RomanNum3ral
/
AutoRecon
mirror of https://github.com/Tib3rius/AutoRecon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

This commit is contained in:
Tib3rius 2021-08-29 22:57:30 -04:00 committed by GitHub
parent fdbf760ef9
commit 5115e160b5
1 changed files with 89 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
README.md
View File

@ -20,20 +20,28 @@ AutoRecon was inspired by three tools which the author used during the OSCP labs
## Features ## Features
* Supports multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames. * Supports multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames. IPv6 is supported.
* Can scan targets concurrently, utilizing multiple processors if they are available. * Can scan multiple targets concurrently, utilizing multiple processors if they are available.
* Customizable port scanning profiles for flexibility in your initial scans. * Advanced plugin system allowing for easy creation of new scans.
* Customizable service enumeration commands and suggested manual follow-up commands. * Customizable port scanning plugins for flexibility in your initial scans.
* Customizable service scanning plugins for further enumeration.
* Suggested manual follow-up commands for when automation makes little sense.
* Ability to limit port scanning to a combination of TCP/UDP ports.
* Ability to skip port scanning phase by suppling information about services which should be open.
* Global and per-scan pattern matching which highlights and extracts important information from the noise.
* An intuitive directory structure for results gathering. * An intuitive directory structure for results gathering.
* Full logging of commands that were run, along with errors if they fail. * Full logging of commands that were run, along with errors if they fail.
* Global and per-scan pattern matching so you can highlight/extract important information from the noise. * A powerful config file lets you use your favorite settings every time.
* A tagging system that lets you include or exclude certain plugins.
* Global and per-target timeouts in case you only have limited time.
* Three levels of verbosity, controllable by command-line options, and during scans using Up/Down arrows.
* Colorized output for distinguishing separate pieces of information. Can be turned off for accessibility reasons.
## Requirements ## Requirements
- Python 3 - Python 3
- `python3-pip` - `python3-pip`
### Supporting packages ### Supporting packages
Several commands used in AutoRecon reference the SecLists project, in the directory /usr/share/seclists/. You can either manually download the SecLists project to this directory (https://github.com/danielmiessler/SecLists), or if you are using Kali Linux (**highly recommended**) you can run the following: Several commands used in AutoRecon reference the SecLists project, in the directory /usr/share/seclists/. You can either manually download the SecLists project to this directory (https://github.com/danielmiessler/SecLists), or if you are using Kali Linux (**highly recommended**) you can run the following:
@ -109,11 +117,13 @@ See detailed usage options below.
AutoRecon uses Python 3 specific functionality and does not support Python 2. AutoRecon uses Python 3 specific functionality and does not support Python 2.
``` ```
usage: autorecon.py [-t TARGET_FILE] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags EXCLUDE_TAGS] usage: autorecon.py [-t TARGET_FILE] [-p PORTS] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags EXCLUDE_TAGS]
[--plugins-dir PLUGINS_DIR] [-o OUTDIR] [--single-target] [--only-scans-dir] [--create-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT] [--plugins-dir PLUGINS_DIR] [-o OUTDIR] [--single-target] [--only-scans-dir] [--create-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT]
[--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] [--disable-sanity-checks] [--accessible] [-v] [--version] [--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] [--disable-sanity-checks] [--disable-keyboard-control]
[--curl.path VALUE] [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] [--dirbuster.wordlist VALUE] [--dirbuster.threads VALUE] [--force-services FORCE_SERVICES [FORCE_SERVICES ...]] [--accessible] [-v] [--version] [--curl.path VALUE]
[--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE] [--global.domain VALUE] [-h] [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] [--dirbuster.wordlist VALUE [VALUE ...]] [--dirbuster.threads VALUE]
[--dirbuster.ext VALUE] [--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE]
[--global.domain VALUE] [-h]
[targets ...] [targets ...]
Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets. Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets.
@ -121,68 +131,76 @@ Network reconnaissance tool to port scan and automatically enumerate services fo
positional arguments: positional arguments:
targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan. targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan.
optional arguments: [30/2643] optional arguments:
-t TARGET_FILE, --targets TARGET_FILE -t TARGET_FILE, --targets TARGET_FILE
Read targets from file. Read targets from file.
