Anbu is a CLI tool that helps perform everyday tasks in an expert way. Just like the Anbu Black Ops division in Naruto, this tool helps carry out all the shadow-operations in your daily workflow.
A summary of all capabilities that Anbu can perform:
| Operation | Details |
|---|---|
| Time Operations | Display current time in various formats, calculate time differences, and parse time strings |
| Secrets & Parameters Management | Securely store and retrieve secrets and parameters with encryption at rest |
| Network Tunneling | Create TCP and SSH tunnels to securely access remote services through jump hosts |
| Command Template Execution | Run command sequences with variable substitution via YAML configuration |
| Simple HTTP/HTTPS Server | Host a simple webserver over HTTP/HTTPS with optional file upload capability |
| JWT Decode | Decode and display JWT header and payload contents in a readable tabular format |
| Secrets Scan | Find common secrets in file systems using regular expressions, with optional high-noise patterns |
| IP Information | Display local and public IP details (with optional IPv6), including geolocation information |
| Bulk Rename | Batch rename files or directories using regular expression patterns |
| Data Conversion | Convert between data formats like YAML, JSON, and Docker Compose (WIP) |
| Encoding Conversion | Convert text between different encodings: base64, hex, URL encoding |
| File Encryption/Decryption | Secure file encryption and decryption with AES-256-GCM symmetric encryption |
| RSA Key Pair Generation | Create RSA key pairs for encryption or SSH authentication |
| Loop Command | Execute commands in sequence with incrementing index substitution |
| String Generation | Generate random strings, UUIDs, passwords, and passphrases for various purposes |
- Download directly from RELEASES. Anbu is available for AMD64 and ARM64 for Linux and MacOS.
- To build latest commit directly via Go, use:
go install github.com/tanq16/anbu@latest
- To clone and build locally for development, use:
git clone https://github.com/tanq16/anbu.git && \ cd anbu && \ go build .
Anbu supports a large number of operations across the board. The specific details of each are:
- Time Operations
-
anbu time # prints time in various formats anbu time now # prints time in various formats anbu time purple # print time and public IP for purple teams
-
anbu time diff -e 1744192475 -e 1744497775 # print time difference between 2 epochs
-
anbu time parse -t "13 Apr 25 16:30 EDT" # read given time and print in multiple formats anbu time until -t "13 Apr 25 16:30 EDT" # read time and print difference from now
-
- Secrets & Parameters Management
-
anbu secrets list # List all secrets and parameters -
# Managing Secrets (Password asked or from ANBUPW env var) anbu secrets add API_KEY # Create a new secret (encrypted with AES GCM at rest) anbu secrets add API_KEY -m # Create a new multi-line secret anbu secrets get API_KEY # Retrieve a secret (decrypted value) anbu secrets delete API_KEY # Delete a secret
-
# Managing Parameters (always in plaintext) anbu secrets p add SERVER_URL # Create a new parameter anbu secrets p add SERVER_URL -m # Create a new multi-line parameter anbu secrets p get SERVER_URL # Retrieve a parameter anbu secrets p delete SERVER_URL # Delete a parameter
-
# Import and Export to file anbu secrets export backup.json # Export to a file (secrets are decrypted) anbu secrets import backup.json # Import from a file
-
- Network Tunneling
-
# forward TCP tunnels anbu tunnel tcp -l localhost:8000 -r example.com:80 # also supports --tls
-
# forward SSH tunnels anbu tunnel ssh -l localhost:8000 -r target.com:3306 -s ssh.vm.com:22 -u bob -p "builder" anbu tunnel ssh -l localhost:8000 -r target.com:3306 -s ssh.vm.com:22 -u bob -k ~/.ssh/mykey
-
# reverse SSH tunnels anbu tunnel rssh -l localhost:3389 -r 0.0.0.0:8080 -s ssh.vm.com:22 -u bob -p "builder"
-
- Command Template Execution
-
anbu exec ./path/to/template.yaml # Execute template file with commands as steps
-
anbu exec template.yam -v 'pass=P@55w0rd' -v 'uname=4.u53r' # Execute template file with custom variable replacement (see Tips for more information)
-
- Simple HTTP/HTTPS Server
-
anbu http-server # Serves current directory on http://localhost:8000 anbu http-server -l 0.0.0.0:8080 -t # Serve HTTPS on given add:port with a self-signed cert anbu http-server -u # Enables file upload via PUT requests
-
- JWT Decode
-
anbu jwt-decode "$TOKEN" # Decodes and prints the headers and payload values in a table
-
- Secrets Scan
-
anbu secrets # Scans current directory for secrets based on regex matches anbu secrets ./path/to/scan # Scans path for secrets based on regex matches anbu secrets ./path -p # Scans path with generic matches table (maybe false positive)
-
- IP Information
-
anbu ipinfo # Print local and public IP information anbu ipinfo ipv6 # Print local (IPv4 & IPv6) and public 8000 IP information
