Reconnoitre: multithreaded information gathering/service enumeration
Reconnoitre
A reconnaissance tool made for the OSCP labs to automate information gathering and service enumeration whilst creating a directory structure to store results, findings and exploits used for each host, recommended commands to execute and directory structures for storing loot and flags.
Installation
Usage
This tool can be used and copied for personal use freely however attribution and credit should be offered to Mike Czumak who originally started the process of automating this work.
| Argument | Description |
|---|---|
| -h, –help | Display help message and exit |
| -t TARGET_HOSTS | Set either a target range of addresses or a single host to target. May also be a file containing hosts. |
| -o OUTPUT_DIRECTORY | Set the target directory where results should be written. |
| -w WORDLIST | Optionally specify your own wordlist to use for pre-compiled commands, or executed attacks. |
| –dns DNS_SERVER | Optionally specify a DNS server to use with a service scan. |
| –pingsweep | Write a new target.txt file in the OUTPUT_DIRECTORY by performing a ping sweep and discovering live hosts. |
| –dnssweep | Find DNS servers from the list of target(s). |
| –snmp | Find hosts responding to SNMP requests from the list of target(s). |
| –services | Perform a service scan over the target(s) and write recommendations for further commands to execute. |
| –snmpwalk | SNMP walk target hosts and save results. |
| –hostnames | Attempt to discover target hostnames and write to hostnames.txt. |
| –quiet | Supress banner and headers and limit feedback to grepable results. |
| –execute | Execute shell commands from recommendations as they are discovered. Likely to lead to very long execution times depending on the wordlist being used and discovered vectors. |
| –simple_exec | Execute non-brute forcing shell comamnds only commands as they are discovered. Likely to lead to very long execution times depending on the wordlist being used and discovered vectors. |
| –quick | Move to the next target after performing a quick scan and writing first-round recommendations. |
Usage Examples
Note that these are some examples to give you insight into potential use cases for this tool. Command lines can be added or removed based on what you wish to acomplish with your scan.
Scan a single host, create a file structure and discover services
Copyright (C) codingo
Source: https://github.com/codingo/
