0.9.9: Removed dependency on sslyze, added ability to read from file,…

… removed SSL scan, cleaned up format string, removed virustotal

README.md

@@ -32,9 +32,6 @@ Note: Python 3 is required
 
 `pip3 install anubis-netsec`
 
-Or Linux Snap distribution:
-
-`snap install anubis`
 
 ### Install From Source
 
@@ -50,13 +47,14 @@ pip3 install .
 ## Usage
 
     Usage:
-      anubis -t TARGET [-o FILENAME] [-noispbarv] [-w SCAN] [-q NUM]
+      anubis (-t TARGET | -f FILE) [-o FILENAME]  [-abinoprsv] [-w SCAN] [-q NUM]
       anubis -h
       anubis --version
       
     Options:
       -h --help                       show this help message and exit
       -t --target                     set target (comma separated, no spaces, if multiple)
+      -f --file                       set target (reads from file, one domain per line)
       -n --with-nmap                  perform an nmap service/script scan
       -o --output                     save to filename
       -i --additional-info            show additional information about the host from Shodan (requires API key)
@@ -68,7 +66,7 @@ pip3 install .
       -v --verbose                    print debug info and full request output
       -q --queue-workers NUM          override number of queue workers (default: 10, max: 100)
       --version                       show version and exit
-
+    
     Help:
       For help using this tool, please open an issue on the Github repository:
       https://github.com/jonluca/anubis
@@ -152,7 +150,7 @@ Execution took 0:00:04.604
 ```
 
 ### Advanced
-```anubis -t reddit.com --with-nmap -o temp.txt -is --overwrite-nmap-scan "-F -T5"```
+```anubis -t reddit.com --with-nmap -o temp.txt -i --overwrite-nmap-scan "-F -T5"```
 
 ```
 Searching for subdomains for 151.101.65.140 (reddit.com)
@@ -166,71 +164,6 @@ Searching NetCraft.com
 Searching crt.sh
 Searching DNSDumpster
 Searching Anubis-DB
-Running SSL Scan
-Available TLSv1.0 Ciphers:
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-    TLS_RSA_WITH_AES_256_CBC_SHA
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-    TLS_RSA_WITH_AES_128_CBC_SHA
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA
-Available TLSv1.2 Ciphers:
-    TLS_RSA_WITH_AES_256_CBC_SHA
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
-    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
-    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-    TLS_RSA_WITH_AES_128_GCM_SHA256
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
-    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
-    TLS_RSA_WITH_AES_128_CBC_SHA
-    TLS_RSA_WITH_3DES_EDE_CBC_SHA
- * Certificate Information:
-     Content
-       SHA1 Fingerprint:                  f8d1965323111e86e6874aa93cc7c52969fb22bf
-       Common Name:                       *.reddit.com
-       Issuer:                            DigiCert SHA2 Secure Server CA
-       Serial Number:                     11711178161886346105980166697563149367
-       Not Before:                        2015-08-17 00:00:00
-       Not After:                         2018-08-21 12:00:00
-       Signature Algorithm:               sha256
-       Public Key Algorithm:              RSA
-       Key Size:                          2048
-       Exponent:                          65537 (0x10001)
-       DNS Subject Alternative Names:     ['*.reddit.com', 'reddit.com', '*.redditmedia.com', 'engine.a.redditmedia.com', 'redditmedia.com', '*.redd.it', 'redd.it', 'www.redditstatic.com', 'imgless.reddituploads.com', 'i.reddituploads.com', '*.thumbs.redditmedia.com']
-
-     Trust
-       Hostname Validation:               OK - Certificate matches reddit.com
-       AOSP CA Store (7.0.0 r1):          OK - Certificate is trusted
-       Apple CA Store (OS X 10.11.6):     OK - Certificate is trusted
-       Java 7 CA Store (Update 79):       OK - Certificate is trusted
-       Microsoft CA Store (09/2016):      OK - Certificate is trusted
-       Mozilla CA Store (09/2016):        OK - Certificate is trusted
-       Received Chain:                    *.reddit.com --> DigiCert SHA2 Secure Server CA
-       Verified Chain:                    *.reddit.com --> DigiCert SHA2 Secure Server CA --> DigiCert Global Root CA
-       Received Chain Contains Anchor:    OK - Anchor certificate not sent
-       Received Chain Order:              OK - Order is valid
-       Verified Chain contains SHA1:      OK - No SHA1-signed certificate in the verified certificate chain
-
-     OCSP Stapling
-       OCSP Response Status:              successful
-       Validation w/ Mozilla Store:       OK - Response is trusted
-       Responder Id:                      0F80611C823161D52F28E78D4638B42CE1C6D9E2
-       Cert Status:                       good
-       Cert Serial Number:                08CF7DA9B222C9D983C50D993F2F5437
-       This Update:                       Dec 16 16:20:41 2017 GMT
-       Next Update:                       Dec 23 15:35:41 2017 GMT
- * OpenSSL Heartbleed:
-                                          OK - Not vulnerable to Heartbleed
- * HTTP Security Headers:
-       NOT SUPPORTED - Server did not send an HSTS header
-
-     HTTP Public Key Pinning (HPKP)
-       NOT SUPPORTED - Server did not send an HPKP header
-
-     Computed HPKP Pins for Current Chain
-      0 - *.reddit.com                                  3FUu+FYb3IyHxicQEMs5sSzs207fuv25p7NGRIPDaAw=
-      1 - DigiCert SHA2 Secure Server CA                5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w=
-      2 - DigiCert Global Root CA                       r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=
 Searching Shodan.io for additional information
 Server Location: San Francisco, US - 94107
 ISP  or Hosting Company: Fastly
@@ -271,8 +204,6 @@ Run tests on their own, in native pytest environment
 
