How to run Autorecon for Enumeration
How to run Autorecon for Enumeration in Kali Linux Link to heading
Autorecon is a autmated script (Reconnaissance Tool)which is manily used in OSCP exams for running mutiple automated scripts at one time. I still receommned to keep a note your manaual commands even if you are using Autorecon scripts. Before attempting please make sure you are using Python3 and pip isntalled on kali. Refer here.
Make sure you have also installed below programs in Kali. You can refer the official page to confirm if any new packages added at the time of installation.
sudo apt install seclists curl enum4linux feroxbuster gobuster impacket-scripts nbtscan nikto nmap onesixtyone oscanner redis-tools smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf
──(rocky㉿kali)-[/opt/AutoRecon]
└─$ sudo apt install python3-venv
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
python3-venv is already the newest version (3.9.7-1).
The following package was automatically installed and is no longer required:
libiscsi7
Use 'sudo apt autoremove' to remove it.
0 upgraded, 0 newly installed, 0 to remove and 1657 not upgraded.
┌──(rocky㉿kali)-[/opt/AutoRecon]
└─$ python3 -m pip install --user pipx
Collecting pipx
Downloading pipx-1.0.0-py3-none-any.whl (54 kB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 54.6/54.6 KB 936.1 kB/s eta 0:00:00
Requirement already satisfied: packaging>=20.0 in /usr/lib/python3/dist-packages (from pipx) (20.9)
Collecting argcomplete>=1.9.4
Downloading argcomplete-2.0.0-py2.py3-none-any.whl (37 kB)
Collecting userpath>=1.6.0
Downloading userpath-1.8.0-py3-none-any.whl (9.0 kB)
Requirement already satisfied: click in /usr/lib/python3/dist-packages (from userpath>=1.6.0->pipx) (7.1.2)
Installing collected packages: userpath, argcomplete, pipx
WARNING: The script userpath is installed in '/home/rocky/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
WARNING: The script pipx is installed in '/home/rocky/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed argcomplete-2.0.0 pipx-1.0.0 userpath-1.8.0
┌──(rocky㉿kali)-[/opt/AutoRecon]
└─$ python3 -m pipx ensurepath
Success! Added /home/rocky/.local/bin to the PATH environment variable.
Consider adding shell completions for pipx. Run 'pipx completions' for instructions.
You will need to open a new terminal or re-login for the PATH changes to take effect.
Otherwise pipx is ready to go! ✨ 🌟 ✨
┌──(rocky㉿kali)-[~]
└─$ pipx install git+https://github.com/Tib3rius/AutoRecon.git
installed package autorecon 2.0.17, installed using Python 3.9.7
These apps are now globally available
- autorecon
done! ✨ 🌟 ✨
┌──(rocky㉿kali)-[~]
└─$ autorecon -h
[!] It looks like the config/plugins in /home/rocky/.config/AutoRecon are outdated. Please remove the /home/rocky/.config/AutoRecon directory and re-run AutoRecon to rebuild them.
usage: autorecon [-t TARGET_FILE] [-p PORTS] [-m MAX_SCANS] [-mp MAX_PORT_SCANS] [-c CONFIG_FILE] [-g GLOBAL_FILE] [--tags TAGS] [--exclude-tags TAGS]
[--port-scans PLUGINS] [--service-scans PLUGINS] [--reports PLUGINS] [--plugins-dir PLUGINS_DIR] [--add-plugins-dir PLUGINS_DIR] [-l [TYPE]] [-o OUTPUT]
[--single-target] [--only-scans-dir] [--no-port-dirs] [--heartbeat HEARTBEAT] [--timeout TIMEOUT] [--target-timeout TARGET_TIMEOUT]
[--nmap NMAP | --nmap-append NMAP_APPEND] [--proxychains] [--disable-sanity-checks] [--disable-keyboard-control] [--force-services SERVICE [SERVICE ...]]
