Reconnoitre - an enumeration tool to help you organise, and learn more about attack process

Thanks for posting. Been using recon-master with some modification, but keen to try another tool.

Pretty good tool! Thanks for sharing!

I havent tested, but in doc, i dont see uniscan -qweds…could be added…

Ty for this codingo found this when I started oscp earlier this year. Its a really nice tool

Nice

Nice stuff mate. Great work.

Love it. Will try out.
Hack The Box

gonna have to try this . Thanks for sharing!

FYI - I’m working on a large overhaul of this to allow you to more easily add your own commands. Basically - I’m moving it away from hardcoded command generation to building it from a *.json configuration. If you want to contribute some tools / commands you can put in a pull request for updates to this file: https://github.com/codingo/Reconnoitre/blob/master/reconnoitre/config.json

Nice!

I use it for few weeks now and really enjoy the way to automate first discovery on new machines. the finding file is also really helpful to get fast quick to certain tools.
I 'm glad if you can make evolution of the tool and will be happy to contribute at my level once. Very good job codingo !

I love this tool! Thanks a lot.

As promised reconnoitre has now been updated to allow you to tweak the commands shown at the duration of a scan. Commands have also had an update and can be found here: https://github.com/codingo/Reconnoitre/blob/master/reconnoitre/config.json

@codingo said:
I’m a penetration tester from Australia that wrote a tool for the OSCP / HTB / VHL that helps to organise your machine attacks and guide you towards other tools to run based on the services discovered on the host. You can find it on Github, here: GitHub - codingo/Reconnoitre: A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

If there’s anything you’d like to see me add or a way you see that I can make it more valuable to your learning process feel free to message it in here. My aim is to help expose others to useful tools, and how to use them.

great share thanks

Hello there! Well done on a fantastic looking tool!
Absolutely fantastic work! Am looking at starting the oscp in the new year so hopefully it will come in handy.
Cheers

No worries at all! We’ve been making a huge amount of updates on this lately, and it should be useful for HackTheBox as well.

@codingo said:
No worries at all! We’ve been making a huge amount of updates on this lately, and it should be useful for HackTheBox as well.

This is a great tool! I’d love to start contributing. I was making a much smaller scale tool for myself, but it would be better for the community and myself to just help with this project.

I was aiming for a little more automation with mine. For example, when the script finds SMB and suggests enum4linux , perhaps an option in the command line to prompt if the user would like to run it and pipe the data back and advise something like "Found blah and blah, and V1 of SMB. Also found share X doesn’t require auth. " Hopefully that makes sense :pensive:

Anyhow, good job! Nice work! :slight_smile:

I actually used to have that functionality (–exec) but removed it to keep this exam safe for the OSCP. To be honest it didn’t prove to be all that useful either, I think a recommendations file that people pick over works quite well as there can be certain areas you want to disregard (you don’t always want to run nikto on a web endpoint if it’s something like a known vulnerable portal login, for e.g.)

Ha I fixed a bug for this with one of the modules while I was in OSCP it was godsend for me there keeping everything organized and setup. +1

Glad it could help @bulbafett!