RECON: Information Gathering Automation framework


Information Gathering Automation framework. This program is intended to be used in Kali Linux.


  • This tool is intended for CTF’s and can be fairly noisy. (Not the most stealth conscious tool…)
  • All tools in this project are compliant with the OSCP exam rules.
  • If Virtual Host Routing is detected, Auto-Recon will add the hostnames to your /etc/hosts file and continue to enumerate the newly discovered hostnames.
  • DNS enumeration is nerfed to ignore .com .co .eu .uk .git domains etc… since this tool was designed for CTF’s like hack the box. It will try to find most .htb and .local domains.
  • This project use’s various tools and chains them together as needed to enumerate a target based off nmap results.
  • Using python multiprocessing, services can be scanned quickly.


cd /opt
git clone
chmod +x
python3 -m pip install -r requirements.txt


       _____________          ____    ________________

/___/___ \ / / | /___/__ \ _____
/ / _ \______/__/ |______|__|_____ * \_________________/__/ |___
__/__/ /_\ \ | | \ __\/ _ \| | __/ __ \_/ ___\/ _ \| |
| | ___ \| | /| | ( |_| ) | | \ ___/\ \__( |_| ) | |
|___|____/\__\____|____/_|__|\_\____/|__|____|_ /\___ |\___ \____/|___| / \___\/ \__\/ \__\_/ \___\/

usage: python3 -t

An Information Gathering and Enumeration Framework

optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
Single IPv4 Target to Scan
-v, --version Show Current Version
-f FILE, --file FILE File of IPv4 Targets to Scan
-w WEB, --web WEB Get open ports for IPv4 address, then only Enumerate
Web & and Dns Services
-b {ftp,smb,http,ssh}, --brute {ftp,smb,http,ssh}
Experimental! - Brute Force ssh,smb,ftp, or http. -t,
--target is REQUIRED. Must supply only one protocol at
a time. Since there are already many stand-alone
bruteforce tools out there, for ssh, first valid users
will be enumerated before password brute is initiated,
when no user or passwords are supplied as options.
-p PORT, --port PORT port for brute forcing argument. If no port specified,
default port will be used
-u USER, --user USER Single user name for brute forcing, for SSH, if no
user specified, will default to
wordlists/usernames.txt and bruteforce usernames
List of usernames to try for brute forcing. Not yet
List of passwords to try. Not required for SSH


To scan a single target and enumerate based off of nmap results:

python3 -t

To Enumerate Web with larger wordlists

python3 -w

To Scan + Enumerate all IPv4 addr’s in ips.txt file

python3 -f ips.txt

Brute force ssh users on default port 22 If unique valid users found, brute force passwords

python3 -t -b ssh

Same as above but for ssh on port 2222 etc…

python3 -t -b ssh -p 2222


Copyright (c) 2019 Knowledge-Wisdom-Understanding