RomanNum3ral
/
AutoRecon
mirror of https://github.com/Tib3rius/AutoRecon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Moved config files to new config directory. 

Fixed bug where writing matched patterns would cause exception.
Updated several service scans.
This commit is contained in:
Tib3rius 2019-03-29 23:37:11 -04:00
parent e88d5396e0
commit bc25d8310b
5 changed files with 88 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
autorecon.py
View File

@ -105,7 +105,7 @@ def fail(*args, sep=' ', end='\n', file=sys.stderr, **kvargs):
exit(-1)
port_scan_profiles_config_file = 'port-scan-profiles.toml'
with open(os.path.join(__location__, port_scan_profiles_config_file), 'r') as p:
with open(os.path.join(__location__, 'config', port_scan_profiles_config_file), 'r') as p:
try:
port_scan_profiles_config = toml.load(p)
@ -115,13 +115,13 @@ with open(os.path.join(__location__, port_scan_profiles_config_file), 'r') as p:
except toml.decoder.TomlDecodeError as e:
fail('Error: Couldn\'t parse {port_scan_profiles_config_file} config file. Check syntax and duplicate tags.')
with open(os.path.join(__location__, 'service-scans.toml'), 'r') as c:
with open(os.path.join(__location__, 'config', 'service-scans.toml'), 'r') as c:
try:
service_scans_config = toml.load(c)
except toml.decoder.TomlDecodeError as e:
fail('Error: Couldn\'t parse service-scans.toml config file. Check syntax and duplicate tags.')
with open(os.path.join(__location__, 'patterns.toml'), 'r') as p:
with open(os.path.join(__location__, 'config', 'global-patterns.toml'), 'r') as p:
try:
global_patterns = toml.load(p)
if 'pattern' in global_patterns:
@ -129,7 +129,7 @@ with open(os.path.join(__location__, 'patterns.toml'), 'r') as p:
else:
global_patterns = []
except toml.decoder.TomlDecodeError as e:
fail('Error: Couldn\'t parse patterns.toml config file. Check syntax and duplicate tags.')
fail('Error: Couldn\'t parse global-patterns.toml config file. Check syntax and duplicate tags.')
if 'username_wordlist' in service_scans_config:
if isinstance(service_scans_config['username_wordlist'], str):
@ -213,7 +213,8 @@ async def run_cmd(semaphore, cmd, target, tag='?', patterns=[]):
return {'returncode': process.returncode, 'name': 'run_cmd'}
async def parse_port_scan(stream, tag, address, pattern):
async def parse_port_scan(stream, tag, target, pattern):
address = target.address
ports = []
while True:
@ -248,7 +249,8 @@ async def parse_port_scan(stream, tag, address, pattern):
return ports
async def parse_service_detection(stream, tag, address, pattern):
async def parse_service_detection(stream, tag, target, pattern):
address = target.address
services = []
while True:
@ -303,7 +305,7 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None
process = await asyncio.create_subprocess_shell(command, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE)
output = [
parse_port_scan(process.stdout, tag, address, pattern),
parse_port_scan(process.stdout, tag, target, pattern),
read_stream(process.stderr, target, tag=tag, color=Fore.RED)
]
@ -338,7 +340,7 @@ async def run_portscan(semaphore, tag, target, service_detection, port_scan=None
process = await asyncio.create_subprocess_shell(command, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE)
output = [
parse_service_detection(process.stdout, tag, address, pattern),
parse_service_detection(process.stdout, tag, target, pattern),
read_stream(process.stderr, target, tag=tag, color=Fore.RED)
]
@ -397,7 +399,7 @@ async def scan_services(loop, semaphore, target):
port = service_tuple[1]
service = service_tuple[2]
info(Fore.BLUE + '[' + Style.BRIGHT + address + Style.NORMAL + '] {service} found on {protocol}/{port}' + Fore.RESET)
info('Found {bmagenta}{service}{rst} on {bmagenta}{protocol}/{port}{rst} on target {byellow}{address}{rst}')
with open(os.path.join(target.reportdir, 'notes.txt'), 'a') as file:
file.writelines(e('[*] {service} found on {protocol}/{port}.\n\n\n\n'))

