RomanNum3ral
/
AutoRecon
mirror of https://github.com/Tib3rius/AutoRecon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Plugin updates. 

Added "safe" tag to most plugins.
Added an "unsafe" non-default tag.
Created an SMB Vulnerabilities plugin which is unsafe and won't run by default.
This commit is contained in:
Tib3rius 2021-08-22 08:10:23 -04:00
parent 874739ca6e
commit ad994bdbfa
17 changed files with 110 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/databases.py
View File

@ -5,7 +5,7 @@ class NmapMongoDB(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap MongoDB"
self.tags = ['default', 'databases']
self.tags = ['default', 'safe', 'databases']
def configure(self):
self.match_service_name('^mongod')
@ -18,7 +18,7 @@ class NmapMSSQL(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap MSSQL"
self.tags = ['default', 'databases']
self.tags = ['default', 'safe', 'databases']
def configure(self):
self.match_service_name(['^mssql', '^ms\-sql'])
@ -34,7 +34,7 @@ class NmapMYSQL(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap MYSQL"
self.tags = ['default', 'databases']
self.tags = ['default', 'safe', 'databases']
def configure(self):
self.match_service_name('^mysql')
@ -50,7 +50,7 @@ class NmapOracle(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap Oracle"
self.tags = ['default', 'databases']
self.tags = ['default', 'safe', 'databases']
def configure(self):
self.match_service_name('^oracle')
@ -66,7 +66,7 @@ class OracleTNScmd(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Oracle TNScmd"
self.tags = ['default', 'databases']
self.tags = ['default', 'safe', 'databases']
def configure(self):
self.match_service_name('^oracle')
@ -80,7 +80,7 @@ class OracleScanner(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Oracle Scanner"
self.tags = ['default', 'databases']
self.tags = ['default', 'safe', 'databases']
def configure(self):
self.match_service_name('^oracle')
@ -93,7 +93,7 @@ class OracleODAT(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Oracle ODAT"
self.tags = ['default', 'databases']
self.tags = ['default', 'safe', 'databases']
def configure(self):
self.match_service_name('^oracle')

6
plugins/dns.py
View File

@ -5,7 +5,7 @@ class DNS(ServiceScan):
def __init__(self):
super().__init__()
self.name = "DNS"
self.tags = ['default', 'dns']
self.tags = ['default', 'safe', 'dns']
def configure(self):
self.match_service_name('^domain')
@ -18,7 +18,7 @@ class DNSZoneTransfer(ServiceScan):
def __init__(self):
super().__init__()
self.name = "DNS Zone Transfer"
self.tags = ['default', 'dns']
self.tags = ['default', 'safe', 'dns']
def configure(self):
self.match_service_name('^domain')
@ -34,7 +34,7 @@ class DNSReverseLookup(ServiceScan):
def __init__(self):
super().__init__()
self.name = "DNS Reverse Lookup"
self.tags = ['default', 'dns']
self.tags = ['default', 'safe', 'dns']
def configure(self):
self.match_service_name('^domain')

2
plugins/ftp.py
View File

@ -5,7 +5,7 @@ class NmapFTP(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Nmap FTP'
self.tags = ['default', 'ftp']
self.tags = ['default', 'safe', 'ftp']
def configure(self):
self.match_service_name(['^ftp', '^ftp\-data'])

16
plugins/http.py
View File

@ -7,7 +7,7 @@ class NmapHTTP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap HTTP"
self.tags = ['default', 'http']
self.tags = ['default', 'safe', 'http']
def configure(self):
self.match_service_name('^http')
@ -42,7 +42,7 @@ class Curl(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Curl"
self.tags = ['default', 'http']
self.tags = ['default', 'safe', 'http']
def configure(self):
self.add_option("path", default="/", help="The path on the web server to curl. Default: %(default)s")
@ -59,7 +59,7 @@ class CurlRobots(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Curl Robots"
self.tags = ['default', 'http']
self.tags = ['default', 'safe', 'http']
def configure(self):
self.match_service_name('^http')
@ -76,7 +76,7 @@ class DirBuster(ServiceScan):
self.name = "DirBuster"
self.slug = 'dirbuster'
self.priority = 0
self.tags = ['default', 'http', 'long']
self.tags = ['default', 'safe', 'long', 'http']
def configure(self):
self.add_choice_option('tool', default='feroxbuster', choices=['feroxbuster', 'gobuster', 'dirsearch', 'ffuf', 'dirb'], help='The tool to use for directory busting. Default: %(default)s')
@ -130,7 +130,7 @@ class Nikto(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'nikto'
self.tags = ['default', 'http', 'long']
self.tags = ['default', 'safe', 'long', 'http']
def configure(self):
self.match_service_name('^http')
@ -144,7 +144,7 @@ class WhatWeb(ServiceScan):
def __init__(self):
super().__init__()
self.name = "whatweb"
self.tags = ['default', 'http']
self.tags = ['default', 'safe', 'http']
def configure(self):
self.match_service_name('^http')
@ -159,7 +159,7 @@ class WkHTMLToImage(ServiceScan):
def __init__(self):
super().__init__()
self.name = "wkhtmltoimage"
self.tags = ['default', 'http']
self.tags = ['default', 'safe', 'http']
def configure(self):
self.match_service_name('^http')
@ -177,7 +177,7 @@ class WPScan(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'WPScan'
self.tags = ['default', 'http']
self.tags = ['default', 'safe', 'http']
def configure(self):
self.match_service_name('^http')

