Closed jonluca closed 6 years ago
mlinton
commented
6 years ago To add to this, it might be useful to also pull the subdomains that are found in the subject alternate names (SAN) in any certificate material used in the SSL sites, these can be used to discover additional hosts / IPs.
jonluca
commented
6 years ago Yeah I'm planning on adding an option to do a recursive check on all subdomains sometime in the future.
Should be one of the next features after I implement crt.sh, passivetotal/riskiq, and fix some bugs/issues.
Thanks!
jonluca
commented
6 years ago Completed in #19
Stroichik
commented
1 year ago I though it would allow to scan with nmap all subdomains
jonluca
commented
1 year ago What do you mean scan with nmap? You've got a list of all domains + ip addresses, you can just feed that into nmap via stdin/text input, no?
Stroichik
commented
1 year ago A future project might be to recreate a scan on all the IPs of the subdomains, or pass them off to nessus.
I thought original idea was to do nmap scan of all subdomains straight in Anubis. Yeah, i can just feed file with IPs to nmap. Maybe i just misunderstood that its possible to do scan straight through 1 line command with Anubis.
A future project might be to recreate a scan on all the IPs of the subdomains, or pass them off to nessus.