autorecon

Perform reconnaissance on target host(s) (detailed scan results will be dumped in ./results)

$ sudo autorecon [host_or_ip1,host_or_ip2,...]

$ sudo autorecon [[-t|--target-file]] [path/to/file]

$ sudo autorecon [[-o|--output]] [path/to/results] [host_or_ip1,host_or_ip2,...]

$ sudo autorecon [[-p|--ports]] [T:21-25,80,443,U:53,B:123] [host_or_ip1,host_or_ip2,...]

autorecon [OPTIONS] <TARGETS>

Example: autorecon -t example.com -o ~/recon_results --full-recon

-t , --target
    Specifies the target IP address(es) or domain name(s) to scan. Multiple targets can be separated by commas.

-o , --output
    Defines the output directory where all scan results will be stored. A separate subdirectory is created for each target.

-p , --ports
    Specifies the ports to scan (e.g., '80,443', 'top1000', 'full'). Defaults to top ports if not specified for Nmap.

--full-recon
    Performs a comprehensive reconnaissance scan, including Nmap, web enumeration, and vulnerability checks.

--web-only
    Focuses solely on web-related reconnaissance and vulnerability scanning on discovered web ports.

--nmap-only
    Only performs Nmap scans (full TCP, UDP, and service version detection).

--dns-only
    Only performs DNS-related enumeration tasks, such as subdomain enumeration and DNS record lookups.

--quick
    Executes a faster, less comprehensive scan, suitable for quick assessments.

--threads
    Sets the number of concurrent threads to use for various scanning modules, speeding up execution.

--verbose
    Enables verbose output, showing more detailed information during the scan process.

--no-screenshots
    Skips the automated web screenshotting process, which can be time-consuming.

--force-https
    Forces all web scans to use HTTPS instead of HTTP.

--skip-nmap
    Skips the Nmap port scanning phase entirely, assuming port information is already known or not needed.

--version
    Displays the current version of autorecon.

-h, --help
    Shows the help message and exits.

autorecon is a powerful, open-source tool designed to automate the initial reconnaissance phase of a penetration test, particularly for web applications. It streamlines and combines various common enumeration and scanning techniques into a single, cohesive workflow.

The tool acts as an orchestrator, leveraging and integrating several other specialized tools like Nmap for port scanning, GoBuster for directory enumeration, Nikto/WPScan for web vulnerability scanning, and various subdomain enumeration tools. Its primary goal is to provide a comprehensive initial footprint of a target, identifying open ports, running services, web servers, subdomains, hidden directories, and potential vulnerabilities. This automation saves significant time and effort for security professionals and ethical hackers.

autorecon structures its output meticulously, creating organized directories for each scan type and target, making it easier to review findings and prioritize further investigation.

autorecon is not a standard Linux distribution command; it typically requires manual installation (e.g., via pip or cloning its GitHub repository).
It acts as a wrapper, meaning its effectiveness and accuracy are heavily dependent on the underlying tools it orchestrates (like Nmap, Nikto, GoBuster, etc.). Ensure these dependencies are installed and accessible.
Using autorecon can generate significant network traffic, potentially triggering Intrusion Detection/Prevention Systems (IDS/IPS) or Web Application Firewalls (WAFs).
Always ensure you have explicit permission to perform reconnaissance on any target to avoid legal issues.
While it automates much of the initial legwork, manual analysis of the voluminous output is still crucial for effective penetration testing.

autorecon is typically installed via pip: pip install autorecon. Alternatively, it can be cloned directly from its GitHub repository, which often includes a setup script for dependencies.

autorecon relies heavily on external tools. Before running, ensure you have essential tools like Nmap, GoBuster, Nikto, and others commonly used in web reconnaissance installed and accessible in your system's PATH.

For each target, autorecon creates a dedicated directory within the specified output folder. Inside, it organizes results into subdirectories such as 'nmap', 'web', 'dns', etc., making it easy to navigate and review specific scan findings.

autorecon was developed by Tib3rius, a well-known figure in the cybersecurity community, particularly recognized for his OSCP (Offensive Security Certified Professional) course and content. It emerged from the practical need to streamline and standardize the initial reconnaissance phase of penetration tests, which often involves repeating similar steps with various tools. Its development focused on automating these tedious, yet critical, tasks to improve efficiency and consistency for security professionals and ethical hackers. It gained popularity within the CTF (Capture The Flag) and penetration testing communities due to its comprehensive nature and ease of use in initial information gathering.

nmap(1), nikto(1), gobuster(1), amass(1), sublist3r(1), dirb(1)