anveshan is the all in one script for your recon process, It helps to find subdomains, urls, js files, parameters, screenshots, scan js files.
git clone https://github.com/hackersthan/anveshan.git
cd anveshan/
bash setup_linux.sh
$HOME/$ bash anveshan.sh
,
███▓▄,,▄▄▄▓█████▓▄▄,
██████████▀ `█████████▌_
█████████ ███████████
"▀▀▀▀` ████████████
,,▄▄,,__ ▄████████████
▄███████████████████████████
████████████φ▓▓▓▓▓╚██████████
███████████╫ ╫█████████
╫██████████▒ ,▓█████████▌
▀████████ ╬█▄▄╔╔φ████████████
▀█████╬█████████████████████
╙▀▀▀▀▀▀▀`\@hackersthan/█▀
Enter target domain name [ex. target.com] :
$HOME/target.com-recon > tree
.
├── subs-source/
├── screenshots/
├── ips.txt
├── naabu.txt
├── subdomains.txt
├── httpx.txt
├── webdomains.txt
├── js_nuclei.txt
├── trufflehog-src.txt
├── urls/
├── urls-source/
├── js-files-sourcecode/
├── urls.txt
├── jsfiles.txt
├── xnParams.txt
└── parameters.txt
8 directories, 33 files
SUBDOMAINS | URLS | WORDLISTS | SCANNERS |
---|---|---|---|
subdominator | waymore | six2dez.txt | naabu |
amass | getjs | dnscan-top10k.txt | nuclei |
bbot | xnlinkfinder | best-dns-wordlist.txt | trufflehog |
knock | paramspider | trickest-resolvers.txt | |
findomain | katana | ||
assetfinder | |||
shrewdeye | |||
dnsvalidator | |||
puredns | |||
httpx |
amass : $HOME/.config/amass/datasources.yaml
bbot : $HOME/.config/bbot/secrets.yml
subdominator : $HOME/.config/Subdominator/provider-config.yaml
waymore : $HOME/.config/waymore/config.yml
Here is a list of API Services with tool name, Please add API Key in the provided tool only. Give some of your hour to get all of these free api keys, trust me it is worth it. |
SUBDOMINATOR | AMASS | BBOT |
---|---|---|---|
bevigil | 360PassiveDNS | hunterio | |
binaryedge | ASNLookup | ip2location | |
bufferover | Ahrefs | credshed | |
c99 | AlienVault | ipstack | |
censys | BigDataCloud | dehashed | |
certspotter | BuiltWith | ||
chaos | CIRCL | ||
dnsdumpster | CertCentral | ||
DNSDB | |||
fofa | DNSlytics | ||
fullhunt | DNSRepo | ||
Deepinfo | |||
huntermap | Detectify | ||
intelx | GitHub | ||
leakix | GitLab | ||
netlas | HackerTarget | ||
quake | IPdata | ||
rapidapi | IPinfo | ||
redhuntlabs | ONYPHE | ||
rsecloud | Pastebin | ||
virustotal | PassiveTotal | ||
securitytrails | PentestTools | ||
shodan | PublicWWW | ||
whoisxmlapi | SOCRadar | ||
zoomeyeapi | Spamhaus | ||
ThreatBook | |||
URLScan | |||
Yandex | |||
ZETAlytics |
Dnsdumpter Setup:
Copy the csrftoken from cookie header
and csrfmiddlewaretoken from body
and paste in your yaml file like this
dnsdumpster:
- csrftoken:csrfmiddlewaretoken
Google Setup:
CX ID
Get a Key
button and create a new project with any name you wantPaste CX API and Google API Keys like this
google:
- CXID:GOOGLEAPIKEY
Special thanks to the authers of these tools. They have worked very hard and dedicated a lot of their time, we should thank them.
If you encounter any errors please report them here. I will try to fix it immediately.
❤️🇮🇳