{"id":13843190,"url":"https://github.com/Knowledge-Wisdom-Understanding/recon","last_synced_at":"2025-07-11T18:30:43.068Z","repository":{"id":55538658,"uuid":"203928925","full_name":"Knowledge-Wisdom-Understanding/recon","owner":"Knowledge-Wisdom-Understanding","description":"Enumerate a target Based off of Nmap Results","archived":false,"fork":false,"pushed_at":"2023-10-25T06:57:32.000Z","size":18478,"stargazers_count":78,"open_issues_count":0,"forks_count":24,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-02T07:14:37.548Z","etag":null,"topics":["cyber-security","cybersecurity","enumeration","hacking-tool","hacking-tools","information-gathering","kali-linux","knowledge-wisdom-understanding","penetration-testing","pentest-tools","pentesting","recon","reconnaissance","redteam","scanner","scanner-web","scanning-enumeration"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Knowledge-Wisdom-Understanding.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"Knowledge-Wisdom-Understanding"}},"created_at":"2019-08-23T05:19:51.000Z","updated_at":"2025-04-07T15:28:22.000Z","dependencies_parsed_at":"2024-11-21T14:43:02.239Z","dependency_job_id":null,"html_url":"https://github.com/Knowledge-Wisdom-Understanding/recon","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/Knowledge-Wisdom-Understanding/recon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Knowledge-Wisdom-Understanding%2Frecon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Knowledge-Wisdom-Understanding%2Frecon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Knowledge-Wisdom-Understanding%2Frecon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Knowledge-Wisdom-Understanding%2Frecon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Knowledge-Wisdom-Understanding","download_url":"https://codeload.github.com/Knowledge-Wisdom-Understanding/recon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Knowledge-Wisdom-Understanding%2Frecon/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264869981,"owners_count":23676139,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cyber-security","cybersecurity","enumeration","hacking-tool","hacking-tools","information-gathering","kali-linux","knowledge-wisdom-understanding","penetration-testing","pentest-tools","pentesting","recon","reconnaissance","redteam","scanner","scanner-web","scanning-enumeration"],"created_at":"2024-08-04T17:01:57.023Z","updated_at":"2025-07-11T18:30:43.045Z","avatar_url":"https://github.com/Knowledge-Wisdom-Understanding.png","language":"Python","funding_links":["https://github.com/sponsors/Knowledge-Wisdom-Understanding"],"categories":["Python","Python (1887)"],"sub_categories":[],"readme":"# O.G. AUTO-RECON\n\n## Features\n\n- The purpose of O.G. Auto-Recon is to automate the initial information gathering phase and then enumerate based off those results as much as possible.\n- This tool is intended for CTF's and can be fairly noisy. (Not the most stealth conscious tool...)\n- Command syntax can be easily modified in the [Config](../master/config/config.yaml) settings. \\$variable names should remain unchanged.\n- If Virtual Host Routing is detected, **O.G. Auto-Recon** will add the host names to your /etc/hosts file and continue to enumerate the newly discovered host names.\n- DNS enumeration is nerfed to ignore .com .co .eu .uk domains etc... since this tool was designed for CTF's like for instance, \"hack the box\". It will try to find most .htb domains if dns server's are detected..\n- This project use's various stand-alone \u0026 custom tools to enumerate a target based off nmap results.\n- All Commands and output are logged to a Report folder in the users ~/.local/share/autorecon/report directory using the naming context, \"report/IP-ADDRESS/\" which will look something like, report/10.10.10.108/ with a directory tree structure similar to this [report tree structure](../master/docs/overview.md)\n\n### INSTALLATION\n\n- Virtual Environment is the preferred method of installation\n\n```bash\nmkdir -p ~/pyenv\npython3 -m pip install virtualenv\nvirtualenv -p python3 ~/pyenv/autorecon\n```\n\n```bash\ncd /opt\ngit clone https://github.com/Knowledge-Wisdom-Understanding/recon.git\ncd recon\nchmod +x setup.sh\n./setup.sh\nsource ~/pyenv/autorecon/bin/activate\npython3 -m pip install -r requirements.txt\npython3 setup.py install\n```\n\n### Usage\n\n```text\n\n _____________ ____ ________________\n /___/___ \\ / / | /___/__ \\ Mr.P-Millz _____\n O.G./ / _ \\______/__/ |______|__|_____ * \\_________________/__/ |___\n __/__/ /_\\ \\ | | \\ __\\/ _ \\| | __/ __ \\_/ ___\\/ _ \\| |\n | | ___ \\| | /| | ( |_| ) | | \\ ___/\\ \\__( |_| ) | |\n |___|____/\\__\\____|____/_|__|\\_\\____/|__|____|_ /\\___ |\\___ \\____/|___| /\n github.com/Knowledge-Wisdom-Understanding \\___\\/ \\__\\/ \\__\\_/ \\___\\/ v4.2.0\n\n\nusage: autorecon -t 10.10.10.10\n\nAn Information Gathering and Enumeration Framework\n\noptional arguments:\n -h, --help show this help message and exit\n -t TARGET, --target TARGET\n Single IPv4 Target to Scan\n -F, --FUZZ auto fuzz found urls ending with .php for params\n -v, --version Show Current Version\n -f FILE, --file FILE File of IPv4 Targets to Scan\n -w [WEB], --web [WEB]\n Get open ports for IPv4 address, then only Enumerate\n Web \u0026 and Dns Services. -t,--target must be specified.\n -w, --web takes a URL as an argument. i.e. python3\n recon.py -t 10.10.10.10 -w secret\n -i {http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} [{http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} ...], --ignore {http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} [{http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} ...]