tib3rius / autorecon Goto Github PK

Hi Tib3rius,

Was hoping I could get your help on this. I think there is an update on the stuff that Autorecon is built on as my autorecon has stopped working all of a sudden after my most recent update on my Kali Linux Machine. I ran my usual command sudo env "PATH=$PATH" autorecon and it returned and error

Traceback (most recent call last):
  File "/home/kali/.local/bin/autorecon", line 5, in <module>
    from autorecon.autorecon import main
ModuleNotFoundError: No module named 'autorecon'

I also tried to reinstall autorecon in which I ran pipx install git+https://github.com/Tib3rius/AutoRecon.git which resulted in the following error:

Traceback (most recent call last):
  File "/home/kali/.local/bin/pipx", line 8, in <module>
    sys.exit(cli())
  File "/home/kali/.local/lib/python3.9/site-packages/pipx/main.py", line 609, in cli
    return run_pipx_command(parsed_pipx_args)
  File "/home/kali/.local/lib/python3.9/site-packages/pipx/main.py", line 156, in run_pipx_command
    return commands.install(
  File "/home/kali/.local/lib/python3.9/site-packages/pipx/commands/install.py", line 27, in install
    package_name = package_name_from_spec(
  File "/home/kali/.local/lib/python3.9/site-packages/pipx/commands/common.py", line 257, in package_name_from_spec
    package_name = venv.install_package_no_deps(
  File "/home/kali/.local/lib/python3.9/site-packages/pipx/venv.py", line 233, in install_package_no_deps
    old_package_set = self.list_installed_packages()
  File "/home/kali/.local/lib/python3.9/site-packages/pipx/venv.py", line 333, in list_installed_packages
    pip_list = json.loads(cmd_run.stdout.strip())
  File "/usr/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Let me know if you need more details

Anyone else having issues when trying to install via pipx. I installed all the requirements and when I attempt to install the required pre-reqs and get this:

kali@kali:~$ sudo pipx install git+https://github.com/Tib3rius/AutoRecon.git
Package cannot be a url

New version of gobuster uses Modes (https://github.com/OJ/gobuster#available-modes).

From _manual_commands.txt:
gobuster dir -u http://172.16.1.23:80/ -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -l -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx" -o "/root/labs/172.16.1.23/scans/tcp_80_http_gobuster_big.txt"

Produces the following error:
Error: unknown command "200,204,301,302,307,403,500" for "gobuster"
Run 'gobuster --help' for usage.

Modifying the command with 'dir' after gobuster works fine:
gobuster dir -u http://172.16.1.23:80/ -w /usr/share/seclists/Discovery/Web-Content/big.txt -e -k -l -s "200,204,301,302,307,403,500" -x "txt,html,php,asp,aspx" -o "/root/labs/172.16.1.23/scans/tcp_80_http_gobuster_big.txt"

For port-scan-profiles.toml, unicornscan is depreciated. Recommend "nmap -vv -T5 -sU –top-ports 100 X.X.X.X"

Issues adding a custom service. I see in the newer release dirb is now a service that is ran during enumeration. However while trying to add gobuster as a service I get errors on load. I am using the following syntax

[[http.scan]]
name = 'gobuster'
command = ['gobuster dir -u {scheme}://{address}:{port}/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -e -k -l -s "200,204,301,302,307,403,500"-z -o "{scandir}/{protocol}_{port}_{scheme}_gobuster_dirbuster.txt"'

Hi Tib3rius,

First of all thank you so much for such an awesome tool. The problem here is in "service-scans-default.toml" in the configs, you have used "gobuster -h 2>&1 | grep -F "mode (dir)"" , this will grep for string "mode (dir)" however in the later version of gobuster, their is no such text hence it does not get executed as expected.

update this to: `gobuster -h 2>&1 | grep -F "dir"

`
Thanks

Tried Installing it multiple times...
But it ain't working.

This is an enhancement request to add https://github.com/RicterZ/My-NSE-Scripts/blob/master/scripts/winrm.nse script to the full scan so it can find WinRM service running on a standard & non standard port.

