Hey, I used autorecon on my OSCP and loved it. I am on a real-world engagement where the client was nice enough to give me four /16's where the firewall responds to all ICMP traffic, so every host is online. I figured running them through this and allowing it to run throughout the engagement would help while I performed several smaller port scans on the side to speed up. However, its been sitting for about 10 minutes now with no output and the VM says that core 0 is pegged at 100% and autorecon is using all of it and didn't thread to the second available core. Not sure if it is frozen or just died. I figured it would have started with initial scans still.

Do you know how it should be working during startup and if a /16 is just too large to run through it?

Yeah, it's probably still building a list of 65k+ IPs. It's not really designed to handle that many IP addresses. In fact it will refuse to run if there are over 256 IPs unless you provide the --disable-sanity-checks option.

If every host is going to response to a ping, then AutoRecon is going to scan all TCP ports on those hosts, which would be a ridiculous amount of traffic. You'd be better suited scanning for a limited number of ports using a single Nmap scan, then maybe using AutoRecon against a small group of those using the --force-services option.

But honestly this tool was designed for the OSCP and not real tests, at least not ones this large.

Thanks for the info, it was worth a shot. Did to the limited amount of time for the engagement, the client just gave us a list of all their hosts to speed up scanning.