2
plugins/kerberos.py
View File

@ -5,7 +5,7 @@ class NmapKerberos(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap Kerberos"
self.tags = ['default', 'kerberos', 'active-directory']
self.tags = ['default', 'safe', 'kerberos', 'active-directory']
def configure(self):
self.match_service_name(['^kerberos', '^kpasswd'])

4
plugins/ldap.py
View File

@ -5,7 +5,7 @@ class NmapLDAP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap LDAP"
self.tags = ['default', 'ldap', 'active-directory']
self.tags = ['default', 'safe', 'ldap', 'active-directory']
def configure(self):
self.match_service_name('^ldap')
@ -18,7 +18,7 @@ class LDAPSearch(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'LDAP Search'
self.tags = ['default', 'ldap', 'active-directory']
self.tags = ['default', 'safe', 'ldap', 'active-directory']
def configure(self):
self.match_service_name('^ldap')

55
plugins/misc.py
View File

@ -5,7 +5,7 @@ class NmapCassandra(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap Cassandra"
self.tags = ['default', 'cassandra']
self.tags = ['default', 'safe', 'cassandra']
def configure(self):
self.match_service_name('^apani1')
@ -18,7 +18,7 @@ class NmapCUPS(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap CUPS"
self.tags = ['default', 'cups']
self.tags = ['default', 'safe', 'cups']
def configure(self):
self.match_service_name('^ipp')
@ -31,7 +31,7 @@ class NmapDistccd(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap distccd"
self.tags = ['default', 'distccd']
self.tags = ['default', 'safe', 'distccd']
def configure(self):
self.match_service_name('^distccd')
@ -44,7 +44,7 @@ class NmapFinger(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap finger"
self.tags = ['default', 'finger']
self.tags = ['default', 'safe', 'finger']
def configure(self):
self.match_service_name('^finger')
@ -57,7 +57,7 @@ class NmapIMAP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap IMAP"
self.tags = ['default', 'imap', 'email']
self.tags = ['default', 'safe', 'imap', 'email']
def configure(self):
self.match_service_name('^imap')
@ -70,7 +70,7 @@ class NmapNNTP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap NNTP"
self.tags = ['default', 'nntp']
self.tags = ['default', 'safe', 'nntp']
def configure(self):
self.match_service_name('^nntp')
@ -83,7 +83,7 @@ class NmapPOP3(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap POP3"
self.tags = ['default', 'pop3', 'email']
self.tags = ['default', 'safe', 'pop3', 'email']
def configure(self):
self.match_service_name('^pop3')
@ -96,7 +96,7 @@ class NmapRMI(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap RMI"
self.tags = ['default', 'rmi']
self.tags = ['default', 'safe', 'rmi']
def configure(self):
self.match_service_name(['^java\-rmi', '^rmiregistry'])
@ -104,45 +104,12 @@ class NmapRMI(ServiceScan):
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,rmi-vuln-classloader,rmi-dumpregistry" -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rmi_nmap.xml" {address}')
class NmapSMTP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap SMTP"
self.tags = ['default', 'smtp', 'email']
def configure(self):
self.match_service_name('^smtp')
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smtp_nmap.xml" {address}')
class SMTPUserEnum(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'SMTP-User-Enum'
self.tags = ['default', 'smtp', 'email']
def configure(self):
self.match_service_name('^smtp')
async def run(self, service):
await service.execute('hydra smtp-enum://{address}:{port}/vrfy -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_vrfy.txt')
await service.execute('hydra smtp-enum://{address}:{port}/expn -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_expn.txt')
def manual(self, service, plugin_was_run):
service.add_manual_command('Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target\'s domain name:', [
'hydra smtp-enum://{address}:{port}/rcpt -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -o "{scandir}/{protocol}_{port}_smtp_user-enum_hydra_rcpt.txt" -p <TARGET-DOMAIN>'
])
class NmapTelnet(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Nmap Telnet'
self.tags = ['default', 'telnet']
self.tags = ['default', 'safe', 'telnet']
def configure(self):
self.match_service_name('^telnet')
@ -155,7 +122,7 @@ class NmapTFTP(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Nmap TFTP'
self.tags = ['default', 'tftp']
self.tags = ['default', 'safe', 'tftp']
def configure(self):
self.match_service_name('^tftp')
@ -168,7 +135,7 @@ class NmapVNC(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Nmap VNC'
self.tags = ['default', 'vnc']
self.tags = ['default', 'safe', 'vnc']
def configure(self):
self.match_service_name('^vnc')

