RomanNum3ral
/
AutoRecon
mirror of https://github.com/Tib3rius/AutoRecon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update README.md

This commit is contained in:
Tib3rius 2021-08-29 22:57:30 -04:00 committed by GitHub
parent 76dab09f5e
commit c68fe48f94
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 89 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
README.md
View File

@ -20,20 +20,28 @@ AutoRecon was inspired by three tools which the author used during the OSCP labs
## Features
* Supports multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames.
* Can scan targets concurrently, utilizing multiple processors if they are available.
* Customizable port scanning profiles for flexibility in your initial scans.
* Customizable service enumeration commands and suggested manual follow-up commands.
* Supports multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames. IPv6 is supported.
* Can scan multiple targets concurrently, utilizing multiple processors if they are available.
* Advanced plugin system allowing for easy creation of new scans.
* Customizable port scanning plugins for flexibility in your initial scans.
* Customizable service scanning plugins for further enumeration.
* Suggested manual follow-up commands for when automation makes little sense.
* Ability to limit port scanning to a combination of TCP/UDP ports.
* Ability to skip port scanning phase by suppling information about services which should be open.
* Global and per-scan pattern matching which highlights and extracts important information from the noise.
* An intuitive directory structure for results gathering.
* Full logging of commands that were run, along with errors if they fail.
* Global and per-scan pattern matching so you can highlight/extract important information from the noise.
* A powerful config file lets you use your favorite settings every time.
* A tagging system that lets you include or exclude certain plugins.
* Global and per-target timeouts in case you only have limited time.
* Three levels of verbosity, controllable by command-line options, and during scans using Up/Down arrows.
* Colorized output for distinguishing separate pieces of information. Can be turned off for accessibility reasons.
## Requirements
- Python 3
- `python3-pip`
### Supporting packages
Several commands used in AutoRecon reference the SecLists project, in the directory /usr/share/seclists/. You can either manually download the SecLists project to this directory (https://github.com/danielmiessler/SecLists), or if you are using Kali Linux (**highly recommended**) you can run the following:
@ -109,11 +117,13 @@ See detailed usage options below.
AutoRecon uses Python 3 specific functionality and does not support Python 2.
```
usage: autorecon.py [-t TARGET_FILE] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags EXCLUDE_TAGS]
usage: autorecon.py [-t TARGET_FILE] [-p PORTS] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags EXCLUDE_TAGS]
[--plugins-dir PLUGINS_DIR] [-o OUTDIR] [--single-target] [--only-scans-dir] [--create-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT]
[--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] [--disable-sanity-checks] [--accessible] [-v] [--version]
[--curl.path VALUE] [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] [--dirbuster.wordlist VALUE] [--dirbuster.threads VALUE]
[--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE] [--global.domain VALUE] [-h]
[--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] [--disable-sanity-checks] [--disable-keyboard-control]
[--force-services FORCE_SERVICES [FORCE_SERVICES ...]] [--accessible] [-v] [--version] [--curl.path VALUE]
[--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] [--dirbuster.wordlist VALUE [VALUE ...]] [--dirbuster.threads VALUE]
[--dirbuster.ext VALUE] [--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE]
[--global.domain VALUE] [-h]
[targets ...]
Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets.
@ -121,68 +131,76 @@ Network reconnaissance tool to port scan and automatically enumerate services fo
positional arguments:
targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan.
optional arguments: [30/2643]
-t TARGET_FILE, --targets TARGET_FILE
Read targets from file.
-m MAX_SCANS, --max-scans MAX_SCANS
The maximum number of concurrent scans to run. Default: 50
-mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS
The maximum number of concurrent port scans to run. Default: 10 (approx 20% of max-scans unless specified)
-c CONFIG_FILE, --config CONFIG_FILE
Location of AutoRecon's config file. Default: /mnt/hgfs/AutoRecon/config.toml
-g GLOBAL_FILE, --global-file GLOBAL_FILE
Location of AutoRecon's global file. Default: /mnt/hgfs/AutoRecon/global.toml
--tags TAGS Tags to determine which plugins should be included. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to
create multiple groups. For a plugin to be included, it must have all the tags specified in at least one group. Default: default
--exclude-tags EXCLUDE_TAGS
Tags to determine which plugins should be excluded. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to
create multiple groups. For a plugin to be excluded, it must have all the tags specified in at least one group. Default: None
--plugins-dir PLUGINS_DIR
The location of the plugins directory. Default: /mnt/hgfs/AutoRecon/plugins
-o OUTDIR, --output OUTDIR
The output directory for results. Default: results
--single-target Only scan a single target. A directory named after the target will not be created. Instead, the directory structure will be created within the
output directory. Default: False
--only-scans-dir Only create the "scans" directory for results. Other directories (e.g. exploit, loot, report) will not be created. Default: False
--create-port-dirs Create directories for ports within the "scans" directory (e.g. scans/tcp80, scans/udp53) and store results in these directories. Default: False
--heartbeat HEARTBEAT
Specifies the heartbeat interval (in seconds) for scan status messages. Default: 60
--timeout TIMEOUT Specifies the maximum amount of time in minutes that AutoRecon should run for. Default: None
--target-timeout TARGET_TIMEOUT
Specifies the maximum amount of time in minutes that a target should be scanned for before abandoning it and moving on. Default: None
--nmap NMAP Override the {nmap_extra} variable in scans. Default: -vv --reason -Pn
--nmap-append NMAP_APPEND
Append to the default {nmap_extra} variable in scans. Default:
--disable-sanity-checks
Disable sanity checks that would otherwise prevent the scans from running. Default: False
--accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False
-v, --verbose Enable verbose output. Repeat for more verbosity.
