From 9cb392d4b482a8a7515c0ee4b0bc378bd16c4b16 Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Mon, 10 Jan 2022 02:22:36 -0500 Subject: [PATCH] Added Virtual Host enumeration plugin. --- autorecon/default-plugins/http_server.py | 34 ++++++++++++++++++++++++ autorecon/main.py | 2 +- pyproject.toml | 2 +- 3 files changed, 36 insertions(+), 2 deletions(-) diff --git a/autorecon/default-plugins/http_server.py b/autorecon/default-plugins/http_server.py index 70a11e9..66b6933 100644 --- a/autorecon/default-plugins/http_server.py +++ b/autorecon/default-plugins/http_server.py @@ -239,3 +239,37 @@ class WPScan(ServiceScan): def manual(self, service, plugin_was_run): service.add_manual_command('(wpscan) WordPress Security Scanner (useful if WordPress is found):', 'wpscan --url {http_scheme}://{addressv6}:{port}/ --no-update -e vp,vt,tt,cb,dbe,u,m --plugins-detection aggressive --plugins-version-detection aggressive -f cli-no-color 2>&1 | tee "{scandir}/{protocol}_{port}_{http_scheme}_wpscan.txt"') + +class VirtualHost(ServiceScan): + + def __init__(self): + super().__init__() + self.name = 'Virtual Host Enumeration' + self.slug = 'vhost-enum' + self.tags = ['default', 'safe', 'http', 'long'] + + def configure(self): + self.add_option('hostname', help='The hostname to use as the base host (e.g. example.com) for virtual host enumeration. Default: %(default)s') + self.add_list_option('wordlist', default=['/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt'], help='The wordlist(s) to use when enumerating virtual hosts. Separate multiple wordlists with spaces. Default: %(default)s') + self.add_option('threads', default=10, help='The number of threads to use when enumerating virtual hosts. Default: %(default)s') + self.match_service_name('^http') + self.match_service_name('^nacn_http$', negative_match=True) + + def check(self): + if which('gobuster') is None: + error('The gobuster program could not be found. Make sure it is installed. (On Kali, run: sudo apt install gobuster)') + + async def run(self, service): + if service.target.type == 'hostname' or self.get_option('hostname') or self.get_global('domain'): + if self.get_option('hostname'): + hostname = self.get_option('hostname') + elif service.target.type == 'hostname': + hostname = service.target.address + else: + hostname = self.get_global('domain') + + for wordlist in self.get_option('wordlist'): + name = os.path.splitext(os.path.basename(wordlist))[0] + await service.execute('gobuster vhost -u {http_scheme}://' + hostname + ':{port}/ -t ' + str(self.get_option('threads')) + ' -w ' + wordlist + ' -r -o "{scandir}/{protocol}_{port}_{http_scheme}_vhosts_' + name + '.txt"') + else: + info('The target was not a hostname, nor was a hostname provided as an option. Skipping virtual host enumeration.') diff --git a/autorecon/main.py b/autorecon/main.py index b5e18c9..0ad5292 100644 --- a/autorecon/main.py +++ b/autorecon/main.py @@ -17,7 +17,7 @@ from autorecon.io import slugify, e, fformat, cprint, debug, info, warn, error, from autorecon.plugins import Pattern, PortScan, ServiceScan, Report, AutoRecon from autorecon.targets import Target, Service -VERSION = "2.0.9" +VERSION = "2.0.10" if not os.path.exists(config['config_dir']): shutil.rmtree(config['config_dir'], ignore_errors=True, onerror=None) diff --git a/pyproject.toml b/pyproject.toml index 147f67c..a3cfaef 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "autorecon" -version = "2.0.9" +version = "2.0.10" description = "A multi-threaded network reconnaissance tool which performs automated enumeration of services." authors = ["Tib3rius"] license = "GNU GPL v3"