speed things up

Question

speed things up

drforbin opened this issue 3 years ago · comments

the new version seems to take a while to scan!
Anyway to speed things up?

Tib3rius · Answer 1 · Sun Oct 10 2021 10:24:36 GMT+0800 (China Standard Time)

If you run AutoRecon with -vv you'll be able to see which plugins are taking a long time (they get reported every 60s). Please can you let me know which ones are taking a long time and then I can let you know how to speed them up.

Merlyn Cousins · Answer 2 · Sun Oct 10 2021 10:54:59 GMT+0800 (China Standard Time)

Pretty sure it's feroxbuster.
I just upgraded and it's taking over 2 hours per FULL scan.
I'm going to be taking OSCP and I can't wait 2 hours per box.

Tib3rius · Answer 3 · Sun Oct 10 2021 11:00:04 GMT+0800 (China Standard Time)

So by default AutoRecon sets 10 threads for directory busting (which is also the tool's default). It also uses three wordlists.

You can change both these options either on the command line or in a config file.

--dirbuster.threads=50
--dirbuster.wordlist=/path/to/wordlists

Or add the following to your config file:

[dirbuster]
threads = 50
wordlist = "/path/to/wordlist"

The wordlist option can also be an array of multiple wordlists in the config file.

Merlyn Cousins · Answer 4 · Sun Oct 10 2021 11:03:17 GMT+0800 (China Standard Time)

I know you took the OSCP. What config do you suggest?
Great tool by the way

Tib3rius · Answer 5 · Sun Oct 10 2021 11:08:18 GMT+0800 (China Standard Time)

I would recommend 50 threads and maybe choose a wordlist like big.txt from seclists or even directory-list-2.3-medium.

Ideally you can experiment with multiple options in the lab and see what happens.

Merlyn Cousins · Answer 6 · Sun Oct 10 2021 11:10:11 GMT+0800 (China Standard Time)

Only problem is I was using 50 threads and was getting errors. Platform was HTB,

Tib3rius · Answer 7 · Sun Oct 10 2021 11:14:13 GMT+0800 (China Standard Time)

Then reduce it to something lower. Try 30, see if that generates errors. It's likely that the OSCP exam will be a little more stable than HTB though. Ultimately you can always re-run the command manually during the exam anyway.

Merlyn Cousins · Answer 8 · Sun Oct 10 2021 11:17:01 GMT+0800 (China Standard Time)

yep...thank you very much.
Nice new version as well

Merlyn Cousins · Answer 9 · Sun Oct 10 2021 11:17:49 GMT+0800 (China Standard Time)

where is the config file to adjust all this?

Tib3rius · Answer 10 · Sun Oct 10 2021 11:19:40 GMT+0800 (China Standard Time)

The default one is in ~/.config/AutoRecon/config.toml, but if there's one in the current directory, AutoRecon will use that. You can also specify one on the command line with -c

Merlyn Cousins · Answer 11 · Sun Oct 10 2021 22:31:58 GMT+0800 (China Standard Time)

thanxs for your help.
How many (v's) can I pass for verbose?

Tib3rius · Answer 12 · Sun Oct 10 2021 22:57:17 GMT+0800 (China Standard Time)

https://github.com/Tib3rius/AutoRecon#verbosity

Sharique Raza · Answer 13 · Wed Aug 24 2022 22:17:35 GMT+0800 (China Standard Time)

just putting threads = 50 and giving path to wordlists will speed the scans up ?
its taking more than 2 hours to scan.

Sharique Raza · Answer 14 · Wed Aug 24 2022 22:21:14 GMT+0800 (China Standard Time)

how can i disable nikto scans ?

Tib3rius · Answer 15 · Fri Aug 26 2022 02:19:29 GMT+0800 (China Standard Time)

@shariq-jgi There's no foolproof way to speed scans up. You have to adjust according to the environment you're on. 50 threads can be a decent amount for most web servers but sometimes it's too much. Remember the larger the wordlist and the more extensions you use, the longer the scan will be.

Also nikto doesn't run at all, it's a manual scan, not automated.

Sharique Raza · Answer 16 · Fri Aug 26 2022 02:23:22 GMT+0800 (China Standard Time)

Okay thanks noted.
I was just worried about the exam
Going to give in 2 days
Some scans are taking 2 hours.