-
- Bulk Rename
-
anbu rename 'prefix_(.*)' 'new_\1' # Rename files matching regex pattern anbu rename -d 'old_(.*)' 'new_\1' # Rename directories instead of files anbu rename '(.*)\\.(.*)' '\1_backup.\2' # Add _backup before extension
-
- Data Conversion
-
anbu convert yaml-json config.yaml # Convert YAML file to JSON anbu convert json-yaml data.json # Convert JSON file to YAML
-
- Encoding Conversion
-
anbu convert b64 "Hello World" # Convert text to base64 anbu convert b64d "SGVsbG8gV29ybGQ=" # Decode base64 to text anbu convert hex "Hello World" # Convert text to hex anbu convert hexd "48656c6c6f20576f726c64" # Decode hex to text anbu convert url "Hello World" # URL encode text anbu convert urld "Hello%20World" # URL decode text
-
anbu convert b64-hex "SGVsbG8gV29ybGQ=" # Convert base64 to hex anbu convert hex-b64 "48656c6c6f20576f726c64" # Convert hex to base64
-
- File Encryption/Decryption
-
anbu file-crypt encrypt /path/to/file.zip -p "P@55w0rd" # Encrypt a file anbu file-crypt decrypt ./encrypted.enc -p "P@55w0rd" # Decrypt a file
-
- RSA Key Pair Generation
-
anbu key-pair -o mykey -k 4096 # 4096 bit RSA key pair anbu key-pair --ssh # 2048 bit RSA SSH key pair called anbu-key.*
-
- Loop Command
-
anbu loop 03-112 'echo "$i"' -p 2 # run command for index 3 to 112 as 003, 004, ... anbu loop 20 'echo justprintme' # run command 20 times linearly
-
- String Generation
-
anbu string 23 # generate 23 (100 if not specified) random alphanumeric chars anbu string seq 29 # prints "abcdefghijklmnopqrstuvxyz" until desired length anbu string rep 23 str2rep # prints "str2repstr2rep...23 times"
-
anbu string uuid # generates a uuid anbu string ruid 16 # generates a short uuid of length b/w 1-32 anbu string suid # generates a short uuid of length 18
-
anbu string password # generate a 12-character complex password anbu string password 16 # generate a 16-character complex password anbu string password 8 simple # generate an 8-letter lowercase password
-
anbu string passphrase # generate a 3-word passphrase with hyphens anbu string passphrase 5 # generate a 5-word passphrase with hyphens anbu string passphrase 4 '@' # generate a 4-word passphrase with period separators anbu string passphrase 4 '-' simple # generate a simple 4-word lowercase passphrase anbu string passphrase 4 '.' simple # generate a simple 4-word passphrase with numbers and capitalization
-
Connecting Two NAT-hidden Machines via Public VPS
Machine A →
anbu tunnel rssh -l localhost:3389 -r 0.0.0.0:8001 -s vps.example.com:22 -u bob -p builderMachine B →
anbu tunnel ssh -l localhost:3389 -r localhost:8001 -s vps.example.com:22 -u bob -p builderNow, connecting to localhost:3389 on Machine B will allow access to Machine A's 3389.
Running a Command Template
A command template needs to be in the form of a YAML template. Variables can be declared inline as well as within the template. A variable var for example, should be used as {{.var}} in the command string.
An example of a template is as follows:
name: "Project Backup"
description: "Creates a timestamped backup of a project directory"
variables:
backup_dir: "/home/tanq/testrepo"
exclude_patterns: ".git,*.log"
steps:
- name: "Clone project"
command: "git clone https://github.com/tanq16/danzo {{.backup_dir}}"
- name: "Build Project"
command: "cd {{.backup_dir}} && go build -ldflags='-s -w' ."
- name: "Get current timestamp"
command: "timestamp=$(date +%Y%m%d_%H%M%S) && echo $timestamp > {{.backup_dir}}/anbu_backup_timestamp.txt && echo '{{.exclude_patterns}}' > {{.backup_dir}}/anbu_exclude_patterns.txt"
- name: "Create backup archive"
command: "cd {{.project_dir}} && tar --exclude-from={{.backup_dir}}/anbu_exclude_patterns.txt -czf backup_$(cat {{.backup_dir}}/anbu_backup_timestamp.txt).tar.gz {{.backup_dir}}"
- name: "List created backup"
command: "ls -lh {{.project_dir}}/*.tar.gz"
- name: "Cleanup temporary files"
command: "rm /tmp/anbu_backup_timestamp.txt /tmp/anbu_exclude_patterns.txt" # used non-existent for demo
ignore_errors: true
The template can then be executed as:
anbu exec template.yaml -v 'project_dir=/opt/backups'Creating a Secure Database (or service) Connection Tunnel
When working with remote databases or services that don't allow direct access, this method can enable connections. Create an SSH tunnel to the database server:
anbu tunnel ssh -l localhost:3306 -r db.internal.network:3306 -s jumpbox.vpn.com:22 -u bob -p builderNow, connect your database client to localhost:3306, which will forward requests via the SSH forward proxy through the jumphost:
mysql -u dbuser -p -h localhost -P 3306This allows a connection to restricted databases while maintaining security best practices.
Anbu takes inspiration from the following projects:
- GoST
- SimpleHTTPServer
- TruffleHog, GitLeaks, and NoseyParker for secret regular expressions