π₯ Overview
The ANANTA is a Python-based interactive framework designed for offensive cybersecurity operations. It integrates multiple tools across various attack phases, including reconnaissance, scanning, exploitation, brute-forcing, and red team automation. This toolkit simplifies the execution of complex security tasks by automating tool installation, parameter handling, and execution.
π οΈ Use Cases This toolkit is ideal for:
Reconnaissance & OSINT: Subdomain discovery, asset enumeration, and archived URL gathering.
Scanning: HTTP probing, DNS enumeration, and port scanning.
Exploitation & Privilege Escalation: XSS exploitation, CRLF injection detection, and directory brute-forcing.
Network & Wireless Hacking: Port scanning and DNS enumeration.
Payloads & Backdoors: Web crawling and fuzzing.
Brute-Force & Cracking: Subdomain brute-forcing and directory brute-forcing.
Red Team Automation: Notifications and asset tracking.
π Tool Structure Hereβs the ASCII mindmap of the toolkitβs structure: Ananta βββ [1] Reconnaissance & OSINT β ββ subfinder (Subdomain Discovery) β ββ sublist3r (Subdomain Enumeration) β ββ assetfinder (Asset Discovery) β ββ amass (In-depth Enumeration) β ββ gau (URLs Gathering) β ββ waybackurls (Archived URLs)
βββ [2] Scanning β ββ httpx (HTTP Probe) β ββ nuclei (Vulnerability Scanner) β ββ naabu (Port Scanner) β ββ dnsx (DNS Scanner)
βββ [3] Exploitation & Privilege Escalation β ββ dalfox (XSS Exploitation) β ββ crlfuzz (CRLF Injection Detection) β ββ gobuster (Directory Brute-force)
βββ [4] Network & Wireless Hacking β ββ naabu (Port Scanning) β ββ dnsx (DNS Enumeration)
βββ [5] Payloads & Backdoors β ββ gospider (Web Crawling) β ββ ffuf (Web Fuzzing)
βββ [6] Brute-Force & Cracking β ββ gobuster (Directory Brute-force) β ββ crobat (Subdomain Brute-force)
βββ [7] Red Team Automation ββ notify (Notifications) ββ anew (New Asset Detection)
β Fully functional execution of integrated tools β Automated dependency management β Interactive user guidance with clear prompts β Menu-driven navigation for attack phases and tools β ASCII art enhancements for better visualization β Real-time status indication for installed tools β Error handling for invalid inputs
Prerequisites: Ensure you have the following installed:
Golang
Git Install Golang: bash sudo apt update && sudo apt install golang-go -y Install Python3 and pip: bash sudo apt update && sudo apt install python3 python3-pip -y Install Git: bash sudo apt install git -y Clone the Repository: bash git clone https://github.com/0xgigabyte/Ananta.git cd cyber-offensive-toolkit Run the Script: Execute the script using Python:
bash python3 cyber_offensive_toolkit.py π How to Use Select Installation Mode: When prompted, choose whether to install all tools automatically (yes) or proceed directly (no).
View Attack Phases: Navigate through the ASCII mindmap displaying categorized tools.
Select Attack Phase: Choose from reconnaissance, scanning, exploitation, etc.
Choose Tool: Pick a specific tool within the selected category. Installed tools are marked green; missing ones are marked red.
Enter Parameters: Provide required inputs such as domain names, URLs, file paths, etc., guided by clear examples.
Execute Tool: The toolkit runs the selected tool with your parameters and displays real-time output.
π¦ Tools Included Reconnaissance & OSINT:
sublist3r: Subdomain enumeration
assetfinder: Asset discovery
amass: In-depth enumeration
gau: Gather URLs
waybackurls: Archived URLs
Scanning:
nuclei: Vulnerability scanning
naabu: Port scanning
dnsx: DNS enumeration
Exploitation & Privilege Escalation:
crlfuzz: CRLF injection detection
gobuster: Directory brute-forcing
Network & Wireless Hacking:
naabu: Port scanning
dnsx: DNS enumeration
Payloads & Backdoors:
gospider: Web crawling
ffuf: Web fuzzing
Brute-force & Cracking:
gobuster: Directory brute-forcing
crobat: Subdomain brute-forcing
Red Team Automation:
notify: Notifications
anew: Asset tracking
π‘οΈ Disclaimer This tool is intended for ethical hacking and cybersecurity research purposes only. Unauthorized use of this toolkit against systems without explicit permission is illegal and unethical.
β¨ Contributing Feel free to fork this repository and submit pull requests for improvements or additional features! Contributions are always welcome.