[-mpti PLUGIN:NUMBER [PLUGIN:NUMBER ...]] [-mpgi PLUGIN:NUMBER [PLUGIN:NUMBER ...]] [--accessible] [-v] [--version]
[--onesixtyone.community-strings VALUE] [--curl.path VALUE] [--dirbuster.tool {feroxbuster,gobuster,dirsearch,ffuf,dirb}]
[--dirbuster.wordlist VALUE [VALUE ...]] [--dirbuster.threads VALUE] [--dirbuster.ext VALUE] [--global.username-wordlist VALUE]
[--global.password-wordlist VALUE] [--global.domain VALUE] [-h]
[targets ...]
Network reconnaissance tool to port scan and automatically enumerate services found on multiple targets.
positional arguments:
targets IP addresses (e.g. 10.0.0.1), CIDR notation (e.g. 10.0.0.1/24), or resolvable hostnames (e.g. foo.bar) to scan.
─$ sudo python3 autorecon.py 10.10.10.82
[*] Scanning target 10.10.10.82
[*] 06:43:05 - There are 3 scans still running against 10.10.10.82
[*] 06:44:05 - There are 3 scans still running against 10.10.10.82
[*] 06:45:05 - There are 3 scans still running against 10.10.10.82
[*] [tcp/80/http/known-security] There did not appear to be a .well-known/security.txt file in the webroot (/).
[*] [tcp/80/http/curl-robots] There did not appear to be a robots.txt file in the webroot (/).
[*] [tcp/8080/http/known-security] There did not appear to be a .well-known/security.txt file in the webroot (/).
[*] [tcp/8080/http/curl-robots] There did not appear to be a robots.txt file in the webroot (/).
[*] 06:46:05 - There are 13 scans still running against 10.10.10.82
[*] [tcp/5985/http/known-security] There did not appear to be a .well-known/security.txt file in the webroot (/).
[*] [tcp/5985/http/curl-robots] There did not appear to be a robots.txt file in the webroot (/).
[*] [tcp/47001/http/known-security] There did not appear to be a .well-known/security.txt file in the webroot (/).
[*] [tcp/47001/http/curl-robots] There did not appear to be a robots.txt file in the webroot (/).
[*] 06:47:05 - There are 12 scans still running against 10.10.10.82
[*] 06:48:05 - There are 5 scans still running against 10.10.10.82
[*] 06:49:05 - There are 3 scans still running against 10.10.10.82
[*] 06:50:05 - There are 3 scans still running against 10.10.10.82
[*] 06:51:05 - There are 3 scans still running against 10.10.10.82
[*] 06:52:05 - There are 2 scans still running against 10.10.10.82
[*] Finished scanning target 10.10.10.82 in 10 minutes, 28 seconds
[*] Finished scanning all targets in 10 minutes, 29 seconds!
[*] Don't forget to check out more commands to run manually in the _manual_commands.txt file in each target's scans directory!
$ cd results
┌──(rocky㉿kali)-[/opt/AutoRecon/results]
└─$ ls
10.10.10.13 10.10.10.82
┌──(rocky㉿kali)-[/opt/AutoRecon/results]
└─$ cd 10.10.10.82
┌──(rocky㉿kali)-[/opt/AutoRecon/results/10.10.10.82]
└─$ ls
exploit loot report scans
This create a separate folder like above. If you want to create a single file use this command.
┌──(rocky㉿kali)-[~/hckbox/silo]
└─$ ls
alltcp1.txt alltcp.txt alludp.txt detailed.txt results
┌──(rocky㉿kali)-[~/hckbox/silo]
└─$ cd results
┌──(rocky㉿kali)-[~/hckbox/silo/results]
└─$ ls
exploit loot report scans
┌──(rocky㉿kali)-[~/hckbox/silo/results]
└─$ cd report
┌──(rocky㉿kali)-[~/hckbox/silo/results/report]
└─$ ls
local.txt notes.txt proof.txt report.md screenshots
┌──(rocky㉿kali)-[~/hckbox/silo/results/report]
└─$ less -r notes.txt
You can even do list of IPs together by autorecon -t servers.txt. Servers.txt is the IP address of servers.