AutoRecon is so very useful. Using it in my oscp labs now. Great stuff! Saves a lot of time, and the output is clear!

autorecon 192.168.1.100 192.168.1.1/30 localhost

may I know what is the localhost from the above for?

Simply running AutoRecon does create a _manual_commands.txt file with commands like dirb http://127.0.0.1:443/ /usr/share/seclists/Discovery/Web-Content/big.txt -l -r -S -X ",.txt,.html,.php,.asp,.aspx,.jsp" -o "/home/kali/HTB/BEEP/results/10.10.10.7/scans/results/127.0.0.1/scans/tcp_443_http_dirb_big.txt"
in.
However, no output file is actually created.

Running this command itself does run, but AutoRecon doesn't seem to run it.

Any Ideas?

Hello Sir, AutoRecon doesn't play the David Hasselhoff song as shown in this demo video:

https://streamable.com/8d03v

Is my AutoRecon broken?

(This issue was opened as a joke and not serious)

Running a scan results in smbmap scans throwing an exception

Example:
$ autorecon --single-target 10.11.1.5
$ cat smbmap-execute-command.txt
File "./smbmap.py", line 80
except Exception, e:
^

Got the following error when running autorecon.
[!] Service detection nmap-top-20-udp on 10.10.186.59 returned non-zero exit code: 1

Tried to run the nmap command manually and saw that it requires root access.

tried sudo autorecon but got the following instead.
Traceback (most recent call last): File "/home/kali/.local/bin/autorecon", line 5, in <module> from autorecon.autorecon import main ModuleNotFoundError: No module named 'autorecon'

This is my path after sudo

└─$ sudo echo $PATH
/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/kali/.local/bin

I have installed requirements, running on debian. When I run: sudo python autorecon.py I get the following error:

File "autorecon.py", line 52 def e(*args, frame_index=1, **kvargs): ^ SyntaxError: invalid syntax

uname -a: Linux parrot 5.3.0-1parrot1-amd64 #1 SMP Parrot 5.3.7-1parrot1 (2019-11-04) x86_64 GNU/Linux

I think most/all of the gobuster commands need to be revised because it seems the gobuster command line options have been reorganized:

obuster -h
Usage:
gobuster [command]

Available Commands:
dir Uses directory/file enumeration mode
dns Uses DNS subdomain enumeration mode
fuzz Uses fuzzing mode
help Help about any command
s3 Uses aws bucket enumeration mode
version shows the current version
vhost Uses VHOST enumeration mode

Flags:
--delay duration Time each thread waits between requests (e.g. 1500ms)
-h, --help help for gobuster
--no-error Don't display errors
-z, --no-progress Don't display progress
-o, --output string Output file to write results to (defaults to stdout)
-p, --pattern string File containing replacement patterns
-q, --quiet Don't print the banner and other noise
-t, --threads int Number of concurrent threads (default 10)
-v, --verbose Verbose output (errors)
-w, --wordlist string Path to the wordlist

Use "gobuster [command] --help" for more information about a command.

As you can see you now have to supply a command to gobuster to get to the directory enumeration functions. The individual options to the subcommands may have changed as well.

root@kalix64:~/OSCP/# nmap -vv --reason -Pn -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oN "/root/OSCP//results/10.11.1.420/scans/tcp_139_smb[99/99]
xt" -oX "/root/OSCP//results/10.11.1.420/scans/xml/tcp_139_smb_nmap.xml" 10.11.1.420
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-19 07:43 EDT
Segmentation fault
root@kalix64:~/OSCP/# nmap -d -vv --reason -Pn -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oN "/root/OSCP//results/10.11.1.420/scans/tcp_139_smb_nma
p.txt" -oX "/root/OSCP//results/10.11.1.420/scans/xml/tcp_139_smb_nmap.xml" 10.11.1.420
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-19 07:43 EDT
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI: unsafe=1
NSE: Arguments parsed: unsafe=1
Segmentation fault
root@kalix64:~/OSCP/# nmap -d -vv --reason -Pn -sV -p 139 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "/root/OSCP//results/10.11.1.420/scans/tcp_139_smb_nmap.txt" -oX "/root/OSCP/ma
il/results/10.11.1.420/scans/xml/tcp_139_smb_nmap.xml" 10.11.1.420
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-19 07:43 EDT
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 84 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 07:43

Not sure why removing --script-args="unsafe=1" makes it so that it does not seg fault though. Also not sure if this issue is just my kali box or not but figured I would share. Thanks for making this by the way. Literally the best enumeration tool. Saves so much time

Hi Tib3rius,

It would be great if AutoRecon outputted the total time the tool ran for.

