anveshan is the all in one script for your recon process, It helps to find subdomains, urls, js files, parameters, screenshots, scan js files.
- Finding subdomains from each service using tools [subdominator, bbot, amass etc.]
- Filter live subdomains and capture screenshots
- Finding open ports [naabu]
- Finding URLs [waymore, getjs, xnlinkfinder, katana, paramspider]
- Finding JS Files and scan them using nuclei and trufflehog
git clone https://github.com/hackersthan/anveshan.git
cd anveshan/
bash setup_linux.sh$HOME/$ bash anveshan.sh
,
███▓▄,,▄▄▄▓█████▓▄▄,
██████████▀ `█████████▌_
█████████ ███████████
"▀▀▀▀` ████████████
,,▄▄,,__ ▄████████████
▄███████████████████████████
████████████φ▓▓▓▓▓╚██████████
███████████╫ ╫█████████
╫██████████▒ ,▓█████████▌
▀████████ ╬█▄▄╔╔φ████████████
▀█████╬█████████████████████
╙▀▀▀▀▀▀▀`\@hackersthan/█▀
Enter target domain name [ex. target.com] :
$HOME/target.com-recon > tree
.
├── subs-source/
├── screenshots/
├── ips.txt
├── naabu.txt
├── subdomains.txt
├── httpx.txt
├── webdomains.txt
├── js_nuclei.txt
├── trufflehog-src.txt
├── urls/
├── urls-source/
├── js-files-sourcecode/
├── urls.txt
├── jsfiles.txt
├── xnParams.txt
└── parameters.txt
8 directories, 33 files
| SUBDOMAINS | URLS | WORDLISTS | SCANNERS |
|---|---|---|---|
| subdominator | waymore | six2dez.txt | naabu |
| amass | getjs | dnscan-top10k.txt | nuclei |
| bbot | xnlinkfinder | best-dns-wordlist.txt | trufflehog |
| knock | paramspider | trickest-resolvers.txt | |
| findomain | katana | ||
| assetfinder | |||
| shrewdeye | |||
| dnsvalidator | |||
| puredns | |||
| httpx |
amass : $HOME/.config/amass/datasources.yaml
bbot : $HOME/.config/bbot/secrets.yml
subdominator : $HOME/.config/Subdominator/provider-config.yaml
waymore : $HOME/.config/waymore/config.yml
Here is a list of API Services with tool name, Please add API Key in the provided tool only.
Give some of your hour to get all of these free api keys, trust me it is worth it.
| SUBDOMINATOR | AMASS | BBOT |
|---|---|---|
| bevigil | 360PassiveDNS | hunterio |
| binaryedge | ASNLookup | ip2location |
| bufferover | Ahrefs | credshed |
| c99 | AlienVault | ipstack |
| censys | BigDataCloud | dehashed |
| certspotter | BuiltWith | |
| chaos | CIRCL | |
| dnsdumpster | CertCentral | |
| DNSDB | ||
| fofa | DNSlytics | |
| fullhunt | DNSRepo | |
| Deepinfo | ||
| huntermap | Detectify | |
| intelx | GitHub | |
| leakix | GitLab | |
| netlas | HackerTarget | |
| quake | IPdata | |
| rapidapi | IPinfo | |
| redhuntlabs | ONYPHE | |
| rsecloud | Pastebin | |
| virustotal | PassiveTotal | |
| securitytrails | PentestTools | |
| shodan | PublicWWW | |
| whoisxmlapi | SOCRadar | |
| zoomeyeapi | Spamhaus | |
| ThreatBook | ||
| URLScan | ||
| Yandex | ||
| ZETAlytics |
- VirusTotal: VirusTotal
- Chaos: Chaos
- Dnsdumpter: Dnsdumpster
- Whoisxml: WhoisXML
- SecurityTrails: SecurityTrails
- Bevigil: Bevigil
- Binaryedge: BinaryEdge
- Fullhunt: Fullhunt
- Rapidapi: RapidAPI
- Bufferover: Bufferover
- Certspotter: Certspotter
- Censys: Censys
- Fullhunt: Fullhunt
- Zoomeye: Zoomeye
- Netlas: Netlas
- Leakix: Leakix
- Redhunt: Redhunt [PAID]
- Shodan : Shodan
- Huntermap : Hunter
- Google: Google
- Facebook: Facebook
- Quake: Quake
- RapidFinder: RapidFinder
- RapidScan: RapidScan
- Fofa: Fofa
- CodeRog: CodeRog
- C99: C99 [PAID]
- RSECloud: RSECloud
- Myssl: Myssl
- Racent: Racent
- Intelx: Intelx
- IPData: IPData
- Gitlab: Gitlab
- Github: Github
- Onyphe: Onyphe
- Twitter: Twitter
- Alienvault: Alienvault
-
Dnsdumpter Setup:
- Visit Dnsdumpster
- Search any domain and view request using Burpsuite or Inspect tool.
- Copy the
csrftoken from cookie headerandcsrfmiddlewaretoken from bodyand paste in your yaml file like thisdnsdumpster: - csrftoken:csrfmiddlewaretoken
-
Google Setup:
- Visit here and create a search engine [choose all web option].
- copy your
CX ID - Create your google api key here
- Click
Get a Keybutton and create a new project with any name you want - After creating and completing your api key is generated and press show key then copy it
- Paste CX API and Google API Keys like this
google: - CXID:GOOGLEAPIKEY
Special thanks to the authers of these tools. They have worked very hard and dedicated a lot of their time, we should thank them.
- subdominator
- bbot
- amass
- knock
- findomain
- assetfinder
- shrewdeye-bash (shrewdeye.app)
- dnsvalidator
- trickest-resolvers
- puredns
- httpx
- naabu
- waymore
- getjs
- xnlinkfinder
- katana
- paramspider
- nuclei
- trufflehog
If you encounter any errors please report them here. I will try to fix it immediately.
- The User is solely responsible for the misuse or unlawful use of any Content. Hacking and cybersecurity laws vary by jurisdiction. By engaging with the Content, you agree to take full responsibility for your actions
- Some Content may include or link to third-party materials. The User agrees to respect all applicable intellectual property laws, including copyrights and trademarks, when engaging with this Content.
- Always read full script before runnnig it, Never run any script blindly.
❤️🇮🇳