RECON: Information Gathering Automation framework

by do son · Published · Updated

AUTO-RECON

Information Gathering Automation framework. This program is intended to be used in Kali Linux.

Features!

  • This tool is intended for CTF’s and can be fairly noisy. (Not the most stealth conscious tool…)
  • All tools in this project are compliant with the OSCP exam rules.
  • If Virtual Host Routing is detected, Auto-Recon will add the hostnames to your /etc/hosts file and continue to enumerate the newly discovered hostnames.
  • DNS enumeration is nerfed to ignore .com .co .eu .uk .git domains etc… since this tool was designed for CTF’s like hack the box. It will try to find most .htb and .local domains.
  • This project use’s various tools and chains them together as needed to enumerate a target based off nmap results.
  • Using python multiprocessing, services can be scanned quickly.

INSTALLATION

cd /opt
git clone https://github.com/gotr00t0day/RECON.git
cd RECON
chmod +x setup.sh
./setup.sh
python3 -m pip install -r requirements.txt

Usage

       _____________          ____    ________________

      /___/___      \        /  / |  /___/__          \                   _____

          /  /   _   \______/__/  |______|__|_____ *   \_________________/__/  |___

       __/__/   /_\   \ |  |  \   __\/  _ \|  |       __/ __ \_/ ___\/  _ \|       |

      |   |     ___    \|  |  /|  | (  |_| )  |    |   \  ___/\  \__(  |_| )   |   |

      |___|____/\__\____|____/_|__|\_\____/|__|____|_  /\___  |\___  \____/|___|  /

      gtihub.com/Knowledge-Wisdom-Understanding  \___\/  \__\/  \__\_/      \___\/





usage: python3 recon.py -t 10.10.10.10



An Information Gathering and Enumeration Framework



optional arguments:

  -h, --help            show this help message and exit

  -t TARGET, --target TARGET

                        Single IPv4 Target to Scan

  -v, --version         Show Current Version

  -f FILE, --file FILE  File of IPv4 Targets to Scan

  -w WEB, --web WEB     Get open ports for IPv4 address, then only Enumerate

                        Web & and Dns Services

  -b {ftp,smb,http,ssh}, --brute {ftp,smb,http,ssh}

                        Experimental! - Brute Force ssh,smb,ftp, or http. -t,

                        --target is REQUIRED. Must supply only one protocol at

                        a time. Since there are already many stand-alone

                        bruteforce tools out there, for ssh, first valid users

                        will be enumerated before password brute is initiated,

                        when no user or passwords are supplied as options.

  -p PORT, --port PORT  port for brute forcing argument. If no port specified,

                        default port will be used

  -u USER, --user USER  Single user name for brute forcing, for SSH, if no

                        user specified, will default to

                        wordlists/usernames.txt and bruteforce usernames

  -U USERS, --USERS USERS

                        List of usernames to try for brute forcing. Not yet

                        implimented

  -P PASSWORDS, --PASSWORDS PASSWORDS

                        List of passwords to try. Not required for SSH

 

To scan a single target and enumerate based off of nmap results:

python3 recon.py -t 10.10.10.10

To Enumerate Web with larger wordlists

python3 recon.py -w 10.10.10.10

To Scan + Enumerate all IPv4 addr’s in ips.txt file

python3 recon.py -f ips.txt

Brute force ssh users on default port 22 If unique valid users found, brute force passwords

python3 recon.py -t 10.10.10.10 -b ssh

Same as above but for ssh on port 2222 etc…

python3 recon.py -t 10.10.10.10 -b ssh -p 2222

Demo

Copyright (c) 2019 Knowledge-Wisdom-Understanding

Source: https://github.com/gotr00t0day/

Tags: recon