last
Share a quick way to learn [Network Security], "maybe" the most comprehensive learning method:
1. Network security theoretical knowledge (2 days)
① Understand the industry-related background, prospects, and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operation.
④Multiple guarantee introduction, guarantee regulations, procedures and norms. (Very important)
2. Penetration testing basics (one week)
①Penetration testing process, classification, standards
②Information collection technology: active/passive information collection, Nmap tools, Google Hacking
③Vulnerability scanning, vulnerability utilization, principles, utilization methods, tools (MSF), Bypass IDS and anti-virus reconnaissance
④ Host attack and defense drill: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (one week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion troubleshooting/system reinforcement basis)
4. Computer network foundation (one week)
①Computer network foundation, protocol and architecture
②Network communication principle, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principle and defense: active/passive attack, DDOS attack, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tools
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (chopper, missing scan, etc.)
Congratulations, if you learn this, you can basically work in a job related to network security, such as penetration testing, web penetration, security services, security analysis and other positions; if you learn the security module well, you can also work as a security engineer. The salary range is 6k-15k.
So far, about a month. You've become a "script kiddie". So do you still want to explore further?
Friends who want to get involved in hacking & network security, I have prepared a copy for everyone: 282G, the most complete network security data package on the entire network, for free!
Scan the QR code below and get it for free
With these foundations, if you want to study in depth, you can refer to the super-detailed learning roadmap below. Learning according to this route is enough to support you to become an excellent intermediate and senior network security engineer:
High-definition learning roadmap or XMIND file (click to download the original file)
There are also some video and document resources collected during the study, which can be taken by yourself if necessary:
supporting videos for each growth path corresponding to the section:
Of course, in addition to supporting videos, various documents, books, materials & tools are also organized for you , and has helped everyone to classify.
Due to the limited space, only part of the information is displayed. If you need it, you can [scan the QR code below to get it for free]