From bd616f1137c14e38797e42e2ec2fc4665e79a19d Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Tue, 24 Aug 2021 16:05:23 -0400 Subject: [PATCH] Update README.md --- README.md | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 80 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0112ba2..0c18a5f 100644 --- a/README.md +++ b/README.md @@ -106,7 +106,84 @@ See detailed usage options below. ## Usage -TODO +AutoRecon uses Python 3 specific functionality and does not support Python 2. + +``` +usage: autorecon.py [-t TARGET_FILE] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags EXCLUDE_TAGS] + [--plugins-dir PLUGINS_DIR] [-o OUTDIR] [--single-target] [--only-scans-dir] [--create-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT] + [--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] [--disable-sanity-checks] [--accessible] [-v] [--version] + [--curl.path VALUE] [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] [--dirbuster.wordlist VALUE] [--dirbuster.threads VALUE] + [--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE] [--global.domain VALUE] [-h] + [targets ...] + +Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets. + +positional arguments: + targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan. + + optional arguments: [30/2643] + -t TARGET_FILE, --targets TARGET_FILE + Read targets from file. + -m MAX_SCANS, --max-scans MAX_SCANS + The maximum number of concurrent scans to run. Default: 50 + -mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS + The maximum number of concurrent port scans to run. Default: 10 (approx 20% of max-scans unless specified) + -c CONFIG_FILE, --config CONFIG_FILE + Location of AutoRecon's config file. Default: /mnt/hgfs/AutoRecon/config.toml + -g GLOBAL_FILE, --global-file GLOBAL_FILE + Location of AutoRecon's global file. Default: /mnt/hgfs/AutoRecon/global.toml + --tags TAGS Tags to determine which plugins should be included. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to + create multiple groups. For a plugin to be included, it must have all the tags specified in at least one group. Default: default + --exclude-tags EXCLUDE_TAGS + Tags to determine which plugins should be excluded. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to + create multiple groups. For a plugin to be excluded, it must have all the tags specified in at least one group. Default: None + --plugins-dir PLUGINS_DIR + The location of the plugins directory. Default: /mnt/hgfs/AutoRecon/plugins + -o OUTDIR, --output OUTDIR + The output directory for results. Default: results + --single-target Only scan a single target. A directory named after the target will not be created. Instead, the directory structure will be created within the + output directory. Default: False + --only-scans-dir Only create the "scans" directory for results. Other directories (e.g. exploit, loot, report) will not be created. Default: False + --create-port-dirs Create directories for ports within the "scans" directory (e.g. scans/tcp80, scans/udp53) and store results in these directories. Default: False + --heartbeat HEARTBEAT + Specifies the heartbeat interval (in seconds) for scan status messages. Default: 60 + --timeout TIMEOUT Specifies the maximum amount of time in minutes that AutoRecon should run for. Default: None + --target-timeout TARGET_TIMEOUT + Specifies the maximum amount of time in minutes that a target should be scanned for before abandoning it and moving on. Default: None + --nmap NMAP Override the {nmap_extra} variable in scans. Default: -vv --reason -Pn + --nmap-append NMAP_APPEND + Append to the default {nmap_extra} variable in scans. Default: + --disable-sanity-checks + Disable sanity checks that would otherwise prevent the scans from running. Default: False + --accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False + -v, --verbose Enable verbose output. Repeat for more verbosity. + --version Prints the AutoRecon version and exits. + -h, --help Show this help message and exit. + + plugin arguments: + These are optional arguments for certain plugins. + + --curl.path VALUE The path on the web server to curl. Default: / + --dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb} + The tool to use for directory busting. Default: feroxbuster + --dirbuster.wordlist VALUE + The wordlist to use when directory busting. Specify the option multiple times to use multiple wordlists. Default: + ['/usr/share/seclists/Discovery/Web-Content/common.txt'] + --dirbuster.threads VALUE + The number of threads to use when directory busting. Default: 10 + --onesixtyone.community-strings VALUE + The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt + + global plugin arguments: + These are optional arguments that can be used by all plugins. + + --global.username-wordlist VALUE + A wordlist of usernames, useful for bruteforcing. Default: /usr/share/seclists/Usernames/top-usernames-shortlist.txt + --global.password-wordlist VALUE + A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt + --global.domain VALUE + The domain to use (if known). Used for DNS and/or Active Directory. +``` ### Verbosity @@ -116,6 +193,8 @@ AutoRecon supports three levels of verbosity: * (-v) Verbose output. AutoRecon will additionally specify the exact commands which are being run, as well as highlighting any patterns which are matched in command output. * (-vv) Very verbose output. AutoRecon will output everything. Literally every line from all commands which are currently running. When scanning multiple targets concurrently, this can lead to a ridiculous amount of output. It is not advised to use -vv unless you absolutely need to see live output from commands. +Note: You can change the verbosity of AutoRecon mid-scan by pressing the up and down arrow keys. + ### Results By default, results will be stored in the ./results directory. A new sub directory is created for every target. The structure of this sub directory is: