reddit hackernews mail facebook facebook linkedin


Multi-threaded network reconnaissance tool which performs automated enumeration of services.

AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services. It is intended as a time-saving tool for use in CTFs and other penetration testing environments (e.g. OSCP). It may also be useful in real-world engagements.

The tool works by firstly performing port scans / service detection scans. From those initial results, the tool will launch further enumeration scans of those services using a number of different tools. For example, if HTTP is found, feroxbuster will be launched (as well as many others).

Everything in the tool is highly configurable. The default configuration performs no automated exploitation to keep the tool in line with OSCP exam rules. If you wish to add automatic exploit tools to the configuration, you do so at your own risk. The author will not be held responsible for negative actions that result from the mis-use of this tool.

- Supports multiple targets in the form of IP addresses, IP ranges (CIDR notation), and resolvable hostnames. IPv6 is also supported.
- Can scan multiple targets concurrently, utilizing multiple processors if they are available.
- Advanced plugin system allowing for easy creation of new scans.
- Customizable port scanning plugins for flexibility in your initial scans.
- Customizable service scanning plugins for further enumeration.
- Suggested manual follow-up commands for when automation makes little sense.
- Ability to limit port scanning to a combination of TCP/UDP ports.
- Ability to skip port scanning phase by suppling information about services which should be open.
- Global and per-scan pattern matching which highlights and extracts important information from the noise.
- An intuitive directory structure for results gathering.
- Full logging of commands that were run, along with errors if they fail.
- A powerful config file lets you use your favorite settings every time.
- A tagging system that lets you include or exclude certain plugins.
- Global and per-target timeouts in case you only have limited time.
- Four levels of verbosity, controllable by command-line options, and during scans using Up/Down arrows.
- Colorized output for distinguishing separate pieces of information. Can be turned off for accessibility reasons.