https://github.com/dutchcoders/anam
Mass scanning the internet (http and https) using a raw tcpstack.
https://github.com/dutchcoders/anam
Last synced: 3 months ago
JSON representation
Mass scanning the internet (http and https) using a raw tcpstack.
- Host: GitHub
- URL: https://github.com/dutchcoders/anam
- Owner: dutchcoders
- License: apache-2.0
- Created: 2016-11-26T14:52:42.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2017-03-09T14:47:36.000Z (over 8 years ago)
- Last Synced: 2024-06-20T00:43:10.449Z (about 1 year ago)
- Language: Go
- Homepage:
- Size: 757 KB
- Stars: 60
- Watchers: 6
- Forks: 13
- Open Issues: 5
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ANAM [](https://gitter.im/dutchcoders/anam?utm_source=badge&utm_medium=badge&utm_campaign=&utm_campaign=pr-badge&utm_content=badge) [](https://goreportcard.com/report/dutchcoders/anam) [](https://travis-ci.org/dutchcoders/anam)
ANAM will scan all feeded hosts for specific paths, but using a raw tcp stack. Currently we support both http and https, but it will be easy to add additional protocols as well. The stack and anam are both written in Go.
We don't have real benchmarks but it should be possible to retrieve high benchmarks.
ANAM has done earned its miles by checking 10s of millions of sites for the specific /.git/HEAD configuration issue. More information about this project can be found at [http://internetsecure.today/](http://internetsecure.today).
The real magic happens in github.com/dutchcoders/netstack, this is the tcp implementation we're using.
## Install from source
### Install Golang
If you do not have a working Golang environment setup please follow Golang Installation Guide.
### Install ANAM
Installation of ANAM is easy.
```bash
$ go get -u github.com/dutchcoders/anam
$ ./anam
```
## Usage
Parameter | Description | Value
--- | --- | ---
prefix | comma seperated prefixes to prepend for domainname | www,portal,login
port | port to use | 80(http) or 443(https)
threads | amount of threads | 100
timeout | timeout to wait for connection | 10
interface | interface to use | eth0
resolvers | dns resolver to use | 127.0.0.1 or 8.8.8.8
user-agent | user-agent to identify scanner | anam (github.com/dutchcoders/anam)
profiler | start go profiler on port 6060 |
tls | use tls handshake |
## Alexa top 1M sites
The Alexa top 1M sites can be downloaded here:
http://s3.amazonaws.com/alexa-static/top-1m.csv.zip
## Example usage
Using a custom dns resolver is advised, use for example dnsmasq locally.
We need to disable the RST responses first using iptables, because it will respond to (our) unknown packets with RST otherwise.
```bash
$ iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
````
Now we can start the scanner using:
```bash
cat top-1m.csv | awk -F, "{ print $2 }" | go run main.go --tls --port "443" --resolvers "127.0.0.1" "/.git/config" "/.svn/entries"
```
This software is alpha, expect bugs. Please report them using the issue tracker.
## Benchmarks
Should go here....
## Creators
**Remco Verhoef**
-
-
## Disclaimer
Here should come an appropriate disclaimer, no warranties and anam shouldn't be used for malicious intent.
## Copyright and license
Code and documentation copyright 2016 Remco Verhoef.
Code released under [the Apache license](LICENSE).