Reconnoitre - an enumeration tool to help you organise, and learn more about attack process

@codingo said:
I’m a penetration tester from Australia that wrote a tool for the OSCP / HTB / VHL that helps to organise your machine attacks and guide you towards other tools to run based on the services discovered on the host. You can find it on Github, here: GitHub - codingo/Reconnoitre: A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.

If there’s anything you’d like to see me add or a way you see that I can make it more valuable to your learning process feel free to message it in here. My aim is to help expose others to useful tools, and how to use them.

great share thanks

Hello there! Well done on a fantastic looking tool!
Absolutely fantastic work! Am looking at starting the oscp in the new year so hopefully it will come in handy.
Cheers

No worries at all! We’ve been making a huge amount of updates on this lately, and it should be useful for HackTheBox as well.

@codingo said:
No worries at all! We’ve been making a huge amount of updates on this lately, and it should be useful for HackTheBox as well.

This is a great tool! I’d love to start contributing. I was making a much smaller scale tool for myself, but it would be better for the community and myself to just help with this project.

I was aiming for a little more automation with mine. For example, when the script finds SMB and suggests enum4linux , perhaps an option in the command line to prompt if the user would like to run it and pipe the data back and advise something like "Found blah and blah, and V1 of SMB. Also found share X doesn’t require auth. " Hopefully that makes sense :pensive:

Anyhow, good job! Nice work! :slight_smile:

I actually used to have that functionality (–exec) but removed it to keep this exam safe for the OSCP. To be honest it didn’t prove to be all that useful either, I think a recommendations file that people pick over works quite well as there can be certain areas you want to disregard (you don’t always want to run nikto on a web endpoint if it’s something like a known vulnerable portal login, for e.g.)

Ha I fixed a bug for this with one of the modules while I was in OSCP it was godsend for me there keeping everything organized and setup. +1

Glad it could help @bulbafett!