JonLuca De Caro

@jonluca

Introducing Anubis, a new subdomain enumerator and information gathering tool

Named after the Egyptian god of finding lost things, Anubis and AnubisDB, two companion projects, were created due to a lack of free and open APIs for subdomain enumeration. Subdomain enumeration is one of the first steps in the information gathering phase, and is required to get a full scope of the attack surfaces of your target.

Anubis collates data from a variety of sources to provide one of the most comprehensive tools for subdomain enumeration. It pulls subdomains from public sources, indexed search results, and AnubisDB, a centralized, open API for subdomains.

Sample enumeration for medium.com

Additionally, Anubis is able to identify all key servers behind the domains, and output any IPs of interest. For instance, running the same command as above with the -p flag gives us all the unique resolved IP addresses, which allows a security researcher to get a more comprehensive idea of the scope of their target.

The unique IPs associated with the 40 domains above

Anubis is also able to extract information from less used, but potentially rewarding avenues, including DNSSEC subdomain lists and Zone Transfers.

More examples and a full documentation is available on the Anubis repo.

More by JonLuca De Caro

Topics of interest

More Related Stories