\n Service modules to ignore during scan.\n -s {http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} [{http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} ...], --service {http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} [{http,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,removecolor,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm} ...]\n Scan only specified service modules\n -b {ftp,smb,http,ssh}, --brute {ftp,smb,http,ssh}\n Experimental! - Brute Force ssh,smb,ftp, or http. -t,\n --target is REQUIRED. Must supply only one protocol at\n a time. For ssh, first valid users will be enumerated\n before password brute is initiated, when no user or\n passwords are supplied as options.\n -p PORT, --port PORT port for brute forcing argument. If no port specified,\n default port will be used\n -u USER, --user USER Single user name for brute forcing, for SSH, if no\n user specified, will default to\n wordlists/usernames.txt and bruteforce usernames\n -U USERS, --USERS USERS\n List of usernames to try for brute forcing. Not yet\n implimented\n -P PASSWORDS, --PASSWORDS PASSWORDS\n List of passwords to try. Optional for SSH, By default\n wordlists/probable-v2-top1575.txt will be used.\n\n```\n\nTo scan a single target and enumerate based off of nmap results:\n\n```shell\nautorecon -t 10.10.10.10\n```\n\nTo Enumerate Web with larger wordlists\n\n- If you don't want to specify a directory , you can just enter ' ' as the argument for --web\n\n```shell\nautorecon -t 10.10.10.10 -w secret\nautorecon -t 10.10.10.10 -w somedirectory\nautorecon -t 10.10.10.10 -w ' '\n```\n\nTypically, on your first run, you should only specify the -t --target option (autorecon -t 10.10.10.10)\nBefore you can use the -s --service option to specify specific modules, you must have already ran the topports module.\nFor instance, if you really wanted to skip all other modules on your first run, and only scan the web after topports,\nyou could do something like,\n\n```shell\nautorecon -t 10.10.10.10 -s topports dns http httpcms ssl sslcms sort_urls aquatone source\n```\n\nOr skip web enumeration all together but scan everything else.\n\n```shell\nautorecon -t 10.10.10.10 -i dns http httpcms ssl sslcms sort_urls aquatone source\n```\n\nThe remaining services module is also dependent on the topports and or fulltcp module.\nNow you can skip doing a fulltcp scan if the target is slow. However, be advised,\nThe UDP nmap scan is bundled with the fulltcp module currently, so skipping fulltcp module\nwill result in missing some udp enumeration.\n\nTo Scan + Enumerate all IPv4 addr's in ips.txt file\n\n```shell\nautorecon -f ips.txt\n```\n\nTo Fuzz all found php urls for parameters, you can use the -F --FUZZ flag with no argument.\n\n```shell\nautorecon -t 10.10.10.10 --FUZZ\n```\n\nBrute force ssh users on default port 22 If unique valid users found, brute force passwords\n\n```shell\nautorecon -t 10.10.10.10 -b ssh\n```\n\nSame as above but for ssh on port 2222 etc...\n\n```shell\nautorecon -t 10.10.10.10 -b ssh -p 2222\nautorecon -t 10.10.10.10 -b ssh -p 2222 -u slickrick\n```\n\nTo ignore certain services from being scanned you can specify the -i , --ignore flag. \nWhen specifying multiple services to ignore, services MUST be space delimited. Only ignore topports if you have already ran this module\nas most other modules are dependent on nmap's initial top ports output.\nAll the available modules are as follows:\n\n```text\nhttp,httpcms,ssl,sslcms,aquatone,smb,dns,ldap,oracle,source,sort_urls,proxy,proxycms,fulltcp,topports,remaining,searchsploit,peaceout,ftpAnonDL,winrm\n```\n\n```shell\nautorecon -t 10.10.10.10 -i http\nautorecon -t 10.10.10.10 -i http ssl\nautorecon --target 10.10.10.10 --ignore fulltcp http\n```\n\nYou can also specify services that you wish to only scan, similar to the --ignore option, the -s, --service option will only scan the service specified.\nPlease note that before you can use the -s, --service option, You must have already ran the topports nmap scan as most modules are dependent on nmap's output.\n\n```shell\nautorecon -t 10.10.10.10 -s topports remaining\n```\n\n```shell\nautorecon -t 10.10.10.10 -s http httpcms\nautorecon -t 10.10.10.10 --service oracle\n```\n\n#### Important\n\n- MAKE SURE TO CHECK OUT THE [Config](../master/config/config.yaml) file for all your customization needs :octocat:\n- All required non-default kali linux dependencies are included in setup.sh.\n\n## Demo\n\n| Recon | Brute |\n| ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------- |\n| \u003cimg align=\"left\" width=\"575\" height=\"363\" src=\"https://github.com/Knowledge-Wisdom-Understanding/recon/blob/master/img/auto.gif\"\u003e | \u003cimg align=\"left\" width=\"575\" height=\"363\" src=\"https://github.com/Knowledge-Wisdom-Understanding/recon/blob/master/img/sshBrute.gif\"\u003e |\n\nThis program is intended to be used in kali linux.\nIf you notice a bug or have a feature request. Please create an issue or submit a pull request. Thanks!\n\n## Disclaimer\n\n**Usage of recon.py for testing or exploiting websites without prior mutual consistency can be considered as an illegal activity. This tool is intended for CTF machines only. It is the final user's responsibility to obey all applicable local, state and federal laws. Authors assume no liability and are not responsible for any misuse or damage caused by this program.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKnowledge-Wisdom-Understanding%2Frecon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FKnowledge-Wisdom-Understanding%2Frecon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKnowledge-Wisdom-Understanding%2Frecon/lists"}