Closed jonluca closed 6 years ago
To add to this, it might be useful to also pull the subdomains that are found in the subject alternate names (SAN) in any certificate material used in the SSL sites, these can be used to discover additional hosts / IPs.
Yeah I'm planning on adding an option to do a recursive check on all subdomains sometime in the future.
Should be one of the next features after I implement crt.sh, passivetotal/riskiq, and fix some bugs/issues.
Thanks!
Completed in #19
I though it would allow to scan with nmap all subdomains
What do you mean scan with nmap? You've got a list of all domains + ip addresses, you can just feed that into nmap via stdin/text input, no?
A future project might be to recreate a scan on all the IPs of the subdomains, or pass them off to nessus.
I thought original idea was to do nmap scan of all subdomains straight in Anubis. Yeah, i can just feed file with IPs to nmap. Maybe i just misunderstood that its possible to do scan straight through 1 line command with Anubis.
A future project might be to recreate a scan on all the IPs of the subdomains, or pass them off to nessus.