Example - at the end of the scan it would say:

Finished scanning all targets in 2000 seconds.

Cheers

Press S or some other key to obtain a status update for the tasks that are still running and how long they have been running.

[*] [15:19:57] - There are 3 tasks still running on XXXX

So a user presses S

udp scan still running for X minutes
nitko still running for X minutes.

This is a known issue which appears to be infrequent. Sometimes when AutoRecon finishes running, or the user cancels execution, anything typed into the terminal doesn't get displayed. Commands still appear to get executed.

A workaround is to run the command: reset

nmap supports ipv6 with a -6 flag. I know other tools may or may not support those addresses.

in the following example, i've assigned the ipv6 address to a hostname in /etc/hosts...

$ sudo autorecon -o ipv6 --single-target ipv6target.local --nmap-append "-6"
[sudo] password for user:
[!] ipv6target.local does not appear to be a valid IP address, IP range, or resolvable hostname.
[!] You must specify at least one target to scan!
[!] You cannot provide more than one target when scanning in single-target mode.

--disable-sanity-checks doesn't make a difference

Add support for reading targets from a file.

onesixtyone scans are failing with the error message below.

[udp_161_snmp_onesixtyone.txt]:

Debug level 2
Target ip read from command line: 10.11.1.13
Using community file /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings_onesixtyone.txt
Error opening community file /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings_onesixtyone.txt

There is a typo in the name of this file in config/service-scans.toml. The problem was fixed when I changed it to:
/usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt

So I have attempted to do this 5 times now. every time I install pip3 I get a corrupted file which causes any HTTP method to crash, which then causes my system to not even allow me to recover.

Hi,

I am using the current version from git, Python 3.9.1rc1 on a Kali 2020.4, and get between the output of AutoRecon several times the following error:

Task exception was never retrieved
future: <Task finished name='Task-347' coro=<read_stream() done, defined at /home/kali/git/AutoRecon/src/autorecon/autorecon.py:221> exception=ValueError('Separator is not found, and chunk exceed the limit')>
Traceback (most recent call last):
  File "/usr/lib/python3.9/asyncio/streams.py", line 540, in readline
    line = await self.readuntil(sep)
  File "/usr/lib/python3.9/asyncio/streams.py", line 618, in readuntil
    raise exceptions.LimitOverrunError(
asyncio.exceptions.LimitOverrunError: Separator is not found, and chunk exceed the limit

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/kali/git/AutoRecon/src/autorecon/autorecon.py", line 224, in read_stream
    line = await stream.readline()
  File "/usr/lib/python3.9/asyncio/streams.py", line 549, in readline
    raise ValueError(e.args[0])
ValueError: Separator is not found, and chunk exceed the limit

I'm not sure what this is or what impact it has. Maybe this is a problem with Python 3.9?
Many thanks and greetings

OS: kali 2019.3 x64
uname -a:
Linux kali 5.3.0-kali1-amd64 #1 SMP Debian 5.3.7-1kali2 (2019-11-04) x86_64 GNU/Linux

root@kali:/# apt install curl enum4linux gobuster nbtscan nikto nmap onesixtyone oscanner smbclient smbmap smtp-user-enum snmpwalk sslscan svwar tnscmd10g whatweb wkhtmltoimage

Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package snmpwalk
E: Unable to locate package svwar
E: Unable to locate package wkhtmltoimage

/etc/apt/sources.list:
deb http://http.kali.org/kali kali-rolling main non-free contrib

Throw in a FUNDING.yml and let us pay thank you.

