Welcome to Reconrover.py, I've created this script mainly for CTF's / Bug bounties but may come in handy for some smaller project work.
Prerequisite:
- You must have Seclists installed
- This currently works on Linux, i have not tested on MAC / Windows.
What does the script do;
When you initially run the script you will be faced with the screen below:
I've left this as "Company" but you can enter anything here, the CTF you're playing, project you're working on etc. Next the script will ask if you're scanning a file or single ip/domain you can use either
- File
- Single
Depending on your response the script will either ask for a IP or the directory/file you want to use.
Once you've begun your project and entered the required information the script will intiialise with an nmap scan, this will be a service/script scan.
Depending on what the scan detects being open the script will carry out further recon, currently supported is HTTP/HTTPS & FTP.
If FTP anonymous access is allowed the script will then login anonymously and record which files you have access to. If HTTP / HTTP(S) is detected the script will then; Run both Gobuster & Subfinder against some standard Seclists, The script will also navigate to the website and record a text output.
Once the script has completed you will find the outputs recorded in the directory in which the script was run.
In this instance we have the folder "ScriptTest"
Depending on your options (single scan or file) you will find a folder(s) inside the folder amended with the IP address or domain of each asset, in this case i've renamed mine to [IP1] and [IP2]
Within these folders you will find more folders with their respective results, if the nmap scan did not detect certain services they will not have any folders as we can see below.
- I ran this script against Metasploitable2 and MrRobot from TryHackMe.