Reconnoitre – An automated service enumerating and information gathering tool whilst also creates a directory structure of result for each host, most importantly it recommend commands to execute and directory structures for storing loot and flags.

How To Use Reconnoitre – An Automated Service Enumerating And Information Gathering Tool

This tool can be used and copied for personal use freely however attribution and credit should be offered to Mike Czumak who originally started the process of automating this work.

Argument Description
-h, –help Display help message and exit
-t TARGET_HOSTS Set either a target range of addresses or a single host to target. May also be a file containing hosts.
-o OUTPUT_DIRECTORY Set the target directory where results should be written.
-w WORDLIST Optionally specify your own wordlist to use for pre-compiled commands, or executed attacks.
–dns DNS_SERVER Optionally specify a DNS server to use with a service scan.
–pingsweep Write a new target.txt file in the OUTPUT_DIRECTORY by performing a ping sweep and discovering live hosts.
–dnssweep Find DNS servers from the list of target(s).
–snmpsweep Find hosts responding to SNMP requests from the list of target(s).
–services Perform a service scan over the target(s) and write recommendations for further commands to execute.
–snmpwalk SNMP walk target hosts and save results.
–hostnames Attempt to discover target hostnames and write to hostnames.txt.
–quiet Supress banner and headers and limit feedback to grepable results.
–execute Execute shell commands from recommendations as they are discovered. Likely to lead to very long execution times depending on the wordlist being used and discovered vectors.
–simple_exec Execute non-brute forcing shell comamnds only commands as they are discovered. Likely to lead to very long execution times depending on the wordlist being used and discovered vectors.
–quick Move to the next target after performing a quick scan and writing first-round recommendations.

Reconnoitre: Installation

Dependencies:
+ Python 2.7.x
+ SimpleJson Module

Usage:

Reconnoitre - An Automated Service Enumerating And Information Gathering Tool

Reconnoitre - An Automated Service Enumerating And Information Gathering Tool

Usage Examples

Note that these are some examples to give you insight into potential use cases for this tool. Command lines can be added or removed based on what you wish to accomplish with your scan.

Scan a single host, create a file structure and discover services

Which would also write the following recommendations file in the scans folder for each target:

Discover live hosts and hostnames within a range

Discover live hosts within a range and then do a quick probe for services

This will scan all services within a target range to create a file structure of live hosts as well as write recommendations for other commands to be executed based on the services discovered on these machines. Removing –quick will do a further probe but will greatly lengthen execution times.

Discover live hosts within a range and then do probe all ports (UDP and TCP) for services

Download Reconnoitre