gr1mmie / autoenum Goto Github PK

                 __                                      
  ____ _ __  __ / /_ ____   ___   ____   __  __ ____ ___ 
 / __ `// / / // __// __ \ / _ \ / __ \ / / / // __ `__ \
/ /_/ // /_/ // /_ / /_/ //  __// / / // /_/ // / / / / /
\__,_/ \__,_/ \__/ \____/ \___//_/ /_/ \__,_//_/ /_/ /_/ 
                                                         

Autoenum is a recon tool which performs automatic enumeration of services discovered. I built this to save some time during CTFs and pen testing environments (i.e. HTB, VulnHub, OSCP) and draws a bit from a number of existing tools including AutoRecon (https://github.com/Tib3rius/AutoRecon), Auto-Recon (https://github.com/Knowledge-Wisdom-Understanding/Auto-Recon), and nmapautomator (https://github.com/21y4d/nmapAutomator). Could also be used in a real-life pentesting engagment. Currently has only been tested in kali. If you notice a bug or have a feature request not in to-do, please submit an issue or let know some other way(discord preferred). Thanks and enjoy autoenum!

Autoenum first runs 2 nmap scans in tandem, one scan looks specifically for service versions to run against searchsploit and the other is a scan dependent on the argument. Every scan profile checks for services running, the type of scan is the only difference. After the scans are finished, the services/ports open and operating systems along with script output (if avaliable) is extracted and further analyzed. If a certain service is found, Autoenum will begin enumerating by firing off a number of tools and create a dir for that service (i.e detecting http starts up nikto, wafw00f, gobuster, and others). If a dependency required is not detected, that dependency will be auto installed and checked if there is a new update everytime the tool is run. Autoenum outputs this information in 2 main sections(scan type and loot dirs) with sub directories branching off depending on what is found.

git clone https://github.com/Gr1mmie/autoenum.git
chmod +x autoenum/autoenum.sh

• First version, HTTP and SMB enumeration added as well as functionalized mess of code it was before
• Aggressive scan added, included nmap-to-searchsploit scan for version exploit searching
• Added getopts for argument parsing to replace patchwork position-based conditionals

• Added help menu and logic to detect dependencies
• Fixed terminal breaking issue (kinda, open to ideas if there is anything better than clearing terminal output).

• Fixed simultaneous scan issue so that both scans fire at the same time now and have a few tools for certain service enumerations to run in background as others stay in foreground to save time

• Added enumeration for various services including LDAP, SNMP, SMTP, oracle and FTP and banner
• Added file containing all commands run in case a command failed
• installs tools not detected and checks if all are up-to-date

• fixed searchsploit encoding issue where parts were being displayed as encoded when read from a text editor

• Autoenum now runs as a console tool similar to msfconsole.

• persistent shell command

• imap, mysql,redis enumeration

• Polished UI
• Cleaned up shell util errors and fixed escape keywords
• Added more scan options:
  • top 1k scan
  • top 10k scan
  • UDP scan
• Added Combination scans (vuln scan can be added onto any other scan)
• Added Auxilary scans:
  • Quick scan added
  • Vuln scan added
• Fixed update throwing errors issue
• Now supports URLs and FQDNs
• Verifies the IP entered is a valid one
• aggr + reg scans now scan top 1k ports first
• Performs basic OS detecting using ttl
• searchsploit output is now sent to a JSON file for easy viewing
• nfs enum now attempts to mount discovered nfs shares
• Fixed http multiple ports not being detected issue

• Removed ports 47001 and 5985 from ports list to prevent them from being run through http enum
• added -nr flag when starting autoenum to set autoenum to not attempt to resolve an IP passed (this is good if a machine is blocking pings but we know its up)
  • Usage: ./autoenum -nr

Your OS may or may not have some installed by default. Not to worry, autoenum recognizes tools not installed and installs them for you, even updating if they aren't up-to-date!

• nmap
• nikto
• gobuster
• whatweb
• onesixtyone
• snmp-check
• snmpwalk
• fierce
• dnsenum
• dnsrecon
• sslscan
• uniscan
• snmp-user-enum
• oscanner
• wafw00f
• odat
• searchsploit
• rpcbind
• tput
• jq
• wpscan

Dievus

https://www.kitploit.com/2020/07/autoenum-automatic-service-enumeration.html