autorecon

Perform reconnaissance on target host(s) (detailed scan results will be dumped in results)

$ sudo autorecon [host_or_ip1,host_or_ip2,...]

$ sudo autorecon [[-t|--target-file]] [path/to/file]

$ sudo autorecon [[-o|--output]] [path/to/results] [host_or_ip1,host_or_ip2,...]

$ sudo autorecon [[-p|--ports]] [T:21-25,80,443,U:53,B:123] [host_or_ip1,host_or_ip2,...]

autorecon [-h] [-v] [-o OUTPUTDIR] [-t THREADS] [-r] [-d] [-w] [-n NMAPOPTS] [-s] [-e] [-p PORTS] [-P] [-N] [-T] [-D] [-db DBFILE] TARGET(S)

-h, --help
    Show help message and exit

-v, --verbose
    Increase verbosity (repeatable for more detail)

-o OUTPUTDIR, --outputdir OUTPUTDIR
    Set output directory (default: autorecon)

-t THREADS, --threads THREADS
    Number of concurrent threads (default: 10)

-r, --recon
    Run basic reconnaissance (default)

-d, --detailed
    Enable detailed scans (longer runtime)

-w, --web
    Run web application scans (default)

-n NMAPOPTS, --nmapopts NMAPOPTS
    Additional Nmap scan options

-s, --scripts
    Run Nmap NSE scripts (default)

-e, --enum
    Run service enumeration modules

-p PORTS, --ports PORTS
    Ports to scan (default: top 1000)

-P, --ping
    Enable ping scan first (default)

-N, --no-ping
    Skip ping scan

-T, --top-ports
    Scan top 1000 ports first (default)

-D, --deep
    Perform deep scans (very long)

-db DBFILE, --database DBFILE
    SQLite database file for tracking

--version
    Show version and exit

AutoRecon is a Bash script designed for multi-threaded, automated information gathering during network reconnaissance phases of penetration tests. It identifies open TCP ports via Nmap scans, then launches targeted tools against those services based on port numbers and banners. Supported tools include Nikto, Dirb, Snmpcheck, Enum4linux, DNSenum, and more, categorized into recon, web, and enumeration modules.

Key features: customizable threads for speed, verbose logging, SQLite database for scan tracking, optional detailed/deep scans, and support for custom Nmap options. It organizes output hierarchically by IP and port, making results easy to navigate. AutoRecon prioritizes common ports (top 1000 by default) and skips ping scans if desired.

Ideal for pentesters automating initial recon on large networks, it reduces manual effort while providing structured reports. Requires tools like Nmap pre-installed; runs best as root for raw socket access. Not for production use due to aggressive scanning.

Requires root for full Nmap features; generates heavy network traffic; ensure legal authorization before use. Not all tools auto-installed—manual setup needed. High thread counts may overwhelm targets.

Clone from GitHub: git clone https://github.com/Tib3rius/AutoRecon. Run chmod +x autorecon; install dependencies via pip or apt (e.g., nmap, nikto).

./autorecon -v -t 5 -o /tmp/recon 192.168.1.0/24
Scans subnet with 5 threads, verbose output to /tmp/recon.

Developed by TiberiusSaiyan in 2019 as open-source GitHub project. Evolved from manual recon scripts; v2+ added database support, modularity. Widely used in Kali Linux pentesting workflows.

nmap(1), nikto(1), dirb(1), snmpcheck(1), enum4linux(1)