Running onesixtyone with the provided community string file will not work:

onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt -dd <TARGET_IP>
Debug level 2
Target ip read from command line: <TARGET_IP>
Using community file /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt
Community string too long

After some testing, I seem to have found that 33 strings is too many, but 32 is fine...

cat /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt | head -n 32 > file.txt
onesixtyone -c file.txt -dd <TARGET_IP>
Debug level 2
Target ip read from command line: <TARGET_IP>
Using community file file.txt
32 communities: public private 0 0392a0 1234 2read 4changes ANYCOM Admin C0de CISCO CR52401 IBM ILMI Intermec NoGaH$@! OrigEquipMfr PRIVATE PUBLIC Private Public SECRET SECURITY SNMP SNMP_trap SUN SWITCH SYSTEM Secr
et Security Switch System
Waiting for 10 milliseconds between packets
Scanning 1 hosts, 32 communities

cat /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt | head -n 33 > file.txt
onesixtyone -c file.txt -dd <TARGET_IP>
Debug level 2
Target ip read from command line: <TARGET_IP>
Using community file file.txt
Community string too long

Hi, how can I set timeout for this tool, my last scan was 7 hours 45 minutes

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#AutoRecon

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

• Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
• Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
• Fast: Using static and client side technologies resulting in fast browsing.
• Rich tables: search, sort, browse, filter, clear
• Fancy informational popups
• Badges / Shields
• Static API
• Twitter bot

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why?

• Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
• Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
• Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

Badges

The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make the project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care.

Can you add an auto updater in this?

AutoRecon version: a2a4667

$ autorecon -t $(pwd)/domains.txt
[!] _sip._tcp.conf.redacted.com does not appear to be a valid IP address, IP range, or resolvable hostname.
[!] _sips._tcp.conf.redacted.com does not appear to be a valid IP address, IP range, or resolvable hostname.
[!] _autodiscover._tcp.redacted.com does not appear to be a valid IP address, IP range, or resolvable hostname.
[!] A total of 734 targets would be scanned. If this is correct, re-run with the --disable-sanity-checks option to suppress this check.

Domains containing an underscore _ are detected as invalid.

Hello,

The results of using gobuster are only empty lines (in some cases a couple of hundreds). Sample:

:::::::::::::
tcp_80_http_gobuster.txt
::::::::::::::

/////
Gobuster v2.0.1 OJ Reeves (@TheColonial)
/////
/////
[+] Mode : dir
[+] Url/Domain : http://onetwoseven.htb:80/
[+] Threads : 10
[+] Wordlist : /usr/share/seclists/Discovery/Web-Content/common.txt
[+] Status codes : 200,204,301,302,307,403
[+] Show length : true
[+] Extensions : html,php,asp,aspx,txt
[+] Expanded : true
[+] Timeout : 10s
///////////////
/////

/////

2019/05/12 19:16:14 Starting gobuster
/////

Output:

empty lines.

I did try with many other targets and I obtained the same result.

After discovering finger service, the nmap is not starting automatically
To solve it, replace 'nmap' by 'name' as following in config/service-scans.toml

[[finger.scan]]
name = 'nmap-finger'
command = 'nmap {nmap_extra} -sV -p {port} --script="banner,finger" -oN "{scandir}/{protocol}_{port}finger_nmap.txt" -oX "{scandir}/xml/{protocol}{port}_finger_nmap.xml" {address}'

Sometimes there are reasons to have modified or added custom scans. Currently the only way to have those run is to modify port-scan-profiles.toml or service-scans.toml files. Unfortunately these changes are lost, unless backed up, each update and then the files must be manually compared to fixes.

A "customs" file in the config directory which is referenced would allow these custom scans to be ran in addition to or to replace the default scans included with a default install. The config file would not be updated with each revision allowing the custom scans to remain.

Possible solution:
Referencing the customs file, but not including it in the git so a fresh pull won't overwrite the customs file. A user would just have to create and properly name the file to match what the default install is looking for.