8
config/global-patterns.toml Normal file
View File

@ -0,0 +1,8 @@
# Patterns defined in this file will be checked against every line of output (e.g. port scans and service scans)
[[pattern]]
description = 'Nmap script found a potential vulnerability. ({match})'
pattern = 'State: (?:(?:LIKELY\_?)?VULNERABLE)'
[[pattern]]
pattern = '(?i)unauthorized'

0
port-scan-profiles.toml → config/port-scan-profiles.toml
View File

84
service-scans.toml → config/service-scans.toml
View File

@ -22,16 +22,36 @@ service-names = [
name = 'nmap-cups'
command = 'nmap {nmap_extra} -sV -p {port} --script="(cups* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_cups_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_cups_nmap.xml" {address}'
[distcc]
service-names = [
'^distccd'
]
[[distcc.scan]]
name = 'nmap-distcc'
command = 'nmap {nmap_extra} -sV -p {port} --script="distcc-cve2004-2687" --script-args="distcc-cve2004-2687.cmd=id" -oN "{scandir}/{protocol}_{port}_distcc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_distcc_nmap.xml" {address}'
[dns]
service-names = [
'^domain',
'^domain'
]
[[dns.scan]]
name = 'nmap-dns'
command = 'nmap {nmap_extra} -sV -p {port} --script="(dns* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_dns_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_dns_nmap.xml" {address}'
[finger]
service-names = [
'^finger'
]
[[finger.scan]]
nmap = 'nmap-finger'
command = 'nmap {nmap_extra} -sV -p {port} --script="finger" -oN "{scandir}/{protocol}_{port}_finger_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_finger_nmap.xml" {address}'
[ftp]
service-names = [
@ -72,10 +92,17 @@ ignore-service-names = [
description = 'Identified HTTP Server: {match}'
pattern = 'Server: ([^\n]+)'
[[http.scan.pattern]]
description = 'WebDAV is enabled'
pattern = 'WebDAV is ENABLED'
[[http.scan]]
name = 'curl-index'
command = 'curl -sSik {scheme}://{address}:{port}/ -m 10 2>&1 | tee "{scandir}/{protocol}_{port}_{scheme}_index.html"'
[[http.scan.pattern]]
pattern = '(?i)Powered by [^\n]+'
[[http.scan]]
name = 'curl-robots'
command = 'curl -sSik {scheme}://{address}:{port}/robots.txt -m 10 2>&1 | tee "{scandir}/{protocol}_{port}_{scheme}_robots.txt"'
@ -141,12 +168,13 @@ service-names = [
[kerberos]
service-names = [
'^kerberos'
'^kerberos',
'^kpasswd'
]
[[kerberos.scan]]
name = 'nmap-kerberos'
command = 'nmap {nmap_extra} -sV -p {port} --script=krb5-enum-users -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="krb5-enum-users" -oN "{scandir}/{protocol}_{port}_kerberos_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_kerberos_nmap.xml" {address}'
[ldap]
@ -184,7 +212,7 @@ service-names = [
[[mssql.scan]]
name = 'nmap-mssql'
command = 'nmap {nmap_extra} -sV -p {port} --script="(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=mssql.instance-port={port},mssql.username=sa,mssql.password=sa -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mssql_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port={port},mssql.username=sa,mssql.password=sa" -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mssql_nmap.xml" {address}'
[[mssql.manual]]
description = '(sqsh) interactive database shell'
@ -213,6 +241,16 @@ service-names = [
name = 'nmap-nfs'
command = 'nmap {nmap_extra} -sV -p {port} --script="(rpcinfo or nfs*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_nfs_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_nfs_nmap.xml" {address}'
[nntp]
service-names = [
'^nntp'
]
[[nntp.scan]]
name = 'nmap-nntp'
command = 'nmap {nmap_extra} -sV -p {port} --script="nntp-ntlm-info" -oN "{scandir}/{protocol}_{port}_nntp_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_nntp_nmap.xml" {address}'
[oracle]
service-names = [
@ -261,7 +299,7 @@ service-names = [
[[rmi.scan]]
name = 'nmap-rmi'
command = 'nmap {nmap_extra} -sV -p {port} --script=rmi-vuln-classloader,rmi-dumpregistry -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rmi_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="rmi-vuln-classloader,rmi-dumpregistry" -oN "{scandir}/{protocol}_{port}_rmi_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rmi_nmap.xml" {address}'
