From 215788ed4477c51e49df8cd417c85424fcd3b92d Mon Sep 17 00:00:00 2001 From: Tib3rius <48113936+Tib3rius@users.noreply.github.com> Date: Sun, 16 Jan 2022 14:11:44 -0500 Subject: [PATCH] Updated Usage (markdown) --- Usage.md | 152 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 93 insertions(+), 59 deletions(-) diff --git a/Usage.md b/Usage.md index 6a5f608..9b25a7e 100644 --- a/Usage.md +++ b/Usage.md @@ -1,79 +1,105 @@ # Usage ``` -usage: autorecon [-t TARGET_FILE] [-p PORTS] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] - [--exclude-tags TAGS] [--port-scans PLUGINS] [--service-scans PLUGINS] [--reports PLUGINS] [--plugins-dir PLUGINS_DIR] - [--add-plugins-dir PLUGINS_DIR] [-l [TYPE]] [-o OUTPUT] [--single-target] [--only-scans-dir] [--no-port-dirs] - [--heartbeat HEARTBEAT] [--timeout TIMEOUT] [--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] - [--proxychains] [--disable-sanity-checks] [--disable-keyboard-control] [--force-services SERVICE [SERVICE ...]] - [--accessible] [-v] [--version] [--subdomain-enum.domain VALUE] [--subdomain-enum.wordlist VALUE [VALUE ...]] - [--subdomain-enum.threads VALUE] [--curl.path VALUE] [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] - [--dirbuster.wordlist VALUE [VALUE ...]] [--dirbuster.threads VALUE] [--dirbuster.ext VALUE] [--vhost-enum.hostname VALUE] - [--vhost-enum.wordlist VALUE [VALUE ...]] [--vhost-enum.threads VALUE] [--wpscan.api-token VALUE] - [--onesixtyone.community-strings VALUE] [--global.username-wordlist VALUE] [--global.password-wordlist VALUE] - [--global.domain VALUE] [-h] - [targets ...] +usage: autorecon [-t TARGET_FILE] [-p PORTS] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] + [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags TAGS] [--port-scans PLUGINS] + [--service-scans PLUGINS] [--reports PLUGINS] [--plugins-dir PLUGINS_DIR] + [--add-plugins-dir PLUGINS_DIR] [-l [TYPE]] [-o OUTPUT] [--single-target] + [--only-scans-dir] [--no-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT] + [--target-timeout TARGET_TIMEOUT] [--nmap NMAP | --nmap-append NMAP_APPEND] + [--proxychains] [--disable-sanity-checks] [--disable-keyboard-control] + [--force-services SERVICE [SERVICE ...]] [--accessible] [-v] [--version] + [--subdomain-enum.domain VALUE] [--subdomain-enum.wordlist VALUE [VALUE ...]] + [--subdomain-enum.threads VALUE] [--curl.path VALUE] + [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}] + [--dirbuster.wordlist VALUE [VALUE ...]] [--dirbuster.threads VALUE] + [--dirbuster.ext VALUE] [--vhost-enum.hostname VALUE] + [--vhost-enum.wordlist VALUE [VALUE ...]] [--vhost-enum.threads VALUE] + [--wpscan.api-token VALUE] [--onesixtyone.community-strings VALUE] + [--global.username-wordlist VALUE] [--global.password-wordlist VALUE] + [--global.domain VALUE] [-h] + [targets ...] -Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets. +Network reconnaissance tool to port scan and automatically enumerate services found on multiple +targets. positional arguments: - targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan. + targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable + hostnames (e.g. foo.bar) to scan. optional arguments: -t TARGET_FILE, --target-file TARGET_FILE Read targets from file. -p PORTS, --ports PORTS - Comma separated list of ports / port ranges to scan. Specify TCP/UDP ports by prepending list with T:/U: To scan both - TCP/UDP, put port(s) at start or specify B: e.g. 53,T:21-25,80,U:123,B:123. Default: None + Comma separated list of ports / port ranges to scan. Specify TCP/UDP ports by + prepending list with T:/U: To scan both TCP/UDP, put port(s) at start or + specify B: e.g. 53,T:21-25,80,U:123,B:123. Default: None -m MAX_SCANS, --max-scans MAX_SCANS The maximum number of concurrent scans to run. Default: 50 -mp MAX_PORT_SCANS, --max-port-scans MAX_PORT_SCANS - The maximum number of concurrent port scans to run. Default: 10 (approx 20% of max-scans unless specified) + The maximum number of concurrent port scans to run. Default: 10 (approx 20% of + max-scans unless specified) -c CONFIG_FILE, --config CONFIG_FILE - Location of AutoRecon's config file. Default: ~/.config/AutoRecon/config.toml + Location of AutoRecon's config file. Default: + ~/.config/AutoRecon/config.toml -g GLOBAL_FILE, --global-file GLOBAL_FILE - Location of AutoRecon's global file. Default: /.config/AutoRecon/global.toml - --tags TAGS Tags to determine which plugins should be included. Separate tags by a plus symbol (+) to group tags together. Separate - groups with a comma (,) to create multiple groups. For a plugin to be included, it must have all the tags specified in - at least one group. Default: default - --exclude-tags TAGS Tags to determine which plugins should be excluded. Separate tags by a plus symbol (+) to group tags together. Separate - groups with a comma (,) to create multiple groups. For a plugin to be excluded, it must have all the tags specified in - at least one group. Default: None - --port-scans PLUGINS Override --tags / --exclude-tags for the listed PortScan plugins (comma separated). Default: None + Location of AutoRecon's global file. Default: + ~/.config/AutoRecon/global.toml + --tags TAGS Tags to determine which plugins should be included. Separate tags by a plus + symbol (+) to group tags together. Separate groups with a comma (,) to create + multiple groups. For a plugin to be included, it must have all the tags + specified in at least one group. Default: default + --exclude-tags TAGS Tags to determine which plugins should be excluded. Separate tags by a plus + symbol (+) to group tags together. Separate groups with a comma (,) to create + multiple groups. For a plugin to be excluded, it must have all the tags + specified in at least one group. Default: None + --port-scans PLUGINS Override --tags / --exclude-tags for the listed PortScan plugins (comma + separated). Default: None --service-scans PLUGINS - Override --tags / --exclude-tags for the listed ServiceScan plugins (comma separated). Default: None - --reports PLUGINS Override --tags / --exclude-tags for the listed Report plugins (comma separated). Default: None + Override --tags / --exclude-tags for the listed ServiceScan plugins (comma + separated). Default: None + --reports PLUGINS Override --tags / --exclude-tags for the listed Report plugins (comma + separated). Default: None --plugins-dir PLUGINS_DIR - The location of the plugins directory. Default: ~/.config/AutoRecon/plugins + The location of the plugins directory. Default: + ~/.config/AutoRecon/plugins --add-plugins-dir PLUGINS_DIR - The location of an additional plugins directory to add to the main one. Default: None + The location of an additional plugins directory to add to the main one. + Default: None -l [TYPE], --list [TYPE] - List all plugins or plugins of a specific type. e.g. --list, --list port, --list service + List all plugins or plugins of a specific type. e.g. --list, --list port, + --list service -o OUTPUT, --output OUTPUT The output directory for results. Default: results - --single-target Only scan a single target. A directory named after the target will not be created. Instead, the directory structure will - be created within the output directory. Default: False - --only-scans-dir Only create the "scans" directory for results. Other directories (e.g. exploit, loot, report) will not be created. - Default: False - --no-port-dirs Don't create directories for ports (e.g. scans/tcp80, scans/udp53). Instead store all results in the "scans" directory - itself. Default: False + --single-target Only scan a single target. A directory named after the target will not be + created. Instead, the directory structure will be created within the output + directory. Default: False + --only-scans-dir Only create the "scans" directory for results. Other directories (e.g. exploit, + loot, report) will not be created. Default: False + --no-port-dirs Don't create directories for ports (e.g. scans/tcp80, scans/udp53). Instead + store all results in the "scans" directory itself. Default: False --heartbeat HEARTBEAT - Specifies the heartbeat interval (in seconds) for scan status messages. Default: 60 - --timeout TIMEOUT Specifies the maximum amount of time in minutes that AutoRecon should run for. Default: None - --target-timeout TARGET_TIMEOUT - Specifies the maximum amount of time in minutes that a target should be scanned for before abandoning it and moving on. + Specifies the heartbeat interval (in seconds) for scan status messages. + Default: 60 + --timeout TIMEOUT Specifies the maximum amount of time in minutes that AutoRecon should run for. Default: None + --target-timeout TARGET_TIMEOUT + Specifies the maximum amount of time in minutes that a target should be scanned + for before abandoning it and moving on. Default: None --nmap NMAP Override the {nmap_extra} variable in scans. Default: -vv --reason -Pn -T4 --nmap-append NMAP_APPEND Append to the default {nmap_extra} variable in scans. Default: --proxychains Use if you are running AutoRecon via