 * CLI Boilerplate by [Skele-CLI](https://github.com/rdegges/skele-cli)
 
-* [sslyze](https://github.com/nabla-c0d3/sslyze)
-
 
 ## Contributing
 

anubis/__init__.py

@@ -1 +1 @@
-__version__ = '0.9.8'
+__version__ = '0.9.9'

anubis/cli.py

@@ -1,12 +1,13 @@
 """
 Usage:
-  anubis -t TARGET [-o FILENAME] [-abinoprsv] [-w SCAN] [-q NUM]
+  anubis (-t TARGET | -f FILE) [-o FILENAME]  [-abinoprsv] [-w SCAN] [-q NUM]
   anubis -h
   anubis --version
   
 Options:
   -h --help                       show this help message and exit
   -t --target                     set target (comma separated, no spaces, if multiple)
+  -f --file                       set target (reads from file, one domain per line)
   -n --with-nmap                  perform an nmap service/script scan
   -o --output                     save to filename
   -i --additional-info            show additional information about the host from Shodan (requires API key)
@@ -95,8 +96,13 @@ def main():
         print("Queue workers can't be negative!")
         sys.exit(1)
 
-    if not options["--target"]:
-      print("Target required! Run with -h for usage instructions.")
+    if not options["--target"] and not options['--file']:
+      print("Target required! Run with -h for usage instructions. Either -t target.host or -f file.txt required")
+      return
+
+
+    if options["--target"] and options['--file']:
+      print("Please only supply one target method - either read by file with -f or as an argument to -t, not both.")
       return
 
     print("""

anubis/commands/target.py

@@ -1,8 +1,8 @@
 """The target command."""
-import sys
-
+import os
 import re
 import socket
+import sys
 import threading
 from urllib.parse import urlsplit
 
@@ -15,8 +15,7 @@
 from anubis.scanners.nmap import scan_host
 from anubis.scanners.recursive import recursive_search
 from anubis.scanners.shodan import search_shodan
-from anubis.scanners.ssl import search_subject_alt_name, ssl_scan
-from anubis.scanners.virustotal import search_virustotal
+from anubis.scanners.ssl import search_subject_alt_name
 from anubis.scanners.zonetransfer import dns_zonetransfer
 from anubis.utils.ColorPrint import ColorPrint
 from .base import Base
@@ -37,7 +36,13 @@ def handle_exception(self, e, message=""):
       ColorPrint.red(message)
 