--version Prints the AutoRecon version and exits.
-h, --help Show this help message and exit.
optional arguments:
-t TARGET_FILE, --targets TARGET_FILE
Read targets from file.
-p PORTS, --ports PORTS
Comma separated list of ports / port ranges to scan. Specify TCP/UDP ports by prepending list with T:/U: To scan both TCP/UDP, put port(s) at start
or specify B: e.g. 53,T:21-25,80,U:123,B:123. Default: None
-m MAX_SCANS, --max-scans MAX_SCANS
The maximum number of concurrent scans to run. Default: 50
-mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS
The maximum number of concurrent port scans to run. Default: 10 (approx 20% of max-scans unless specified)
-c CONFIG_FILE, --config CONFIG_FILE
Location of AutoRecon's config file. Default: /mnt/hgfs/AutoRecon/config.toml
-g GLOBAL_FILE, --global-file GLOBAL_FILE
Location of AutoRecon's global file. Default: /mnt/hgfs/AutoRecon/global.toml
--tags TAGS Tags to determine which plugins should be included. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to
create multiple groups. For a plugin to be included, it must have all the tags specified in at least one group. Default: default
--exclude-tags EXCLUDE_TAGS
Tags to determine which plugins should be excluded. Separate tags by a plus symbol (+) to group tags together. Separate groups with a comma (,) to
create multiple groups. For a plugin to be excluded, it must have all the tags specified in at least one group. Default: None
--plugins-dir PLUGINS_DIR
The location of the plugins directory. Default: /mnt/hgfs/AutoRecon/plugins
-o OUTDIR, --output OUTDIR
The output directory for results. Default: results
--single-target Only scan a single target. A directory named after the target will not be created. Instead, the directory structure will be created within the
output directory. Default: False
--only-scans-dir Only create the "scans" directory for results. Other directories (e.g. exploit, loot, report) will not be created. Default: False
--create-port-dirs Create directories for ports within the "scans" directory (e.g. scans/tcp80, scans/udp53) and store results in these directories. Default: False
--heartbeat HEARTBEAT
Specifies the heartbeat interval (in seconds) for scan status messages. Default: 60
--timeout TIMEOUT Specifies the maximum amount of time in minutes that AutoRecon should run for. Default: None
--target-timeout TARGET_TIMEOUT
Specifies the maximum amount of time in minutes that a target should be scanned for before abandoning it and moving on. Default: None
--nmap NMAP Override the {nmap_extra} variable in scans. Default: -vv --reason -Pn
--nmap-append NMAP_APPEND
Append to the default {nmap_extra} variable in scans. Default:
--disable-sanity-checks
Disable sanity checks that would otherwise prevent the scans from running. Default: False
--disable-keyboard-control
Disables keyboard control ([s]tatus, Up, Down) if you are in SSH or Docker.
--force-services FORCE_SERVICES [FORCE_SERVICES ...]
A space separated list of services in the following style: tcp/80/http/insecure tcp/443/https/secure
--accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False
-v, --verbose Enable verbose output. Repeat for more verbosity.
-h, --help Show this help message and exit.
plugin arguments:
These are optional arguments for certain plugins.
--curl.path VALUE The path on the web server to curl. Default: /
--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}
The tool to use for directory busting. Default: feroxbuster
--dirbuster.wordlist VALUE
The wordlist to use when directory busting. Specify the option multiple times to use multiple wordlists. Default:
['/usr/share/seclists/Discovery/Web-Content/common.txt']
--dirbuster.threads VALUE
The number of threads to use when directory busting. Default: 10
--onesixtyone.community-strings VALUE
The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt
global plugin arguments:
These are optional arguments that can be used by all plugins.
--global.username-wordlist VALUE
A wordlist of usernames, useful for bruteforcing. Default: /usr/share/seclists/Usernames/top-usernames-shortlist.txt
--global.password-wordlist VALUE
A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt
--global.domain VALUE
The domain to use (if known). Used for DNS and/or Active Directory.
plugin arguments:
These are optional arguments for certain plugins.
--curl.path VALUE The path on the web server to curl. Default: /
--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}
The tool to use for directory busting. Default: feroxbuster
--dirbuster.wordlist VALUE [VALUE ...]
The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default: ['/usr/share/seclists/Discovery/Web-
Content/common.txt']
--dirbuster.threads VALUE
The number of threads to use when directory busting. Default: 10
--dirbuster.ext VALUE
The extensions you wish to fuzz (no dot, comma separated). Default: txt,html,php,asp,aspx,jsp
--onesixtyone.community-strings VALUE
The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt
global plugin arguments:
These are optional arguments that can be used by all plugins.
--global.username-wordlist VALUE
A wordlist of usernames, useful for bruteforcing. Default: /usr/share/seclists/Usernames/top-usernames-shortlist.txt
--global.password-wordlist VALUE
A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt
--global.domain VALUE
The domain to use (if known). Used for DNS and/or Active Directory. Default: None
```
### Verbosity