4
plugins/nfs.py
View File

@ -5,7 +5,7 @@ class NmapNFS(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap NFS"
self.tags = ['default', 'nfs']
self.tags = ['default', 'safe', 'nfs']
def configure(self):
self.match_service_name(['^nfs', '^rpcbind'])
@ -18,7 +18,7 @@ class Showmount(ServiceScan):
def __init__(self):
super().__init__()
self.name = "showmount"
self.tags = ['default', 'nfs']
self.tags = ['default', 'safe', 'nfs']
def configure(self):
self.match_service_name(['^nfs', '^rpcbind'])

2
plugins/rdp.py
View File

@ -5,7 +5,7 @@ class NmapRDP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap RDP"
self.tags = ['default', 'rdp']
self.tags = ['default', 'safe', 'rdp']
def configure(self):
self.match_service_name(['^rdp', '^ms\-wbt\-server', '^ms\-term\-serv'])

4
plugins/redis.py
View File

@ -6,7 +6,7 @@ class NmapRedis(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Nmap Redis'
self.tags = ['default', 'redis']
self.tags = ['default', 'safe', 'redis']
def configure(self):
self.match_service_name('^redis$')
@ -19,7 +19,7 @@ class RedisCli(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Redis Cli'
self.tags = ['default', 'redis']
self.tags = ['default', 'safe', 'redis']
def configure(self):
self.match_service_name('^redis$')

6
plugins/rpc.py
View File

@ -1,7 +1,7 @@
from autorecon import ServiceScan, error
from shutil import which
class NmapMSRPC(ServiceScan):
class NmapRPC(ServiceScan):
def __init__(self):
super().__init__()
@ -19,7 +19,7 @@ class RPCClient(ServiceScan):
def __init__(self):
super().__init__()
self.name = "rpcclient"
self.tags = ['default', 'rpc']
self.tags = ['default', 'safe', 'rpc']
def configure(self):
self.match_service_name(['^msrpc', '^rpcbind', '^erpc'])
@ -32,7 +32,7 @@ class RPCDump(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'rpcdump'
self.tags = ['default', 'rpc']
self.tags = ['default', 'safe', 'rpc']
def configure(self):
self.match_service_name(['^msrpc', '^rpcbind', '^erpc'])

4
plugins/rsync.py
View File

@ -5,7 +5,7 @@ class NmapRsync(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Nmap Rsync'
self.tags = ['default', 'rsync']
self.tags = ['default', 'safe', 'rsync']
def configure(self):
self.match_service_name('^rsync')
@ -18,7 +18,7 @@ class RsyncList(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'Rsync List Files'
self.tags = ['default', 'rsync']
self.tags = ['default', 'safe', 'rsync']
def configure(self):
self.match_service_name('^rsync')

4
plugins/sip.py
View File

@ -5,7 +5,7 @@ class NmapSIP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap SIP"
self.tags = ['default', 'sip']
self.tags = ['default', 'safe', 'sip']
def configure(self):
self.match_service_name('^asterisk')
@ -18,7 +18,7 @@ class SIPVicious(ServiceScan):
def __init__(self):
super().__init__()
self.name = "SIPVicious"
self.tags = ['default', 'sip']
self.tags = ['default', 'safe', 'sip']
def configure(self):
self.match_service_name('^asterisk')