[rpc]
@ -271,9 +309,25 @@ service-names = [
'^erpc'
]
[[msrpc.scan]]
[[rpc.scan]]
name = 'nmap-msrpc'
command = 'nmap {nmap_extra} -sV -p {port} --script=msrpc-enum,rpc-grind,rpcinfo -oN "{scandir}/{protocol}_{port}_rpc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rpc_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="msrpc-enum,rpc-grind,rpcinfo" -oN "{scandir}/{protocol}_{port}_rpc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_rpc_nmap.xml" {address}'
[[rpc.manual]]
description = 'RPC Client:'
commands = [
'rpcclient -p {port} -U "" {address}'
]
[sip]
service-names = [
'^asterisk'
]
[[sip.scan]]
name = 'nmap-sip'
command = 'nmap {nmap_extra} -sV -p {port} --script="sip-enum-users,sip-methods" -oN "{scandir}/{protocol}_{port}_sip_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_sip_nmap.xml" {address}'
[ssh]
@ -283,7 +337,7 @@ service-names = [
[[ssh.scan]]
name = 'nmap-ssh'
command = 'nmap {nmap_extra} -sV -p {port} --script=ssh2-enum-algos,ssh-hostkey,ssh-auth-methods -oN "{scandir}/{protocol}_{port}_ssh_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ssh_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="ssh2-enum-algos,ssh-hostkey,ssh-auth-methods" -oN "{scandir}/{protocol}_{port}_ssh_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_ssh_nmap.xml" {address}'
[[ssh.manual]]
description = 'Bruteforce logins:'
@ -301,7 +355,7 @@ service-names = [
[[smb.scan]]
name = 'nmap-smb'
command = 'nmap {nmap_extra} -sV -p {port} --script="(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_nmap.xml" {address}'
[[smb.scan]]
name = 'enum4linux'
@ -325,9 +379,9 @@ service-names = [
[[smb.manual]]
description = 'Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:'
commands = [
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms06-025" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms06-025.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms06-025.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms07-029" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms07-029.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms07-029.xml" {address}',
'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-ms08-067" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_smb_ms08-067.txt" -oX "{scandir}/xml/{protocol}_{port}_smb_ms08-067.xml" {address}'
]
[smtp]
@ -416,7 +470,7 @@ service-names = [
[[telnet.scan]]
name = 'nmap-telnet'
command = 'nmap {nmap_extra} -sV -p {port} --script=telnet-encryption,telnet-ntlm-info -oN "{scandir}/{protocol}_{port}_telnet-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_telnet_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="telnet-encryption,telnet-ntlm-info" -oN "{scandir}/{protocol}_{port}_telnet-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_telnet_nmap.xml" {address}'
[tftp]
@ -426,7 +480,7 @@ service-names = [
[[tftp.scan]]
name = 'nmap-tftp'
command = 'nmap {nmap_extra} -sV -p {port} --script=tftp-enum -oN "{scandir}/{protocol}_{port}_tftp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_tftp_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="tftp-enum" -oN "{scandir}/{protocol}_{port}_tftp-nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_tftp_nmap.xml" {address}'
[vnc]
@ -436,4 +490,4 @@ service-names = [
[[vnc.scan]]
name = 'nmap-vnc'
command = 'nmap {nmap_extra} -sV -p {port} --script="(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN "{scandir}/{protocol}_{port}_vnc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_vnc_nmap.xml" {address}'
command = 'nmap {nmap_extra} -sV -p {port} --script="(vnc* or realvnc* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_vnc_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_vnc_nmap.xml" {address}'

3
patterns.toml
View File

@ -1,3 +0,0 @@
[[pattern]]
description = 'Nmap script found a potential vulnerability. ({match})'
pattern = 'State: (?:(?:LIKELY\_?)?VULNERABLE)'