proxychains. Default: False --disable-sanity-checks - Disable sanity checks that would otherwise prevent the scans from running. Default: False + Disable sanity checks that would otherwise prevent the scans from running. + Default: False --disable-keyboard-control Disables keyboard control ([s]tatus, Up, Down) if you are in SSH or Docker. --force-services SERVICE [SERVICE ...] - A space separated list of services in the following style: tcp/80/http tcp/443/https/secure - --accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: False + A space separated list of services in the following style: tcp/80/http + tcp/443/https/secure + --accessible Attempts to make AutoRecon output more accessible to screenreaders. Default: + False -v, --verbose Enable verbose output. Repeat for more verbosity. --version Prints the AutoRecon version and exits. -h, --help Show this help message and exit. @@ -82,45 +108,53 @@ plugin arguments: These are optional arguments for certain plugins. --subdomain-enum.domain VALUE - The domain to use as the base domain (e.g. example.com) for subdomain enumeration. Default: None + The domain to use as the base domain (e.g. example.com) for subdomain + enumeration. Default: None --subdomain-enum.wordlist VALUE [VALUE ...] - The wordlist(s) to use when enumerating subdomains. Separate multiple wordlists with spaces. Default: - ['/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt'] + The wordlist(s) to use when enumerating subdomains. Separate multiple wordlists + with spaces. Default: ['/usr/share/seclists/Discovery/DNS/subdomains- + top1million-110000.txt'] --subdomain-enum.threads VALUE The number of threads to use when enumerating subdomains. Default: 10 --curl.path VALUE The path on the web server to curl. Default: / --dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb} The tool to use for directory busting. Default: feroxbuster --dirbuster.wordlist VALUE [VALUE ...] - The wordlist(s) to use when directory busting. Separate multiple wordlists with spaces. Default: - ['~/.config/AutoRecon/wordlists/dirbuster.txt'] + The wordlist(s) to use when directory busting. Separate multiple wordlists with + spaces. Default: ['~/.config/AutoRecon/wordlists/dirbuster.txt'] --dirbuster.threads VALUE The number of threads to use when directory busting. Default: 10 --dirbuster.ext VALUE - The extensions you wish to fuzz (no dot, comma separated). Default: txt,html,php,asp,aspx,jsp + The extensions you wish to fuzz (no dot, comma separated). Default: + txt,html,php,asp,aspx,jsp --vhost-enum.hostname VALUE - The hostname to use as the base host (e.g. example.com) for virtual host enumeration. Default: None + The hostname to use as the base host (e.g. example.com) for virtual host + enumeration. Default: None --vhost-enum.wordlist VALUE [VALUE ...] - The wordlist(s) to use when enumerating virtual hosts. Separate multiple wordlists with spaces. Default: - ['/usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt'] + The wordlist(s) to use when enumerating virtual hosts. Separate multiple + wordlists with spaces. Default: ['/usr/share/seclists/Discovery/DNS/subdomains- + top1million-110000.txt'] --vhost-enum.threads VALUE The number of threads to use when enumerating virtual hosts. Default: 10 --wpscan.api-token VALUE An API Token from wpvulndb.com to help search for more vulnerabilities. --onesixtyone.community-strings VALUE - The file containing a list of community strings to try. Default: /usr/share/seclists/Discovery/SNMP/common-snmp- - community-strings-onesixtyone.txt + The file containing a list of community strings to try. Default: + /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings- + onesixtyone.txt global plugin arguments: These are optional arguments that can be used by all plugins. --global.username-wordlist VALUE - A wordlist of usernames, useful for bruteforcing. Default: /usr/share/seclists/Usernames/top-usernames-shortlist.txt + A wordlist of usernames, useful for bruteforcing. Default: + /usr/share/seclists/Usernames/top-usernames-shortlist.txt --global.password-wordlist VALUE - A wordlist of passwords, useful for bruteforcing. Default: /usr/share/seclists/Passwords/darkweb2017-top100.txt + A wordlist of passwords, useful for bruteforcing. Default: + /usr/share/seclists/Passwords/darkweb2017-top100.txt --global.domain VALUE - The domain to use (if known). Used for DNS and/or Active Directory. Default: None - + The domain to use (if known). Used for DNS and/or Active Directory. Default: + None ``` ## Targets / Target Files