From ef53ebb01dbe4d3375279c475a1e8b22b1cfa5a3 Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Sun, 7 Aug 2022 14:10:31 -0400 Subject: [PATCH 1/3] Updated requirements and added check for WinRM Since Nmap reports WinRM as HTTP, the port scan plugins now do a few additional checks on ports 5985 and 5986 to avoid running needless HTTP plugins if the services are just WinRM. Updated the project dependencies to match. --- autorecon/default-plugins/portscan-all-tcp-ports.py | 13 ++++++++++++- autorecon/default-plugins/portscan-top-tcp-ports.py | 12 ++++++++++++ pyproject.toml | 6 ++++-- requirements.txt | 2 ++ 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/autorecon/default-plugins/portscan-all-tcp-ports.py b/autorecon/default-plugins/portscan-all-tcp-ports.py index 5904e09..c6dc70e 100644 --- a/autorecon/default-plugins/portscan-all-tcp-ports.py +++ b/autorecon/default-plugins/portscan-all-tcp-ports.py @@ -1,6 +1,6 @@ from autorecon.plugins import PortScan from autorecon.config import config -import re +import re, requests class AllTCPPortScan(PortScan): @@ -33,7 +33,18 @@ class AllTCPPortScan(PortScan): if match: target.info('Discovered open port {bmagenta}tcp/' + match.group(1) + '{rst} on {byellow}' + target.address + '{rst}', verbosity=1) service = target.extract_service(line) + if service: + # Check if HTTP service appears to be WinRM. If so, override service name as wsman. + if service.name == 'http' and service.port in [5985, 5986]: + wsman = requests.get(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False) + if wsman.status_code == 405: + service.name = 'wsman' + wsman = requests.post(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False) + else: + if wsman.status_code == 401: + service.name = 'wsman' + services.append(service) else: break diff --git a/autorecon/default-plugins/portscan-top-tcp-ports.py b/autorecon/default-plugins/portscan-top-tcp-ports.py index 18bad23..d2185aa 100644 --- a/autorecon/default-plugins/portscan-top-tcp-ports.py +++ b/autorecon/default-plugins/portscan-top-tcp-ports.py @@ -22,5 +22,17 @@ class QuickTCPPortScan(PortScan): process, stdout, stderr = await target.execute('nmap {nmap_extra} -sV -sC --version-all' + traceroute_os + ' -oN "{scandir}/_quick_tcp_nmap.txt" -oX "{scandir}/xml/_quick_tcp_nmap.xml" {address}', blocking=False) services = await target.extract_services(stdout) + + for service in services: + # Check if HTTP service appears to be WinRM. If so, override service name as wsman. + if service.name == 'http' and service.port in [5985, 5986]: + wsman = requests.get(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False) + if wsman.status_code == 405: + service.name = 'wsman' + wsman = requests.post(('https' if service.secure else 'http') + '://' + target.address + ':' + str(service.port) + '/wsman', verify=False) + else: + if wsman.status_code == 401: + service.name = 'wsman' + await process.wait() return services diff --git a/pyproject.toml b/pyproject.toml index 02cb1f7..269c291 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,9 +10,11 @@ packages = [ ] [tool.poetry.dependencies] -python = "^3.7" +python = "^3.8" appdirs = "^1.4.4" -colorama = "^0.4.4" +colorama = "^0.4.5" +impacket = "^0.10.0" +requests = "^2.28.1" toml = "^0.10.2" Unidecode = "^1.3.1" diff --git a/requirements.txt b/requirements.txt index 6a3fb1a..52563e4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,6 @@ appdirs colorama +impacket +requests toml unidecode From 3313968a2b3879be61b6f6c122988f1f9b7f8667 Mon Sep 17 00:00:00 2001 From: NalZE7 <75988980+NalZE7@users.noreply.github.com> Date: Sun, 7 Aug 2022 21:11:11 +0300 Subject: [PATCH 2/3] Adding dnsrecon to packages list that should be installed (#166) --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e23319e..8da16dc 100644 --- a/README.md +++ b/README.md @@ -64,6 +64,7 @@ Additionally the following commands may need to be installed, depending on your ``` curl +dnsrecon enum4linux feroxbuster gobuster @@ -87,7 +88,7 @@ wkhtmltopdf On Kali Linux, you can ensure these are all installed using the following commands: ```bash -sudo apt install seclists curl enum4linux feroxbuster gobuster impacket-scripts nbtscan nikto nmap onesixtyone oscanner redis-tools smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf +sudo apt install seclists curl dnsrecon enum4linux feroxbuster gobuster impacket-scripts nbtscan nikto nmap onesixtyone oscanner redis-tools smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf ``` ### Installation Method #1: pipx (Recommended) From 283b17bcd1d29c63daccba547d268d1e931c20a4 Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Sun, 7 Aug 2022 14:13:41 -0400 Subject: [PATCH 3/3] Version update. --- autorecon/main.py | 2 +- pyproject.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/autorecon/main.py b/autorecon/main.py index a3a4d15..0c76c73 100644 --- a/autorecon/main.py +++ b/autorecon/main.py @@ -17,7 +17,7 @@ from autorecon.io import slugify, e, fformat, cprint, debug, info, warn, error, from autorecon.plugins import Pattern, PortScan, ServiceScan, Report, AutoRecon from autorecon.targets import Target, Service -VERSION = "2.0.24" +VERSION = "2.0.25" if not os.path.exists(config['config_dir']): shutil.rmtree(config['config_dir'], ignore_errors=True, onerror=None) diff --git a/pyproject.toml b/pyproject.toml index 269c291..9b4d3a3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "autorecon" -version = "2.0.24" +version = "2.0.25" description = "A multi-threaded network reconnaissance tool which performs automated enumeration of services." authors = ["Tib3rius"] license = "GNU GPL v3"