Anveshan
anveshan is a completed script that helps to automate your recon process, It finds subdomains, urls, js files, parameters, screenshots, and scan js files source code.
Install / Use
/learn @hackersthan/AnveshanREADME
anveshan is the all in one script for your recon process, It helps to find subdomains, urls, js files, parameters, screenshots, scan js files.
Features :fire:
- Finding subdomains from each service using tools [subdominator, bbot, amass etc.]
- Filter live subdomains and capture screenshots
- Finding open ports [naabu]
- Finding URLs [waymore, getjs, xnlinkfinder, katana, paramspider]
- Finding JS Files and scan them using nuclei and trufflehog
Installation 📦
git clone https://github.com/hackersthan/anveshan.git
cd anveshan/
bash setup_linux.sh
Input 🧑🏻💻
$HOME/$ bash anveshan.sh
,
███▓▄,,▄▄▄▓█████▓▄▄,
██████████▀ `█████████▌_
█████████ ███████████
"▀▀▀▀` ████████████
,,▄▄,,__ ▄████████████
▄███████████████████████████
████████████φ▓▓▓▓▓╚██████████
███████████╫ ╫█████████
╫██████████▒ ,▓█████████▌
▀████████ ╬█▄▄╔╔φ████████████
▀█████╬█████████████████████
╙▀▀▀▀▀▀▀`\@hackersthan/█▀
Enter target domain name [ex. target.com] :
Output :sound:
$HOME/target.com-recon > tree
.
├── subs-source/
├── screenshots/
├── ips.txt
├── naabu.txt
├── subdomains.txt
├── httpx.txt
├── webdomains.txt
├── js_nuclei.txt
├── trufflehog-src.txt
├── urls/
├── urls-source/
├── js-files-sourcecode/
├── urls.txt
├── jsfiles.txt
├── xnParams.txt
└── parameters.txt
8 directories, 33 files
Tools and Wordlists :flashlight:
|SUBDOMAINS |URLS |WORDLISTS |SCANNERS | |------------|------------|----------------------|----------| |subdominator|waymore |six2dez.txt |naabu | |amass |getjs |dnscan-top10k.txt |nuclei | |bbot |xnlinkfinder|best-dns-wordlist.txt |trufflehog| |knock |paramspider |trickest-resolvers.txt| | |findomain |katana | | | |assetfinder | | | | |shrewdeye | | | | |dnsvalidator| | | | |puredns | | | | |httpx | | | |
APIs :art:
You need to setup API Keys for these tools
amass : $HOME/.config/amass/datasources.yaml
bbot : $HOME/.config/bbot/secrets.yml
subdominator : $HOME/.config/Subdominator/provider-config.yaml
waymore : $HOME/.config/waymore/config.yml
DO NOT PUT API KEYS IN EVERY TOOL :pushpin:
Here is a list of API Services with tool name, Please add API Key in the provided tool only.
Give some of your hour to get all of these free api keys, trust me it is worth it.
|SUBDOMINATOR|AMASS|BBOT|
|------------|-----|----|
|bevigil |360PassiveDNS|hunterio|
|binaryedge |ASNLookup|ip2location|
|bufferover |Ahrefs|credshed|
|c99 |AlienVault|ipstack|
|censys |BigDataCloud|dehashed|
|certspotter |BuiltWith| |
|chaos |CIRCL| |
|dnsdumpster |CertCentral| |
|facebook |DNSDB| |
|fofa |DNSlytics| |
|fullhunt |DNSRepo| |
|google |Deepinfo| |
|huntermap |Detectify| |
|intelx |GitHub| |
|leakix |GitLab| |
|netlas |HackerTarget| |
|quake |IPdata| |
|rapidapi |IPinfo| |
|redhuntlabs |ONYPHE| |
|rsecloud |Pastebin| |
|virustotal |PassiveTotal| |
|securitytrails|PentestTools| |
|shodan |PublicWWW| |
|whoisxmlapi |SOCRadar| |
|zoomeyeapi |Spamhaus| |
| |ThreatBook| |
| |URLScan| |
| |Yandex| |
| |ZETAlytics| |
- VirusTotal: VirusTotal
- Chaos: Chaos
- Dnsdumpter: Dnsdumpster
- Whoisxml: WhoisXML
- SecurityTrails: SecurityTrails
- Bevigil: Bevigil
- Binaryedge: BinaryEdge
- Fullhunt: Fullhunt
- Rapidapi: RapidAPI
- Bufferover: Bufferover
- Certspotter: Certspotter
- Censys: Censys
- Fullhunt: Fullhunt
- Zoomeye: Zoomeye
- Netlas: Netlas
- Leakix: Leakix
- Redhunt: Redhunt [PAID]
- Shodan : Shodan
- Huntermap : Hunter
- Google: Google
- Facebook: Facebook
- Quake: Quake
- RapidFinder: RapidFinder
- RapidScan: RapidScan
- Fofa: Fofa
- CodeRog: CodeRog
- C99: C99 [PAID]
- RSECloud: RSECloud
- Myssl: Myssl
- Racent: Racent
- Intelx: Intelx
- IPData: IPData
- Gitlab: Gitlab
- Github: Github
- Onyphe: Onyphe
- Twitter: Twitter
- Alienvault: Alienvault
Dnsdumpter and Google API Keys is tricky, here is the way to access it :
-
Dnsdumpter Setup:
- Visit Dnsdumpster
- Search any domain and view request using Burpsuite or Inspect tool.
- Copy the
csrftoken from cookie headerandcsrfmiddlewaretoken from bodyand paste in your yaml file like thisdnsdumpster: - csrftoken:csrfmiddlewaretoken
-
Google Setup:
- Visit here and create a search engine [choose all web option].
- copy your
CX ID - Create your google api key here
- Click
Get a Keybutton and create a new project with any name you want - After creating and completing your api key is generated and press show key then copy it
- Paste CX API and Google API Keys like this
<h1 align="left"> <img src="https://raw.githubusercontent.com/hackersthan/anveshan/refs/heads/main/img/googleAPI.png" width="500px"> <br> </h1>google: - CXID:GOOGLEAPIKEY
Credit 🙏🏻
Special thanks to the authers of these tools. They have worked very hard and dedicated a lot of their time, we should thank them.
- subdominator
- bbot
- amass
- knock
- findomain
- assetfinder
- shrewdeye-bash (shrewdeye.app)
- dnsvalidator
- trickest-resolvers
- puredns
- httpx
- naabu
- waymore
- getjs
- xnlinkfinder
- katana
- paramspider
- nuclei
- trufflehog
Issues 📬
If you encounter any errors please report them here. I will try to fix it immediately.
Disclaimer ❗️
- The User is solely responsible for the misuse or unlawful use of any Content. Hacking and cybersecurity laws vary by jurisdiction. By engaging with the Content, you agree to take full responsibility for your actions
- Some Content may include or link to third-party materials. The User agrees to respect all applicable intellectual property laws, including copyrights and trademarks, when engaging with this Content.
- Always read full script before runnnig it, Never run any script blindly.
❤️🇮🇳