In the _error file, it shows the scan should look like this:
nmap -vv --reason -Pn -sV -p 445 --script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="unsafe=1" -oN "/media/sf_Writable/VHL/lucky_10.12.1.2/results/scans/tcp_445_smb_nmap.txt" -oX "/media/sf_Writable/VHL/lucky_10.12.1.2/results/scans/xml/tcp_445_smb_nmap.xml" 10.12.1.2

But in actuality, the scan is requested like this:
nmap -vv --reason -Pn -sV -p 445 "--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args=unsafe=1 -oN /media/sf_Writable/VHL/lucky_10.12.1.2/results/scans/tcp_445_smb_nmap.txt -oX /media/sf_Writable/VHL/lucky_10.12.1.2/results/scans/xml/tcp_445_smb_nmap.xml 10.12.1.2

Moving the quote (") for the script parameter fixes this issue. Instead of
"--script=banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)"
It should be:
--script="banner,(nbstat or smb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)"

Hi,

I was attempting a machine in OSCP labs and I found a difference in the results given by Autorecon compared to when I ran the commands manually from the log. On the results given by Autorecon, an error:

"Something weird happened: ("Unpacked data doesn't match constant value 'b''' should be ''ÿSMB''", 'When unpacking field 'Signature | "ÿSMB | b''[:4]'') on line 881"

Which then autorecon begins dumping the shares recursively and show all the files in the share. However, when I attempt to replicate this action by executing the command manually based on the command given in the _commands.log, I cannot replicate the same results. I am not sure if this is an a error or some hidden command that Autorecon is running as well which I presume that is not the case?

Ive scanned a host with the next command:
nmap -sV -Pn -p 445 --script='smb-vul*' --script-args=unsafe=1 $ip

and it shows that is vulnerable to ms08_067 (and it is, ive exploited it)

using your python whit the next command:
python3 autorecon.pi ip

it doesnt show this vulnerability. I´ve got the same problem using this command, which is similar to the one used in the python:
nmap -sV -Pn -p 445 --script='(smb*) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $ip

There's no easy way to do feature voting on GitHub (to my knowledge), so this will be a comment poll. One vote per person.

Since gobuster v3 is not backwards compatible with gobuster v2, and the OffSec Kali VM by default comes with gobuster v2, AutoRecon's default directory buster was changed to dirb to avoid instances where AutoRecon was trying to use the wrong gobuster syntax.

dirb is good, but it's not as good as gobuster. Hence, this poll which will ultimately decide whether AutoRecon should require people to install / upgrade gobuster v3.

Vote by stating either dirb or gobuster. If you want to leave a comment / argument, please make your vote clear (e.g. by using bold text).

I followed the guide and attempted the following command which failed:
sudo pipx install git+https://github.com/Tib3rius/AutoRecon.git

It looked like most of it worked, but a select few lines were errors:

I'd appreciate any help with this, thanks.

I'm getting this error when trying to execute the command:

Traceback (most recent call last):
File "/usr/lib/python3.8/concurrent/futures/process.py", line 239, in _process_worker
r = call_item.fn(*call_item.args, **call_item.kwargs)
File "autorecon.py", line 644, in scan_host
os.makedirs(basedir, exist_ok=True)
File "/usr/lib/python3.8/os.py", line 213, in makedirs
makedirs(head, exist_ok=exist_ok)
File "/usr/lib/python3.8/os.py", line 223, in makedirs
mkdir(name, mode)
PermissionError: [Errno 13] Permission denied: '/opt/AutoRecon/src/autorecon/results'
"""

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "autorecon.py", line 880, in
main()
File "autorecon.py", line 868, in main
future.result()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 432, in result
return self.__get_result()
File "/usr/lib/python3.8/concurrent/futures/_base.py", line 388, in __get_result
raise self._exception
PermissionError: [Errno 13] Permission denied: '/opt/AutoRecon/src/autorecon/results'

Kali 2020.1
When I check try and run the command from _error it tells me the command needs elevated privileges.
You requested a scan type which requires root privileges.
QUITTING!

All the other commands that run are fine. No issues. Great tool.

Hi,

It would be really good to be able to output the report into CherryTree note taking application.

