Named after the Egyptian god of finding lost things, and , two companion projects, were created due to a lack of free and open APIs for enumeration. Subdomain enumeration is one of the first steps in the information gathering phase, and is required to get a full scope of the attack surfaces of your target. Anubis AnubisDB subdomain Anubis collates data from a variety of sources to provide one of the most comprehensive for subdomain enumeration. It pulls subdomains from public sources, indexed search results, and , a centralized, open API for subdomains. tools AnubisDB Sample enumeration for medium.com Additionally, Anubis is able to identify all key servers behind the domains, and output any IPs of interest. For instance, running the same command as above with the -p flag gives us all the unique resolved IP addresses, which allows a security researcher to get a more comprehensive idea of the scope of their target. The unique IPs associated with the 40 domains above Anubis is also able to extract information from less used, but potentially rewarding avenues, including DNSSEC subdomain lists and Zone Transfers. More examples and a full documentation is available on the . Anubis repo
