Skip to content

API Documentation

Jump to bottom
Tib3rius edited this page Aug 30, 2021 · 17 revisions

API Documentation

This page contains every attribute / method available to objects in AutoRecon, which is useful if you are writing plugins.

Target

Target objects are created by AutoRecon from the list of targets given by the user. They are passed to PortScan plugins for scanning.

Attributes

address

The address attribute returns a string representation of the target address (e.g. "127.0.0.1").

basedir

The basedir attribute returns a string representation of the full (absolute) path to the target's results directory (e.g. /home/kali/results/127.0.0.1). No trailing slash is used.

ports

The ports attribute returns a dictionary containing two keys: 'tcp' and 'udp'. These point to a string representation of a port list that is compatible with the -p argument in Nmap.

reportdir

The reportdir attribute returns a string representation of the full (absolute) path to the target's report directory (e.g. /home/kali/results/127.0.0.1/report). No trailing slash is used.

scandir

The scandir attribute returns a string representation of the full (absolute) path to the target's scans directory (e.g. /home/kali/results/127.0.0.1/scans). No trailing slash is used.

type

The type attribute returns either 'IPv4' or 'IPv6' depending on whether the target should be treated as an IPv4 or IPv6 address.

Methods

add_service(service)

The add_service method can be used by a PortScan plugin to report a new service to AutoRecon at any point during the plugin's run. The service argument must be a valid Service object. This method returns None.

execute(cmd, blocking=True, outfile=None, errfile=None)

The execute method can be used by a PortScan plugin to execute a command in a /bin/bash shell. The cmd argument should be a string representation of the command you wish to execute. The following markers can be used within the string, and will get automatically converted to their correct values by AutoRecon:

  • {address} - The address of the target (e.g. 127.0.0.1, ::1)
  • {addressv6} - Despite its name, this still represents the address of the target if it is IPv4. The difference is the IPv6 address will be represented as [::1] which is a common format for several tools.
  • {nmap_extra} - Extra nmap options provided by the user at runtime. Defaults to: -vv --reason -Pn
  • {scandir} - The full path to the target's scans directory (e.g. /home/kali/results/127.0.0.1/scans)

The optional blocking argument can be used to make the execute method return immediately, rather than waiting until the command has finished. This is useful if you want to process lines of output live. However, if you do this, you should always run the following command on the process object before returning:

await process.wait()

The optional outfile and errfile arguments can be used to specify filenames to save stdout and stderr to respectively. Note that only the filename is required (e.g. "scan_output.txt", as the scandir path will be prepended.

This method returns a Process object, a CommandStreamReader object for stdout, and a CommandStreamReader object for stderr.

extract_service(line, regex=None)

The extract_service method can be used by a PortScan plugin to extract a service from a provided string, using either AutoRecon's default regular expression (which works on Nmap output), or using a provided regular expression. The line argument should be the string you want to extract a service from. The optional regex argument can be used to provide a regular expression.

If a regular expression is provided, it must contain 3 named groups: port, protocol, and service which match the port (e.g. 80), protocol (e.g. TCP), and service name (e.g. http) respectively. As an example, the following regular expression is used by AutoRecon to extract services from Nmap output:

^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$

This method returns either a Service object (if the regular expression matched) or None (if it did not).

extract_services(stream, regex=None)

The extract_services method can be used by a PortScan plugin to extract multiple services from a provided CommandStreamReader, such as stdout, using either AutoRecon's default regular expression (which works on Nmap output), or using a provided regular expression. The stream argument should be a valid CommandStreamReader object, which is returned as part of the execute() method. The optional regex argument can be used to provide a regular expression.

If a regular expression is provided, it must contain 3 named groups: port, protocol, and service which match the port (e.g. 80), protocol (e.g. TCP), and service name (e.g. http) respectively. As an example, the following regular expression is used by AutoRecon to extract services from Nmap output:

^(?P<port>\d+)\/(?P<protocol>(tcp|udp))(.*)open(\s*)(?P<service>[\w\-\/]+)(\s*)(.*)$

This method returns either a list of Service objects (if the regular expression matched) or an empty list (if it did not).

