Skip to content

Modifications on the Autorecon script to go further #

Unsure if this still applies to the newer versions of autorecon

  • SERVICE-SCANS.TOML
1
2
3
4
5
6
7
8
9
# Replace default password list for OSCP
#password_wordlist = '/usr/share/seclists/Passwords/darkweb2017-top100.txt' 
# or use Top 3 million passwords 
password_wordlist = '/usr/share/wordlists/rockyou-50k.txt'

# insert below the [[all-services.scan]]
    [[unicornscan-full-udp]]
    name = 'unicornscan-full-udp.service-detection'
    command = 'unicornscan -v -m U -p a {address}  >> "{scandir}/_unicornscan-full-udp.txt"'
  • HTTP

    • Simply insert as additional scan
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    [[http.scan]]
    name = 'http-vuln-scan-nmap'
    description = 'Nmap scans for HTTP vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:'
    command = 'nmap {nmap_extra} -sV -p {port} -Pn --script="http-vuln-*" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_http_nmap_vuln.txt" -oX "{scandir}/xml/{protocol}_{port}_http_nmap_vuln.xml" {address}'
    
    
    # Simply insert as additional scan
        [[http.scan]]
        name = 'wafw00f'
        description = 'Wafw00f to detect WAF'
        command = 'wafw00f -a {scheme}://{address}:{port} 2>&1 | tee  "{scandir}/{protocol}_{port}_http_wafw00f.txt" '
    
    
    # Simply insert as additional scan
        [[http.scan]]
        name = 'davtest'
        description = 'davtest to detect if WebDAV is turned ON'
        command = 'davtest -url {scheme}://{address}:{port} 2>&1 | tee  "{scandir}/{protocol}_{port}_http_davtest.txt" '
    
    
    # Simply insert as additional scan
        [[http.scan]]
        name = 'http-sqli-scan-nmap'
        description = 'Nmap scans for SQLi vulnerabilities'
        command = 'nmap {nmap_extra} -sV -p {port} -Pn --script=http-sql-injection -oN "{scandir}/{protocol}_{port}_http_nmap_sqli.txt" -oX "{scandir}/xml/{protocol}_{port}_http_nmap_sqli.xml" {address}'
    
    
    # In [[http.scan]] 
        name = 'nikto'
    # insert the '-C all' in the command= of nikto
    
    
    # In [[http.scan]] comment-out dirb and insert gobuster
        [[http.scan]]
        name = 'gobuster'
       command = 'gobuster -v dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u {scheme}://{address}:{port}/ -o "{scandir}/{protocol}_{port}_{scheme}_gobuster_dirbuster.txt" -l -t 50 -k --wildcard'
    
  • SMB

    • Simply insert as additional scan
       1
       2
       3
       4
       5
       6
       7
       8
       9
      10
      11
      12
      13
      [[smb.scan]]
      name = 'smb-vuln-scan-nmap'
      description = 'Nmap scans for SMB vulnerabilities that could potentially cause a DoS if scanned (according to Nmap). Be careful:'
      command = 'nmap {nmap_extra} -sV -p {port} --script="smb-vuln-*" --script-args="unsafe=1" -oN "{scandir}/{protocol}_{port}_nmap_smb_vuln.txt" -oX "{scandir}/xml/{protocol}_{port}_nmap_smb_vuln.xml" {address}'
      
      
      [[smb.scan]]
      name = 'smb-version-139'
      command = '/bin/sh /root/Tools/NetworkAttacks/SMB/smbver_autorecon.sh {address} >> "{scandir}/smb-version-139.txt" '
      
      [[smb.scan]]
      name = 'smb-version-445'
      command = '/bin/sh /root/Tools/NetworkAttacks/SMB/smbver_autorecon.sh {address} 445 >> "{scandir}/smb-version-445.txt" '
      

Last update: January 22, 2021