AutoRecon: A Multi-Threaded Network Reconnaissance Tool

Play

Note: The audio version doesn't include code or commands. Those parts of the post can be seen in the text version. With organizations' digital footprints growing larger and larger, network recon and the enumeration of services available over the public internet has become a critical area in the security of an organization. And given the increased number of vulnerabilities and threats targeting web applications, performing automated recon and service enumeration is ever more important. Fortunately, using open-source and free-to-use tools such as recon NG has streamlined this process to the point of near-automation. Today we'll take a look at AutoRecon, aimed at doing just that: automating your network recon and service enumeration methods. What is Autorecon? AutoRecon is an open-source project built to perform network reconnaissance with automated service enumeration. The advantage that AutoRecon provides over other information gathering and internet scanning tools is that it allows one to further process—and further act upon—information gathered directly within AutoRecon. This includes performing actions like Nmap as well as running the gathered data through other scanning tools, such as feroxbuster, SSL Scan, NBT Scan, Nikto and more. Installing Autorecon Note: As its dependencies are easily available on KaliLinux, we suggest using AutoRecon on that distribution. To begin with, ensure you have python3 and pip available. Next, use Python pip to grab the latest version of AutoRecon and install it. Next, you'll need to install certain dependencies. Run the command to determine whether it's been successfully installed. Which should then give you the following output containing various options available in AutoRecon: Usage Getting started with AutoRecon is super simple—one can even run AutoRecon without any flags or options: Replace domain.com with a domain name that you wish to scan. Once the command has finished executing, it should then return the following output: Analyzing the results After a scan completes, AutoRecon saves the scan results in the "results" directory, inside of which a new subdirectory is created for every target being scanned by AutoRecon. The results structure created by AutoRecon is as shown below: The exploit directory is used to store any exploit code you run for the target being scanned. The loot directory is intended to store any hashes or notable files you find on the target you're scanning. The report directory contains reports of the scan performed by AutoRecon; files are generated as follows: local.txt can be used to store the local.txt flag found on targets. notes.txt should contain a basic template where you can write notes for each service discovered. proof.txt can be used to store the proof.txt flag found on the target. The screenshots directory is used to store any screenshots you use to document the exploitation of the target. The scans directory is where all results from scans performed by AutoRecon will go. This includes all commands executed by AutoRecon and whether any commands failed or succeeded as well. The scans-XML directory stores scan data results in XML format (from Nmap, etc.) which can be used to easily import scan results data into other software for further processing or storing. Further understanding the results Finding the webserver version With the output we gather from AutoRecon, one can find the version of the webserver running on the target system as well. Most web servers expose their name and version by default; for example, from the Nmap output: This tells us the webserver running on the target being scanned is engine X 1.14.0 Detecting operating systems Looking even further with the output we've gathered above, the webserver often exposes the operating system or operating system family, too. Also, as shown above, we can see the target being scanned runs on Ubuntu. Gathering screenshots along the way Often, web application screenshots can tell a lot, they can expos...