   def init(self):
-    self.options["TARGET"] = self.options["TARGET"].split(",")
+    if self.options["FILE"]:
+      full_path = os.path.join(os.getcwd(), self.options["FILE"])
+      with open(full_path) as file:
+        self.options["TARGET"] = list(filter(None, file.read().split('\n')))
+    else:
+      self.options["TARGET"] = list(
+        filter(None, self.options["TARGET"].split(",")))
     # Clean up targets
     for i in range(len(self.options["TARGET"])):
       url = self.options["TARGET"][i]
@@ -51,8 +56,8 @@ def init(self):
       self.options["TARGET"][i] = host
 
       try:
-        ColorPrint.green("Searching for subdomains for " + socket.gethostbyname(
-          self.options["TARGET"][i]) + " (" + self.options["TARGET"][i] + ")")
+        domain_str = socket.gethostbyname(host)
+        ColorPrint.green(f"Searching for subdomains for {domain_str} ({host})")
       except Exception as e:
         self.handle_exception(e,
                               "Error connecting to target! Make sure you spelled it correctly and it is a resolvable address")
@@ -65,15 +70,12 @@ def run(self):
     for i in range(len(self.options["TARGET"])):
       # Default scans that run every time
       target = self.options["TARGET"][i]
+      ColorPrint.green(f"Working on target: {target}")
       threads = [threading.Thread(target=dns_zonetransfer, args=(self, target)),
                  threading.Thread(target=subdomain_hackertarget,
                                   args=(self, target)),
                  threading.Thread(target=search_subject_alt_name,
                                   args=(self, target)),
-                 threading.Thread(target=search_virustotal,
-                                  args=(self, target)),
-                 # threading.Thread(target=search_pkey, args=(self, target)),
-                 # Removed pkey as of June 18 2018 due to issues on their end (not connecting)
                  threading.Thread(target=search_netcraft, args=(self, target)),
                  threading.Thread(target=search_crtsh, args=(self, target)),
                  threading.Thread(target=search_dnsdumpster,
@@ -84,43 +86,41 @@ def run(self):
       if self.options["--additional-info"]:
         threads.append(threading.Thread(target=search_shodan, args=(self,)))
 
-      # Additional options - ssl
-      if self.options["--ssl"]:
-        threads.append(threading.Thread(target=ssl_scan, args=(self, target)))
-
       # Additional options - nmap scan of dnssec script and a host/port scan
       if self.options["--with-nmap"]:
         threads.append(
           threading.Thread(target=dnssecc_subdomain_enum, args=(self, target)))
         threads.append(threading.Thread(target=scan_host, args=(self,)))
 
-    # Start all threads and wait for them to finish
-    for x in threads:
-      x.start()
+      # Start all threads and wait for them to finish
+      for x in threads:
+        x.start()
 
-    for x in threads:
-      x.join()
+      for x in threads:
+        x.join()
 
-    # Run a recursive search on each subdomain - rarely useful, but nice to have
-    # just in case
-    if self.options["--recursive"]:
-      recursive_search(self)
+      # Run a recursive search on each subdomain - rarely useful, but nice to have
+      # just in case
+      if self.options["--recursive"]:
+        recursive_search(self)
 
-    # remove duplicates and clean up
-    self.domains = self.clean_domains(self.domains)
-    self.dedupe = set(self.domains)
+      # remove duplicates and clean up
+      self.domains = self.clean_domains(self.domains)
+      self.dedupe = set(self.domains)
 
-    print("Found", len(self.dedupe), "subdomains")
-    print("----------------")
+      print("Found", len(self.dedupe), "subdomains")
+      print("----------------")
 
-    if self.options["--ip"]:
-      self.resolve_ips()
-    else:
-      for domain in self.dedupe:
-        ColorPrint.green(domain.strip())
+      if self.options["--ip"]:
+        self.resolve_ips()
+      else:
+        for domain in self.dedupe:
+          ColorPrint.green(domain.strip())
 
-    if self.options["--send-to-anubis-db"]:
-      send_to_anubisdb(self, self.options["TARGET"])
+      if self.options["--send-to-anubis-db"]:
+        send_to_anubisdb(self, [target])
+      # reset per domain
+      self.domains = list()
 
   def resolve_ips(self):
     unique_ips = set()