Merge 96643ad806 into fd87c99abc

2025-07-19 15:05:12 +00:00 · 2025-07-19 15:05:12 +00:00 · d6520f1c2c
parent fd87c99abc 96643ad806
commit d6520f1c2c
3 changed files with 86 additions and 43 deletions
--- a/README.md
+++ b/README.md
@ -262,15 +262,35 @@ plugin arguments:
  --dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}
                        The tool to use for directory busting. Default: feroxbuster
  --dirbuster.wordlist VALUE [VALUE ...]
-                        The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default:
-                        ['~/.local/share/AutoRecon/wordlists/dirbuster.txt']
+                        The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default: ['/root/.local/share/AutoRecon/wordlists/dirbuster.txt']
  --dirbuster.threads VALUE
                        The number of threads to use when directory busting. Default: 10
  --dirbuster.ext VALUE
                        The extensions you wish to fuzz (no dot, comma separated). Default: txt,html,php,asp,aspx,jsp
+  --dirbuster.recursive
+                        Enables recursive searching (where available). Warning: This may cause significant increases to scan times. Default: False
+  --dirbuster.extras VALUE
+                        Any extra options you wish to pass to the tool when it runs. e.g. --dirbuster.extras='-s 200,301 --discover-backup'
+  --enum4linux.tool {enum4linux-ng,enum4linux}
+                        The tool to use for doing Windows and Samba enumeration. Default: enum4linux-ng
  --onesixtyone.community-strings VALUE
-                        The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-
-                        community-strings-onesixtyone.txt
+                        The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt
+  --redirect-host-discovery.update-hosts
+                        If set, discovered redirect hostnames will be added to /etc/hosts with the target IP
+  --subdomain-enum.domain VALUE
+                        The domain to use as the base domain (e.g. example.com) for subdomain enumeration. Default: None
+  --subdomain-enum.wordlist VALUE [VALUE ...]
+                        The wordlist(s) to use when enumerating subdomains. Separate multiple wordlists with spaces. Default: ['/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt']
+  --subdomain-enum.threads VALUE
+                        The number of threads to use when enumerating subdomains. Default: 10
+  --vhost-enum.hostname VALUE
+                        The hostname to use as the base host (e.g. example.com) for virtual host enumeration. Default: None
+  --vhost-enum.wordlist VALUE [VALUE ...]
+                        The wordlist(s) to use when enumerating virtual hosts. Separate multiple wordlists with spaces. Default: ['/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt']
+  --vhost-enum.threads VALUE
+                        The number of threads to use when enumerating virtual hosts. Default: 10
+  --wpscan.api-token VALUE
+                        An API Token from wpvulndb.com to help search for more vulnerabilities.

 global plugin arguments:
  These are optional arguments that can be used by all plugins.
--- a/autorecon/default-plugins/hostname-discovery.py
+++ b/autorecon/default-plugins/hostname-discovery.py
@ -1,39 +0,0 @@
-from autorecon.plugins import ServiceScan
-import requests
-from urllib.parse import urlparse
-import urllib3
-
-urllib3.disable_warnings()
-
-class RedirectHostnameDiscovery(ServiceScan):
-
-	def __init__(self):
-		super().__init__()
-		self.name = 'Redirect Hostname Discovery'
-		self.slug = 'redirect-host-discovery'
-		self.tags = ['default', 'http', 'quick']
-
-	def configure(self):
-		self.match_service_name('^http')
-		self.match_service_name('^nacn_http$', negative_match=True)
-
-	async def run(self, service):
-		try:
-			url = f"{'https' if service.secure else 'http'}://{service.target.address}:{service.port}/"
-			resp = requests.get(url, verify=False, allow_redirects=False)
-
-			if 'Location' in resp.headers:
-				location = resp.headers['Location']
-				parsed = urlparse(location)
-				redirect_host = parsed.hostname
-
-				if redirect_host:
-					service.info(f"[+] Redirect detected: {url} → {location}")
-					service.info(f"[+] Hostname found in redirect: {redirect_host}")
-				else:
-					service.info(f"[+] Redirect detected, but no hostname could be parsed: {location}")
-			else:
-				service.info(f"[-] No redirect detected at {url}")
-
-		except Exception as e:
-			service.error(f"[!] Error during redirect check on {service.target.address}:{service.port} — {e}")
--- a/autorecon/default-plugins/redirect-host-discovery.py
+++ b/autorecon/default-plugins/redirect-host-discovery.py
@ -0,0 +1,62 @@
+from autorecon.plugins import ServiceScan
+from urllib.parse import urlparse
+import requests
+import urllib3
+import os
+import ipaddress
+
+urllib3.disable_warnings()
+
+class RedirectHostnameDiscovery(ServiceScan):
+
+	def __init__(self):
+		super().__init__()
+		self.name = 'Redirect Hostname Discovery'
+		self.slug = 'redirect-host-discovery'
+		self.tags = ['default', 'http', 'quick']
+
+	def configure(self):
+		self.match_service_name('^http')
+		self.match_service_name('^nacn_http$', negative_match=True)
+		self.add_true_option(
+			'update-hosts',
+			help='If set, discovered redirect hostnames will be added to /etc/hosts with the target IP'
+		)
+
+	async def run(self, service):
+		url = f"{'https' if service.secure else 'http'}://{service.target.address}:{service.port}/"
+
+		try:
+			resp = requests.get(url, verify=False, allow_redirects=False)
+
+			if 'Location' in resp.headers:
+				location = resp.headers['Location']
+				parsed = urlparse(location)
+				redirect_host = parsed.hostname
+
+				if redirect_host and redirect_host != service.target.address:
+					service.info(f"Redirect detected: {url} → {location}")
+					service.info(f"Hostname found in redirect: {redirect_host}")
+
+					if self.get_option('update-hosts'):
+						if os.geteuid() != 0:
+							service.error("[!] --redirect-host-discovery.update-hosts requires root to modify /etc/hosts.")
+							return
+
+						ip = service.target.address
+						with open("/etc/hosts", "r") as hosts_file:
+							for line in hosts_file:
+								parts = line.strip().split()
+								if len(parts) >= 2 and parts[0] == ip and redirect_host in parts[1:]:
+									return
+
+						with open("/etc/hosts", "a") as hosts_file:
+							hosts_file.write(f"{ip} {redirect_host}\n")
+						service.info(f"Hostname {redirect_host} added to /etc/hosts with IP {ip}")
+				else:
+					service.info(f"Redirect detected, but no new hostname found in: {location}")
+			else:
+				service.info(f"No redirect detected at {url}")
+
+		except Exception as e:
+			service.error(f"[!] Error during redirect check on {url} — {e}")