Hi, i am trying to automate service scans for hosts which are not directly accessible. I have configured the portscan profile for this and it works flawlesslly but the issue is it runs service scans for normal hosts. Is there any option to specify specific service scans to use w.r.t the portscan profile?

There is not, and AutoRecon v1 is being deprecated very soon. The new beta (https://github.com/Tib3rius/AutoRecon/tree/beta) supports proxychains natively if you provide the --proxychains option.

Hi, I have tried --proxychains option in beta version, but it does not seems to work . It shows all ports open(False Positives). It just adds -sT flag in nmap. It should add proxychains in front of nmap portscan like "proxychains nmap "
Command used: python3 /opt/AutoRecon/autorecon.py -vvv 10.1.1.68 --proxychains

You need to run it through proxychains.

proxychains python3 /opt/AutoRecon/autorecon.py -vv --proxychains 10.1.1.68

Okay, now we are getting wierd errors for exit codes. Also one thing i would like to point out is it starts udp scan. which is not possible with proxychains. So please remove udp scan when --proxychains option is provided. Also there is no issue with my proxychains config,

I believe that error only happens if you run it as root. Let me add a few more options and have you try it out.

Also UDP is possible via socks5 which is why it's left in.

It seems that despite SOCKS5 supporting proxychains, it doesn't support UDP. I think I've found fixes for the other things, I just need some time to update them properly.

@pswalia2u this should be fixed in 6cd6955. Can you test and confirm?

Hi, yes it seems to be working fine now.
One thing ,I would like to know is it possible to do only service scans with autorecon, If we already have output of nmap with openports? I mean for example I have output of this scan(nmap -p- -vvv -Pn -n --disable-arp-ping 10.1.1.89 -oN 10.1.1.89_full.out).
Actually I have transferred static binary of nmap to pivot box and the ports scans are much much faster from here rather than using proxychains. It would be great if we can pass the scan results to autorecon for only doing service scan(-sV) and then run individual scans for each service.

@pswalia2u You can! You'll have to tell AutoRecon which services you need to scan. You do this using --force-services. Say you had SSH on 22, HTTP on 80, and HTTPS on 443. You'd do the following:

python3 autorecon.py --force-services tcp/22/ssh tcp/80/http tcp/443/http/secure -- 10.1.1.89

You'll have to update to the latest commit as I found a small bug in this functionality. Note that "/secure" needs to be appended to services that run over SSL/TLS. Also note that -- is required before the target. This is due to the way the --force-services argument is parsed.

You can also enter the services in a config file:

force-services = ['tcp/22/ssh', 'tcp/80/http', 'tcp/443/http/secure']

I'll see about an Nmap import option though, that might be useful!

Okay, but I don't know which service is running on which port. Nmap static binary can only be used to scan open ports. We cannot determine which service is running on the open port. So, is there a option to tell only the specific open ports to autorecon?

Ah, I understand now. Yes there is. -p or --ports. The syntax is quite flexible. This will scan port 80 and 443 for TCP and UDP:

-p 80,443

This will scan port 80 and 443 on just TCP:

-p T:80,443

This will scan port 80 and 443 on TCP, and 53 on UDP:

-p T:80,443,U:53

This will scan port 80 and 443 on TCP, 53 on UDP, and 139 on both:

-p 139,T:80,443,U:53

As will this:

-p T:80,443,U:53,B:139

You can also use ranges (e.g. 20-25).

Closing this since the main issue was fixed.