Hello! Before, the application had the --profile option to scan in a personalized way with .toml scripts, how is it done now? Thank you!

Hi @4ndymcfly,

This largely depends on what you want to do. AutoRecon now uses a plugin system, with tags to enable/disable plugins, and certain plugins have their own options you can supply to change their behavior.

Everything can either be provided on the command line or via a config file (still in a TOML format).

If you have a specific question about what you want AutoRecon to do I can answer it.

Hello again @Tib3rius!l, thank you for responding.
I am preparing for the OSCP exam and I want to create some specific scripts for the initial scan. I want to pass templates for SMB, LDAP etc and I would like that at a given moment I can pass scans only for some specific services or protocols. How could I pass an LDAP.toml file and it only tests me what’s inside the template?
Thank you very much.

Could you be a little more specific about what you need? Sorry but it's difficult to help if I'm not clear on what you mean.

AutoRecon works by first performing port scans (is that what you meant by "initial scan"?) and from there it will run further scans based on what services it finds running.

If you only want to run the current SMB and LDAP scans, you can do so using tags which only enable the default port scanning plugins and SMB/LDAP plugins:

--tags default-port-scan,smb,ldap

This will run the following plugins:

portscan-top-tcp-ports.py
portscan-top-100-udp-ports.py
portscan-all-tcp-ports.py
smbmap.py
smbclient.py
nmap-smb.py
smb-vuln.py
nmap-ldap.py
ldap-search.py

If you wish to run your own custom commands, you would have to create separate plugins for those. If that's the case, I can certainly help if you can provide the commands you actually want to run.

Yes! That’s exactly what I was looking for! I apologize for not expressing myself correctly when asking the specific question. Now, the problem I have is that it doesn’t find the plugins with the tags ‘ldap’ or ‘smb’, but it does find the necessary plugin if I put the tag ‘default-port-scan’. For what it’s worth, I installed the application on my Kali using pipx. Here are some screenshots:

Is there something I'm doing wrong? I apologize if I'm not being as specific as you need. And thank you very much for your time, really.

You need to provide the exact option I gave:

--tags default-port-scan,smb,ldap

AutoRecon has three main types of plugin: PortScan, ServiceScan, Reporting

By default, AutoRecon will run PortScan plugins first since it needs to identify open ports. Once those are identified, it moves onto ServiceScan plugins which are the ones that run the more in-depth enumeration (e.g. using smbmap).

If you only provide AutoRecon with --tags ldap,smb it will only include plugins tagged with either ldap or smb. However, there exist no PortScan plugins with those tags, hence the error "There are no port scan plugins that match the tags specified." and AutoRecon cannot continue since without PortScan plugins it cannot find any open ports (side-note, I'll update the error message to make it more obvious why it's exiting).

By including the default-port-scan tag (--tags default-port-scan,smb,ldap) you are effectively enabling the default PortScan plugins and they will run.

An alternative option exists but you'd basically be telling AutoRecon which ports/services are open and that's usually not what you want to do.

Perfect! I will do it that way then. I understand the logic you're explaining to me and forgive me for seeming foolish. Thank you very much for the clarification and for your time. Regards!