From f47cbca8ef4386ea6b416af2d1fa93eb456ec0db Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Tue, 19 Oct 2021 16:36:28 -0400 Subject: [PATCH 1/3] Fixes #114 Places manual commands in the correct directory. --- autorecon/main.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/autorecon/main.py b/autorecon/main.py index 00f2fb6..f258a7d 100644 --- a/autorecon/main.py +++ b/autorecon/main.py @@ -517,6 +517,11 @@ async def scan_target(target): protocol = service.protocol port = service.port + if config['create_port_dirs']: + scandir = os.path.join(scandir, protocol + str(port)) + os.makedirs(scandir, exist_ok=True) + os.makedirs(os.path.join(scandir, 'xml'), exist_ok=True) + # Special cases for HTTP. http_scheme = 'https' if 'https' in service.name or service.secure is True else 'http' @@ -641,7 +646,7 @@ async def scan_target(target): plugin_run = True break if not plugin.run_once_boolean or (plugin.run_once_boolean and not plugin_run): - with open(os.path.join(scandir, '_manual_commands.txt'), 'a') as file: + with open(os.path.join(target.scandir, '_manual_commands.txt'), 'a') as file: if not heading: file.write(e('[*] {service.name} on {service.protocol}/{service.port}\n\n')) heading = True From 3b553e1933d3c55808a1ae5bd966cd0f6d23c321 Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Tue, 19 Oct 2021 18:29:44 -0400 Subject: [PATCH 2/3] Bug fix. Fixed bug that reported tcpwrapped ports as missed services. --- autorecon/main.py | 4 ++-- pyproject.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/autorecon/main.py b/autorecon/main.py index f258a7d..2ef271e 100644 --- a/autorecon/main.py +++ b/autorecon/main.py @@ -17,7 +17,7 @@ from autorecon.io import slugify, e, fformat, cprint, debug, info, warn, error, from autorecon.plugins import Pattern, PortScan, ServiceScan, Report, AutoRecon from autorecon.targets import Target, Service -VERSION = "2.0.4" +VERSION = "2.0.5" if not os.path.exists(config['config_dir']): shutil.rmtree(config['config_dir'], ignore_errors=True, onerror=None) @@ -694,7 +694,7 @@ async def scan_target(target): if not service_match: warn('{byellow}[' + target.address + ']{srst} Service ' + service.full_tag() + ' did not match any plugins based on the service name.{rst}', verbosity=2) - if service.full_tag() not in target.autorecon.missing_services: + if service.name != 'tcpwrapped' and service.full_tag() not in target.autorecon.missing_services: target.autorecon.missing_services.append(service.full_tag()) for plugin in target.autorecon.plugin_types['report']: diff --git a/pyproject.toml b/pyproject.toml index 7fd8810..54bc16a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "autorecon" -version = "2.0.4" +version = "2.0.5" description = "A multi-threaded network reconnaissance tool which performs automated enumeration of services." authors = ["Tib3rius"] license = "GNU GPL v3" From cfac135cc413df7da551bf0a75964c2fd1789566 Mon Sep 17 00:00:00 2001 From: Tim Bentley Date: Sun, 12 Dec 2021 04:34:38 +0000 Subject: [PATCH 3/3] Fixes and New Scan feature (#128) * fix issues and add function * Fix smbclient * Reverted some minor changes. ffuf's -noninteractive flag does function. Unsure of why it was removed. smbclient bug confirmed, but added -I back in and put // before the address since that appears to be the correct syntax. Renamed CurlKnowSecurity to CurlKnownSecurity. Co-authored-by: Tib3rius <48113936+Tib3rius@users.noreply.github.com> --- autorecon/default-plugins/http_server.py | 25 ++++++++++++++++++++++++ autorecon/default-plugins/smb.py | 2 +- autorecon/main.py | 2 +- pyproject.toml | 2 +- 4 files changed, 28 insertions(+), 3 deletions(-) diff --git a/autorecon/default-plugins/http_server.py b/autorecon/default-plugins/http_server.py index 479f966..c8711ec 100644 --- a/autorecon/default-plugins/http_server.py +++ b/autorecon/default-plugins/http_server.py @@ -79,6 +79,31 @@ class CurlRobots(ServiceScan): else: info('{bblue}[' + fformat('{tag}') + ']{rst} There did not appear to be a robots.txt file in the webroot (/).') +class CurlKnownSecurity(ServiceScan): + + def __init__(self): + super().__init__() + self.name = "Known Security" + self.tags = ['default', 'safe', 'http'] + + def configure(self): + self.match_service_name('^http') + self.match_service_name('^nacn_http$', negative_match=True) + + async def run(self, service): + if service.protocol == 'tcp': + process, stdout, _ = await service.execute('curl -sSikf {http_scheme}://{addressv6}:{port}/.well-known/security.txt', future_outfile='{protocol}_{port}_{http_scheme}_known-security.txt') + + lines = await stdout.readlines() + + if process.returncode == 0 and lines: + filename = fformat('{scandir}/{protocol}_{port}_{http_scheme}_known-security.txt') + with open(filename, mode='wt', encoding='utf8') as robots: + robots.write('\n'.join(lines)) + else: + info('{bblue}[' + fformat('{tag}') + ']{rst} There did not appear to be a .well-known/security.txt file in the webroot (/).') + + class DirBuster(ServiceScan): def __init__(self): diff --git a/autorecon/default-plugins/smb.py b/autorecon/default-plugins/smb.py index e5319ab..08b1459 100644 --- a/autorecon/default-plugins/smb.py +++ b/autorecon/default-plugins/smb.py @@ -82,7 +82,7 @@ class SMBClient(ServiceScan): self.run_once(True) async def run(self, service): - await service.execute('smbclient -L\\\\ -N -I {address} 2>&1', outfile='smbclient.txt') + await service.execute('smbclient -L //{address} -N -I {address} 2>&1', outfile='smbclient.txt') class SMBMap(ServiceScan): diff --git a/autorecon/main.py b/autorecon/main.py index 2ef271e..22e0762 100644 --- a/autorecon/main.py +++ b/autorecon/main.py @@ -17,7 +17,7 @@ from autorecon.io import slugify, e, fformat, cprint, debug, info, warn, error, from autorecon.plugins import Pattern, PortScan, ServiceScan, Report, AutoRecon from autorecon.targets import Target, Service -VERSION = "2.0.5" +VERSION = "2.0.6" if not os.path.exists(config['config_dir']): shutil.rmtree(config['config_dir'], ignore_errors=True, onerror=None) diff --git a/pyproject.toml b/pyproject.toml index 54bc16a..fe05d3b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [tool.poetry] name = "autorecon" -version = "2.0.5" +version = "2.0.6" description = "A multi-threaded network reconnaissance tool which performs automated enumeration of services." authors = ["Tib3rius"] license = "GNU GPL v3"