-m MAX_SCANS, --max-scans MAX_SCANS -p PORTS, --ports PORTS
The maximum number of concurrent scans to run. Default: 50 Comma separated list of ports / port ranges to scan. Specify TCP/UDP ports by prepending list with T:/U: To scan both TCP/UDP, put port(s) at start
-mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS or specify B: e.g. 53,T:21-25,80,U:123,B:123. Default: None
The maximum number of concurrent port scans to run. Default: 10 (approx 20% of max-scans unless specified) -m MAX_SCANS, --max-scans MAX_SCANS
-c CONFIG_FILE, --config CONFIG_FILE The maximum number of concurrent scans to run. Default: 50
Location of AutoRecon's config file. Default: /mnt/hgfs/AutoRecon/config.toml -mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS
-g GLOBAL_FILE, --global-file GLOBAL_FILE The maximum number of concurrent port scans to run. Default: 10 (approx 20% of max-scans unless specified)
Location of AutoRecon's global file. Default: /mnt/hgfs/AutoRecon/global.toml -c CONFIG_FILE, --config CONFIG_FILE
--tags TAGS Tags to determine which plugins should be included. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to Location of AutoRecon's config file. Default: /mnt/hgfs/AutoRecon/config.toml
create multiple groups. For a plugin to be included, it must have all the tags specified in at least one group. Default: default -g GLOBAL_FILE, --global-file GLOBAL_FILE
--exclude-tags EXCLUDE_TAGS Location of AutoRecon's global file. Default: /mnt/hgfs/AutoRecon/global.toml
Tags to determine which plugins should be excluded. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to --tags TAGS Tags to determine which plugins should be included. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to
create multiple groups. For a plugin to be excluded, it must have all the tags specified in at least one group. Default: None create multiple groups. For a plugin to be included, it must have all the tags specified in at least one group. Default: default
--plugins-dir PLUGINS_DIR --exclude-tags EXCLUDE_TAGS
The location of the plugins directory. Default: /mnt/hgfs/AutoRecon/plugins Tags to determine which plugins should be excluded. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to
-o OUTDIR, --output OUTDIR create multiple groups. For a plugin to be excluded, it must have all the tags specified in at least one group. Default: None
The output directory for results. Default: results --plugins-dir PLUGINS_DIR
--single-target Only scan a single target. A directory named after the target will not be created. Instead, the directory structure will be created within the The location of the plugins directory. Default: /mnt/hgfs/AutoRecon/plugins
output directory. Default: False -o OUTDIR, --output OUTDIR
--only-scans-dir Only create the "scans" directory for results. Other directories (e.g. exploit, loot, report) will not be created. Default: False The output directory for results. Default: results
--create-port-dirs Create directories for ports within the "scans" directory (e.g. scans/tcp80, scans/udp53) and store results in these directories. Default: False --single-target Only scan a single target. A directory named after the target will not be created. Instead, the directory structure will be created within the
--heartbeat HEARTBEAT output directory. Default: False
Specifies the heartbeat interval (in seconds) for scan status messages. Default: 60 --only-scans-dir Only create the "scans" directory for results. Other directories (e.g. exploit, loot, report) will not be created. Default: False
--timeout TIMEOUT Specifies the maximum amount of time in minutes that AutoRecon should run for. Default: None --create-port-dirs Create directories for ports within the "scans" directory (e.g. scans/tcp80, scans/udp53) and store results in these directories. Default: False
--target-timeout TARGET_TIMEOUT --heartbeat HEARTBEAT
Specifies the maximum amount of time in minutes that a target should be scanned for before abandoning it and moving on. Default: None Specifies the heartbeat interval (in seconds) for scan status messages. Default: 60
--nmap NMAP Override the {nmap_extra} variable in scans. Default: -vv --reason -Pn --timeout TIMEOUT Specifies the maximum amount of time in minutes that AutoRecon should run for. Default: None
--nmap-append NMAP_APPEND --target-timeout TARGET_TIMEOUT
Append to the default {nmap_extra} variable in scans. Default: Specifies the maximum amount of time in minutes that a target should be scanned for before abandoning it and moving on. Default: None
--disable-sanity-checks --nmap NMAP Override the {nmap_extra} variable in scans. Default: -vv --reason -Pn
Disable sanity checks that would otherwise prevent the scans from running. Default: False --nmap-append NMAP_APPEND
--accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False Append to the default {nmap_extra} variable in scans. Default:
-v, --verbose Enable verbose output. Repeat for more verbosity. --disable-sanity-checks
--version Prints the AutoRecon version and exits. Disable sanity checks that would otherwise prevent the scans from running. Default: False
-h, --help Show this help message and exit. --disable-keyboard-control
Disables keyboard control ([s]tatus, Up, Down) if you are in SSH or Docker.
--force-services FORCE_SERVICES [FORCE_SERVICES ...]
A space separated list of services in the following style: tcp/80/http/insecure tcp/443/https/secure
--accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False
-v, --verbose Enable verbose output. Repeat for more verbosity.
-h, --help Show this help message and exit.
plugin arguments: plugin arguments:
These are optional arguments for certain plugins. These are optional arguments for certain plugins.
--curl.path VALUE The path on the web server to curl. Default: / --curl.path VALUE The path on the web server to curl. Default: /
--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb} --dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}
The tool to use for directory busting. Default: feroxbuster The tool to use for directory busting. Default: feroxbuster
--dirbuster.wordlist VALUE --dirbuster.wordlist VALUE [VALUE ...]
The wordlist to use when directory busting. Specify the option multiple times to use multiple wordlists. Default: The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default: ['/usr/share/seclists/Discovery/Web-
['/usr/share/seclists/Discovery/Web-Content/common.txt'] Content/common.txt']
--dirbuster.threads VALUE --dirbuster.threads VALUE
The number of threads to use when directory busting. Default: 10 The number of threads to use when directory busting. Default: 10
--onesixtyone.community-strings VALUE --dirbuster.ext VALUE
The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt The extensions you wish to fuzz (no dot, comma separated). Default: txt,html,php,asp,aspx,jsp
--onesixtyone.community-strings VALUE
The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt
global plugin arguments: global plugin arguments:
These are optional arguments that can be used by all plugins. These are optional arguments that can be used by all plugins.
--global.username-wordlist VALUE --global.username-wordlist VALUE
A wordlist of usernames, useful for bruteforcing. Default: /usr/share/seclists/Usernames/top-usernames-shortlist.txt A wordlist of usernames, useful for bruteforcing. Default: /usr/share/seclists/Usernames/top-usernames-shortlist.txt
--global.password-wordlist VALUE --global.password-wordlist VALUE
A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt
--global.domain VALUE --global.domain VALUE
The domain to use (if known). Used for DNS and/or Active Directory. The domain to use (if known). Used for DNS and/or Active Directory. Default: None
``` ```
### Verbosity ### Verbosity