A few people have tried to do similar work:

• CherryMap - Standalone tool for taking nmap output and outputing CherryTree (recommends nmap -oA), possibly useful for integration.
• AutoRecon-OSCP - A fork of AutoRecon to do this, annoyingly with a clean git ancestry making it hard to compare the fork. It looks like it has its own standalone tool for doing the import. It doesn't appear to be easily maintainable, and I haven't seen an attempt to upstream the change.
• cherrytree-nmap - not looked at

There are a couple of templates for CherryTree floating around, such as https://guide.offsecnewbie.com/cherrytree-oscp-template

Thanks

I know this is uber noob, but I followed the directions, autorecon installed, however I am not able to execute the command. Is there something else I need to do?

Hello, first of all thanks for the great tool !!

I have an issue (that I didn't have before an update) that restrain me from using a new profile. For instance, I add the following lines to the port-scan-profiles-default.toml file:

[quick_tcp_https]

    [quick_tcp_https.nmap-quick]

        [quick_tcp_https.nmap-quick.service-detection]
        command = 'nmap {nmap_extra} -p 443 -sCTV --version-all -oN "{scandir}/_quick_tcp_https_nmap.txt" -oX "{scandir}/xml/_quick_tcp_https_nmap.xml" {address}'
        pattern = '^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$'

Then when I launch it I have the following error:

(AutoRecon-bH7IoBVb) - ~/AutoRecon/src/autorecon # python autorecon.py --profile quick_tcp_https
[!] Argument --profile: must reference a port scan profile defined in {port_scan_profiles_config_file}. No such profile found: quick_tcp_https

Any idea on this? I was doing this before and it worked fine, now I can't figure out why it doesn't work when the name differs from the original profiles (quick, default, udp)

Cheers !

Possible Enhancement:

When running autorecon against 44 hosts concurrently today (for fun)....5 hours later I was thinking that it might be nice if there was some kind of flag that would indicate which hosts are finished. Perhaps the folders can be named IPAddress_InProgress then at completion renamed to IPAddress_Completed

It would be a quick visual to see that a box is completed if the color was different for that line.

dirb needsdirb URL wordlist -o "output"

Current just uses the default wordlist, which is not the intention.

	[-] (dirb) Recursive directory/file enumeration for web servers using various wordlists (same as dirsearch above):

		dirb http://10.11.1.116:80/ -o "/root/work/reconnoitre/10.11.1.116/scans/tcp_80_http_dirb_big.txt" /usr/share/seclists/Discovery/Web-Content/big.txt

		dirb http://10.11.1.116:80/ -o "/root/work/reconnoitre/10.11.1.116/scans/tcp_80_http_dirb_dirbuster.txt" /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Demo

root@kali:/tmp# echo foo > /tmp/wordlist
root@kali:/tmp# dirb http://127.0.0.1 -o "output" /tmp/wordlist

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

OUTPUT_FILE: output
START_TIME: Fri Apr 19 07:18:44 2019
URL_BASE: http://127.0.0.1/
WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

-----------------

GENERATED WORDS: 4612                                                          

---- Scanning URL: http://127.0.0.1/ ----
+ http://127.0.0.1/index.html (CODE:200|SIZE:6)                                                                                                                                                                                                   
^C> Testing: http://127.0.0.1/livesupport                                                                                                                                                                                                         
root@kali:/tmp# dirb http://127.0.0.1  /tmp/wordlist -o "output" 

-----------------
DIRB v2.22    
By The Dark Raver
-----------------

OUTPUT_FILE: output
START_TIME: Fri Apr 19 07:19:05 2019
URL_BASE: http://127.0.0.1/
WORDLIST_FILES: /tmp/wordlist

-----------------

GENERATED WORDS: 1                                                             

---- Scanning URL: http://127.0.0.1/ ----
                                                                                                                                                                                                                                                  
-----------------
END_TIME: Fri Apr 19 07:19:05 2019
DOWNLOADED: 1 - FOUND: 0
root@kali:/tmp# 

This isn't an "issue" so much as an annoyance. The notes.txt file (/results//report/notes.txt) is quadruple-spaced. For example:

  1 [*] netbios-ns found on udp/137.
  2 
  3 
  4 
  5 [*] upnp found on udp/1900.
  6 
  7 
  8 
  9 [*] msrpc found on tcp/135.
 10 
 11 
 12 
 13 [*] netbios-ssn found on tcp/139.