Dangerously fast dns/network/port scanner, all-in-one

Overview

Skanuvaty

Dangerously fast dns/network/port scanner, all-in-one.

Demonstration

Start with a domain, and we'll find everything about it.

Features:

  • Finds subdomains from root domain
  • Finds IPs for subdomains
  • Checks what ports are open on those IPs (Notice: not yet implemented)

Outputs a handy .json file with all the data for further investigation.

Runs as fast as your computer/network/DNS resolver allows it to be. Test run for 10.000 subdomains tested all of them in ~20 seconds with concurrency set to 16 on a machine with 16 (logical) cores.

Usage

skanuvaty --target nmap.org --concurrency 16 --subdomains-file /usr/share/dnsenum/dns.txt

The terminal will show all found subdomains + a skanuvaty.scan.json file has been created in your current directory.

License

MIT 2021

Comments
  • How to use it???

    How to use it???

    nisha@Nishant:/mnt/c/Users/nisha/Downloads/skanuvaty-master$ skanuvaty --target google.com --dns-resolver 10.64.0.1:53 --concurrency 16 --subdomains-file dns.txt
    ######################
    ### Target: "google.com"
    ### DNS resolver: 10.64.0.1:53
    ### Concurrency: 16
    ### Subdomains File: "dns.txt"
    ### Output File: "./skanuvaty.output.json"
    ### Verbose: false
    ######################
    ⠁ [00:00:00] [==============================] 0/0 (0s) (Found: )
    ######################
    ### Found subdomains: 0
      [00:00:00] [==============================] 0/0 (0s) (Found: 0)
    Domain didn't have any addresses
    RootDomain {
        name: "google.com",
        subdomains: [],
        addresses: [],
    }
    

    Add a proper guide please.

    opened by 62040132 2
  • Streaming JSON output

    Streaming JSON output

    Rather than writing the output at once, we should provide a argument for streaming output to a file. Useful for piping skanuvaty into other tools, but also in case something goes wrong along the scan (like #8)

    enhancement 
    opened by Esc4iCEscEsc 0
  • Incremental output

    Incremental output

    Sometimes you don't want to run the full scan, or something went wrong with your network connection while you run the scan, and at that point you loose all the results.

    We could provide a flag (--output-found) that prints each found subdomain as we come across them.

    enhancement 
    opened by Esc4iCEscEsc 1
  • Recursive subdomain bruteforce

    Recursive subdomain bruteforce

    Instead of just scanning for $SUBDOMAIN.$ROOTDOMAIN, for each $SUBDOMAIN we can resolve, we should repeat the bruteforce, in order to find subdomains within that one.

    enhancement 
    opened by Esc4iCEscEsc 0
  • Support crt.sh scan

    Support crt.sh scan

    We should do a search in certificate transparency logs before doing the bruteforce search, would be something like this:

    curl "https://crt.sh?q=nmap.org&output=json" | jq ".[].common_name"
    

    Seems crt.sh is having sometimes some uptime problems, sometimes we get 502 Bad Gateway errors from it. So should try at least 5 times with exponential backoff before giving up.

    enhancement 
    opened by Esc4iCEscEsc 1
Releases(0.2.1)
Owner
CCCC
CCCC
πŸ€– The Modern Port Scanner πŸ€–

➑️ Discord | Installation Guide | Usage Guide ⬅️ The Modern Port Scanner. Fast, smart, effective. ?? Docker (Recommended) ??‍?? Kali / Debian ??️ Arch

null 8.8k Jan 8, 2023
A simple scanner that loops through ips and checks if a minecraft server is running on port 25565

scanolotl Scanolotl is a simple scanner that loops through ips and checks if a minecraft server is running on port 25565. Scanolotl can also preform a

JustFr33z 3 Jul 28, 2022
simple multi-threaded port scanner written in rust

knockson simple multi-threaded port scanner written in rust Install Using AUR https://aur.archlinux.org/packages/knockson-bin/ yay -Syu knockson-bin M

Josh MΓΌnte 4 Oct 5, 2022
A simple port scanner built using rust-lang

A simple port scanner built using rust-lang

Krisna Pranav 1 Nov 6, 2021
A simple port sniffer(scanner) implementation with πŸ¦€

A simple port sniffer(scanner) implementation with ?? Install from crates.io crago install ports-sniffer From aur: yay -S ports-sniffer Arguments Argu

Anas Elgarhy 8 Oct 10, 2022
Http request smuggling vulnerability scanner

Request smuggler Http request smuggling vulnerability scanner Based on the amazing research by James Kettle. The tool can help to find servers that ma

null 204 Dec 18, 2022
Automated attack surface mapper and vulnerability scanner

Phaser Automated attack surface mapper and vulnerability scanner What is this? Phaser is a high-performance and automated attack surface mapper and vu

Sylvain Kerkour 74 Dec 16, 2022
spy on the DNS queries your computer is making

dnspeep dnspeep lets you spy on the DNS queries your computer is making. Here's some example output: $ sudo dnspeep query name

Julia Evans 1.2k Dec 29, 2022
Rust port of Ghidra's SLEIGH decompiler

Rust port of Ghidra's SLEIGH decompiler. This library allows you to decompile or translate machine code for multiple architectures.

Black Binary 33 Dec 27, 2022
Rusty Mimikatz - All credits to: github.com/ThottySploity/mimiRust (Original author deleted account so I uploaded for community use)

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust. β–ˆβ–ˆβ–ˆβ–„ β–„β–ˆβ–ˆβ–ˆβ–“ β–ˆβ–ˆβ–“ β–ˆβ–ˆβ–ˆβ–„ β–„β–ˆβ–ˆβ–ˆβ–“ β–ˆβ–ˆβ–“ β–ˆβ–ˆβ–€β–ˆβ–ˆβ–ˆ β–ˆ β–ˆβ–ˆ β–ˆβ–ˆ

null 179 Jan 5, 2023
Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.

Ronflex Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for penteste

null 5 Apr 17, 2023
Upgrade all the things

Introduction Note This is a fork of topgrade by r-darwish to keep it maintained. Keeping your system up to date usually involves invoking multiple pac

null 858 Apr 25, 2023
Scriptable network authentication cracker

badtouch badtouch is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, you ma

null 343 Dec 31, 2022
A private network system that uses WireGuard under the hood.

innernet A private network system that uses WireGuard under the hood. See the announcement blog post for a longer-winded explanation. innernet is simi

Tonari, Inc 4.1k Jan 6, 2023
Authoscope is a scriptable network authentication cracker.

authoscope authoscope is a scriptable network authentication cracker. While the space for common service bruteforce is already very well saturated, yo

null 342 Dec 10, 2022
πŸ₯ΈP2P gossip network for update transparency, based on pgp πŸ₯Έ

apt-swarm An attempt to make a secure public p2p protocol that gossips about signed InRelease files to implement an update transparency log. Running a

null 10 Mar 4, 2023
A fast, simple, recursive content discovery tool written in Rust.

A simple, fast, recursive content discovery tool written in Rust ?? Releases ✨ Example Usage ✨ Contributing ✨ Documentation ?? ?? What the heck is a f

epi 3.6k Dec 30, 2022
Secure and fast microVMs for serverless computing.

Our mission is to enable secure, multi-tenant, minimal-overhead execution of container and function workloads. Read more about the Firecracker Charter

firecracker-microvm 20.3k Jan 1, 2023
A fast Rust-based safe and thead-friendly grammar-based fuzz generator

Intro fzero is a grammar-based fuzzer that generates a Rust application inspired by the paper "Building Fast Fuzzers" by Rahul Gopinath and Andreas Ze

null 203 Nov 9, 2022