Service

Service objects are created by AutoRecon from the list of services reported by PortScan plugins. They are passed to ServiceScan plugins for scanning.

Attributes

name

The name attribute returns a string representation of the name of the service (e.g. 'http').

port

The port attribute returns an integer representation of the port that the service is running on (e.g. 80).

protocol

The protocol attribute returns a string representation of the protocol that the service is using (e.g. 'tcp').

secure

The secure attribute returns a boolean representation of whether or not the service is running over SSL/TLS.

target

The target attribute returns the Target object to which this Service object belongs. From this object you can get to any of the Target object's attributes if needed.

Methods

add_manual_commands(description, commands)

The add_manual_commands method can be used by ServiceScan plugins to add manual commands. A valid description must be used, and the commands argument can be a string or a list of strings.

add_manual_command(description, command)

The add_manual_command method is an alias for add_manual_commands and works the same way.

execute(cmd, blocking=True, outfile=None, errfile=None)

The execute method can be used by a ServiceScan plugin to execute a command in a /bin/bash shell. The cmd argument should be a string representation of the command you wish to execute. The following markers can be used within the string, and will get automatically converted to their correct values by AutoRecon:

  • {address} - The address of the target (e.g. 127.0.0.1, ::1)
  • {addressv6} - Despite its name, this still represents the address of the target if it is IPv4. The difference is the IPv6 address will be represented as [::1] which is a common format for several tools.
  • {http_scheme} - A special marker which is either 'https' or 'http' depending on whether the service is secure or not.
  • {name} - The name of the service (e.g. 'http')
  • {nmap_extra} - Extra nmap options provided by the user at runtime. Defaults to: -vv --reason -Pn
  • {port} - The port that the service is running on (e.g. 80)
  • {protocol} - The protocol that the service is using (e.g. 'tcp')
  • {scandir} - The full path to the target's scans directory (e.g. /home/kali/results/127.0.0.1/scans)

The optional blocking argument can be used to make the execute method return immediately, rather than waiting until the command has finished. This is useful if you want to process lines of output live. However, if you do this, you should always run the following command on the process object before returning:

await process.wait()

The optional outfile and errfile arguments can be used to specify filenames to save stdout and stderr to respectively. Note that only the filename is required (e.g. "scan_output.txt", as the scandir path will be prepended.

This method returns a Process object, a CommandStreamReader object for stdout, and a CommandStreamReader object for stderr.

full_tag()

The full_tag method returns a string representation of the service protocol, port, name, and whether it is secure, separated by forward slashes (e.g. tcp/80/http/insecure)

tag()

The tag method returns a string representation of the service protocol, port, and name, separated by forward slashes (e.g. tcp/80/http)

CommandStreamReader

Methods

readline()

The readline method returns a single line from the CommandStream, or None if the stream has ended. This method will block until it can return something.

readlines()

The readlines method returns all lines from the CommandStream, or an empty list if the stream has ended. This method will block until it can return something.

Plugin

The following attributes and methods are available to both PortScan and ServiceScan plugins.

Attributes

disabled

The disabled attribute is a quick way to disable your plugin. Setting it to True means AutoRecon will not use it.

name

The name attribute should be set to the name of the plugin (e.g. 'Nmap HTTP'). Simple is better. Must be unique.

priority

The priority attribute is optional, and by default will be 1. If set, it adjusts the priority of the plugin in the run sequence. A lower number means the plugin will be run before higher numbers. Negative and decimals are allowed.

slug

The slug attribute is optional, as AutoRecon will generate a slug based on the name (e.g. 'Nmap HTTP' -> 'nmap-http'). If you don't like your slug, you can override it using this attribute. Simple is better. Must be unique.

tags

The tags attribute is a list of tags that apply to the plugin. By default, the list is ['default']. If you want your plugin to run by default, you must include 'default' in the list if you override it.

Methods

Clone this wiki locally