Merge branch 'Tib3rius:main' into main

README.md

@@ -64,6 +64,7 @@ Additionally the following commands may need to be installed, depending on your
 
 ```
 curl
+dnsrecon
 enum4linux
 feroxbuster
 gobuster
@@ -87,7 +88,7 @@ wkhtmltopdf
 On Kali Linux, you can ensure these are all installed using the following commands:
 
 ```bash
-sudo apt install seclists curl enum4linux feroxbuster gobuster impacket-scripts nbtscan nikto nmap onesixtyone oscanner redis-tools smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf
+sudo apt install seclists curl dnsrecon enum4linux feroxbuster gobuster impacket-scripts nbtscan nikto nmap onesixtyone oscanner redis-tools smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf
 ```
 
 ### Installation Method #1: pipx (Recommended)

autorecon/default-plugins/portscan-all-tcp-ports.py

@@ -1,6 +1,6 @@
 from autorecon.plugins import PortScan
 from autorecon.config import config
-import re
+import re, requests
 
 class AllTCPPortScan(PortScan):
 
@@ -33,7 +33,18 @@ class AllTCPPortScan(PortScan):
 				if match:
 					target.info('Discovered open port {bmagenta}tcp/' + match.group(1) + '{rst} on {byellow}' + target.address + '{rst}', verbosity=1)
 				service = target.extract_service(line)
+
 				if service:
+					# Check if HTTP service appears to be WinRM. If so, override service name as wsman.
+					if service.name == 'http' and service.port in [5985, 5986]:
+						wsman = requests.get(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
+						if wsman.status_code == 405:
+							service.name = 'wsman'
+							wsman = requests.post(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
+						else:
+							if wsman.status_code == 401:
+								service.name = 'wsman'
+
 					services.append(service)
 			else:
 				break

autorecon/default-plugins/portscan-top-tcp-ports.py

@@ -22,5 +22,17 @@ class QuickTCPPortScan(PortScan):
 
 		process, stdout, stderr = await target.execute('nmap {nmap_extra} -sV -sC --version-all' + traceroute_os + ' -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}', blocking=False)
 		services = await target.extract_services(stdout)
+
+		for service in services:
+			# Check if HTTP service appears to be WinRM. If so, override service name as wsman.
+			if service.name == 'http' and service.port in [5985, 5986]:
+				wsman = requests.get(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
+				if wsman.status_code == 405:
+					service.name = 'wsman'
+					wsman = requests.post(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False)
+				else:
+					if wsman.status_code == 401:
+						service.name = 'wsman'
+
 		await process.wait()
 		return services

autorecon/main.py

@@ -17,7 +17,7 @@ from autorecon.io import slugify, e, fformat, cprint, debug, info, warn, error,
 from autorecon.plugins import Pattern, PortScan, ServiceScan, Report, AutoRecon
 from autorecon.targets import Target, Service
 
-VERSION = "2.0.24"
+VERSION = "2.0.25"
 
 if not os.path.exists(config['config_dir']):
 	shutil.rmtree(config['config_dir'], ignore_errors=True, onerror=None)

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "autorecon"
-version = "2.0.24"
+version = "2.0.25"
 description = "A multi-threaded network reconnaissance tool which performs automated enumeration of services."
 authors = ["Tib3rius"]
 license = "GNU GPL v3"
@@ -10,9 +10,11 @@ packages = [
 ]
 
 [tool.poetry.dependencies]
-python = "^3.7"
+python = "^3.8"
 appdirs = "^1.4.4"
-colorama = "^0.4.4"
+colorama = "^0.4.5"
+impacket = "^0.10.0"
+requests = "^2.28.1"
 toml = "^0.10.2"
 Unidecode = "^1.3.1"
 

requirements.txt

@@ -1,4 +1,6 @@
 appdirs
 colorama
+impacket
+requests
 toml
 unidecode