32
plugins/smb.py
View File

@ -5,27 +5,43 @@ class NmapSMB(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap SMB"
self.tags = ['default', 'smb', 'active-directory']
self.tags = ['default', 'safe', 'smb', 'active-directory']
def configure(self):
self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}')
class SMBVuln(ServiceScan):
def __init__(self):
super().__init__()
self.name = "SMB Vulnerabilities"
self.tags = ['unsafe', 'smb', 'active-directory']
def configure(self):
self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}')
await service.execute('nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}')
await service.execute('nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}')
def manual(self, service, plugin_was_run):
if not plugin_was_run: # Only suggest these if they weren't run.
service.add_manual_commands('Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:', [
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
])
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}')
class Enum4Linux(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Enum4Linux"
self.tags = ['default', 'enum4linux', 'active-directory']
self.tags = ['default', 'safe', 'enum4linux', 'active-directory']
def configure(self):
self.match_service_name(['^ldap', '^smb', '^microsoft\-ds', '^netbios'])
@ -41,7 +57,7 @@ class NBTScan(ServiceScan):
def __init__(self):
super().__init__()
self.name = "nbtscan"
self.tags = ['default', 'netbios', 'active-directory']
self.tags = ['default', 'safe', 'netbios', 'active-directory']
def configure(self):
self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
@ -56,7 +72,7 @@ class SMBClient(ServiceScan):
def __init__(self):
super().__init__()
self.name = "SMBClient"
self.tags = ['default', 'smb', 'active-directory']
self.tags = ['default', 'safe', 'smb', 'active-directory']
def configure(self):
self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])
@ -71,7 +87,7 @@ class SMBMap(ServiceScan):
def __init__(self):
super().__init__()
self.name = "SMBMap"
self.tags = ['default', 'smb', 'active-directory']
self.tags = ['default', 'safe', 'smb', 'active-directory']
def configure(self):
self.match_service_name(['^smb', '^microsoft\-ds', '^netbios'])

33
plugins/smtp.py Normal file
View File

@ -0,0 +1,33 @@
from autorecon import ServiceScan
class NmapSMTP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap SMTP"
self.tags = ['default', 'safe', 'smtp', 'email']
def configure(self):
self.match_service_name('^smtp')
async def run(self, service):
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(smtp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_smtp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smtp_nmap.xml" {address}')
class SMTPUserEnum(ServiceScan):
def __init__(self):
super().__init__()
self.name = 'SMTP-User-Enum'
self.tags = ['default', 'safe', 'smtp', 'email']
def configure(self):
self.match_service_name('^smtp')
async def run(self, service):
await service.execute('hydra smtp-enum://{address}:{port}/vrfy -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_vrfy.txt')
await service.execute('hydra smtp-enum://{address}:{port}/expn -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" 2>&1', outfile='{protocol}_{port}_smtp_user-enum_hydra_expn.txt')
def manual(self, service, plugin_was_run):
service.add_manual_command('Try User Enumeration using "RCPT TO". Replace <TARGET-DOMAIN> with the target\'s domain name:', [
'hydra smtp-enum://{address}:{port}/rcpt -L "' + self.get_global('username_wordlist', default='/usr/share/seclists/Usernames/top-usernames-shortlist.txt') + '" -o "{scandir}/{protocol}_{port}_smtp_user-enum_hydra_rcpt.txt" -p <TARGET-DOMAIN>'
])

6
plugins/snmp.py
View File

@ -5,7 +5,7 @@ class NmapSNMP(ServiceScan):
def __init__(self):
super().__init__()
self.name = "Nmap SNMP"
self.tags = ['default', 'snmp']
self.tags = ['default', 'safe', 'snmp']
def configure(self):
self.match_service_name('^snmp')
@ -18,7 +18,7 @@ class OneSixtyOne(ServiceScan):
def __init__(self):
super().__init__()
self.name = "OneSixtyOne"
self.tags = ['default', 'snmp']
self.tags = ['default', 'safe', 'snmp']
def configure(self):
self.match_service_name('^snmp')
@ -34,7 +34,7 @@ class SNMPWalk(ServiceScan):
def __init__(self):
super().__init__()
self.name = "SNMPWalk"
self.tags = ['default', 'snmp']
self.tags = ['default', 'safe', 'snmp']
def configure(self):
self.match_service_name('^snmp')

2
plugins/sslscan.py
View File

@ -5,7 +5,7 @@ class SSLScan(ServiceScan):
def __init__(self):
super().__init__()
self.name = "SSL Scan"
self.tags = ['default', 'ssl', 'tls']
self.tags = ['default', 'safe', 'ssl', 'tls']
def configure(self):
self.match_all_service_names(True)