Reconnoitre - an enumeration tool to help you organise, and learn more about attack process

I'm a penetration tester from Australia that wrote a tool for the OSCP / HTB / VHL that helps to organise your machine attacks and guide you towards other tools to run based on the services discovered on the host. You can find it on Github, here: https://github.com/codingo/Reconnoitre

If there's anything you'd like to see me add or a way you see that I can make it more valuable to your learning process feel free to message it in here. My aim is to help expose others to useful tools, and how to use them.

Tagged:

Comments

  • Sounds pretty cool. Will check it out. Thanks!

    likwidsec

  • I didn't know you were Australian awesome :D, im an aussie too.

    SirenCeol

  • @SirenCeol said:
    I didn't know you were Australian awesome :D, im an aussie too.

    \o/ You should hit up your local sectalks group if you haven't already! One of the best meetup groups we have in the region imo.

  • need to give it a try

    buckko

  • @codingo said:

    @SirenCeol said:
    I didn't know you were Australian awesome :D, im an aussie too.

    \o/ You should hit up your local sectalks group if you haven't already! One of the best meetup groups we have in the region imo.

    Im quite the busy bee at the moment, although i have gone to a handful.

    SirenCeol

  • nice, this is cool, will try this

    Hack The Box

  • Thanks for posting. Been using recon-master with some modification, but keen to try another tool.

  • Pretty good tool! Thanks for sharing!

    Hack The Box

  • I havent tested, but in doc, i dont see uniscan -qweds....could be added...

    peek

  • Ty for this codingo found this when I started oscp earlier this year. Its a really nice tool

    Jibblits

  • Nice stuff mate. Great work.

    delosucks

  • Love it. Will try out.
    Hack The Box

    Hack The Box

  • gonna have to try this . Thanks for sharing!

    trainr3kt

  • FYI - I'm working on a large overhaul of this to allow you to more easily add your own commands. Basically - I'm moving it away from hardcoded command generation to building it from a *.json configuration. If you want to contribute some tools / commands you can put in a pull request for updates to this file: https://github.com/codingo/Reconnoitre/blob/master/reconnoitre/config.json

  • I use it for few weeks now and really enjoy the way to automate first discovery on new machines. the finding file is also really helpful to get fast quick to certain tools.
    I 'm glad if you can make evolution of the tool and will be happy to contribute at my level once. Very good job codingo !

    Nutellack

  • I love this tool! Thanks a lot.

    Hack The Box

    Don't let the box pwn you!!

  • As promised reconnoitre has now been updated to allow you to tweak the commands shown at the duration of a scan. Commands have also had an update and can be found here: https://github.com/codingo/Reconnoitre/blob/master/reconnoitre/config.json

  • @codingo said:
    I'm a penetration tester from Australia that wrote a tool for the OSCP / HTB / VHL that helps to organise your machine attacks and guide you towards other tools to run based on the services discovered on the host. You can find it on Github, here: https://github.com/codingo/Reconnoitre

    If there's anything you'd like to see me add or a way you see that I can make it more valuable to your learning process feel free to message it in here. My aim is to help expose others to useful tools, and how to use them.

    great share thanks

  • edited October 2018

    Hello there! Well done on a fantastic looking tool!
    Absolutely fantastic work! Am looking at starting the oscp in the new year so hopefully it will come in handy.
    Cheers

  • No worries at all! We've been making a huge amount of updates on this lately, and it should be useful for HackTheBox as well.

  • @codingo said:
    No worries at all! We've been making a huge amount of updates on this lately, and it should be useful for HackTheBox as well.

    This is a great tool! I'd love to start contributing. I was making a much smaller scale tool for myself, but it would be better for the community and myself to just help with this project.

    I was aiming for a little more automation with mine. For example, when the script finds SMB and suggests enum4linux , perhaps an option in the command line to prompt if the user would like to run it and pipe the data back and advise something like "Found blah and blah, and V1 of SMB. Also found share X doesn't require auth. " Hopefully that makes sense :pensive:

    Anyhow, good job! Nice work! :)

    publicist

  • I actually used to have that functionality (--exec) but removed it to keep this exam safe for the OSCP. To be honest it didn't prove to be all that useful either, I think a recommendations file that people pick over works quite well as there can be certain areas you want to disregard (you don't always want to run nikto on a web endpoint if it's something like a known vulnerable portal login, for e.g.)

  • Ha I fixed a bug for this with one of the modules while I was in OSCP it was godsend for me there keeping everything organized and setup. +1

    Hack The Box
    OSCP - www.bulbafett.com

  • Glad it could help @bulbafett!

Sign In to comment.