Advanced Network Reconnaissance and Security Assessment Tool
NetReconX is a powerful network reconnaissance and security assessment tool written in Bash. It provides a comprehensive suite of tools for network scanning, service enumeration, vulnerability assessment, and security testing, with the ability to postpone scans and manage their execution flow.
- 🎯 Multi-stage Network Scanning: Progressive scanning from basic discovery to advanced exploitation
- 🔍 Service Enumeration and Version Detection: Detailed service identification and analysis
- 🛡️ Vulnerability Assessment: Identify security weaknesses in target systems
- 📊 Automated Tool Execution: Based on discovered services and ports
- 📝 Detailed Logging and Reporting: Comprehensive output of scan results
- 🎨 Interactive CLI Interface: User-friendly with colorful, animated outputs
- 🔄 Task Postponement System: Schedule scans to run later or pause for manual execution
- 🛠️ Modular and Extensible Architecture: Easy integration of new tools
- ⚙️ Configurable Scanning Stages: Customize scan intensity and focus
- Bash 4.0+
- Common security tools (see Dependencies section)
- Root/sudo privileges (for certain operations)
NetReconX relies on several security tools for its functionality:
nmap- Network scanning and service detectioncurl- HTTP requests and data transfergrep,awk,sed- Text processingtput- Terminal control
hydra- Password cracking and brute forcesmbmap,smbclient,enum4linux- SMB enumerationrpcclient- RPC client for SMBdroopescan- Drupal vulnerability scanningmysql- MySQL clientxfreerdp- RDP clientevil-winrm- WinRM clientkinit- Kerberos authentication
- Additional tools for specialized scanning as needed
- Clone or download the script:
git clone https://github.com/yourusername/NetReconX.git
cd NetReconX- Make the script executable:
chmod +x NetReconX.sh- Create a basic configuration file:
touch config.cfg- Install required dependencies:
sudo apt-get update
sudo apt-get install nmap curl hydra smbclient enum4linux
# Install other dependencies as needed for your specific scanning requirementssudo ./NetReconX.shThe tool will display an animated banner and initialize. It requires a configuration file (config.cfg) in the same directory as the script.
sudo ./NetReconX.sh --run-postponedThis command will check for and run any previously postponed scans.
NetReconX uses a staged approach to scanning:
sudo ./NetReconX.sh <stage> <target>Where:
stage: The scanning stage (0-3)target: Target IP address or hostname
- Host discovery
- Basic port scanning
- Service detection
- Detailed service version detection
- OS fingerprinting
- Script scanning
- Vulnerability assessment
- Brute force testing
- Service-specific scanning
NetReconX integrates numerous security assessment tools, including:
-
Network Scanning
- Nmap with multiple scan techniques
- Host discovery
- Port scanning
- Service detection
- OS fingerprinting
-
Web Assessment
- URL and HTML content fetching
- Link extraction
- Form field analysis
- Web service enumeration
- CMS scanning (like Droopescan for Drupal)
-
Authentication Testing
- SMB authentication (smbmap, smbclient)
- Remote Desktop Protocol (RDP) testing
- Kerberos authentication (kinit)
- Windows Remote Management (Evil-WinRM)
-
Service-Specific Tools
- rpcclient for SMB/RPC enumeration
- mysql connections
- ssh authentication
NetReconX uses associative arrays to organize various scanning options:
HOST_DISCOVERY_OPTIONS=(
["List_Scan"]="-sL"
["Treat_All_Hosts_As_Online"]="-Pn"
["TCP_SYN_Discovery"]="-PS"
["UDP_Discovery"]="-PU"
["SCTP_Discovery"]="-PY"
["System_DNS"]="--system-dns"
["Traceroute"]="--traceroute"
)
SCAN_TECHNIQUES_OPTIONS=(
["TCP_SYN_Scan"]="-sS"
["TCP_Connect_Scan"]="-sT"
["TCP_ACK_Scan"]="-sA"
["TCP_Window_Scan"]="-sW"
["TCP_Maimon_Scan"]="-sM"
["UDP_Scan"]="-sU"
["TCP_Null_Scan"]="-sN"
["TCP_FIN_Scan"]="-sF"
["TCP_Xmas_Scan"]="-sX"
)
PORT_SPECIFICATION_OPTIONS=(
["thsd_PORT_RANGES"]="-p 21-81"
["FAST_MODE"]="-F"
["OPEN_PORTS"]="--open"
["UNASSIGNED_ASSIGNED_PORTS"]="-p-"
)These options can be combined to create customized scanning profiles.
To add a new tool to NetReconX:
- Add a new case statement in the
tooler()function:
your_new_tool_name)
echo "Running your new tool..."
# Tool implementation here
# For example:
output_file="$OUTPUT_DIR/your_tool_output.txt"
your_tool_command "$target" > "$output_file"
# Wait for completion and cleanup
wait $!
echo "Completed"
# Remove from postponed list if applicable
if [[ -n "${POSTPONED_TOOLS[$tool]}" ]]; then
unset "POSTPONED_TOOLS[$tool]"
unset "TOOL_STATUS[$tool]"
save_postponed_state
fi
;;- For service-based tools, add them to the
DEPLOYED_TOOL_AGENTarray:
DEPLOYED_TOOL_AGENT=(
["your_tool"]="TOOL_ID"
# Existing tools...
)- Map the tool to specific services in the
DEMARCHEarray:
DEMARCHE=(
["service_name"]="your_tool,other_tools"
# Existing mappings...
)Here's a template for adding a new tool:
new_tool_name)
echo "Running new tool against target..."
# Check for required parameters
if [[ -z "$ip_address" ]]; then
echo "Error: IP address is empty. Skipping new tool."
return 1
fi
# Define output file
output_file="$OUTPUT_DIR/new_tool_output.txt"
# Run the tool command
new_tool_command -t "$ip_address" -o "$output_file"
# Check for successful execution
if [[ $? -eq 0 ]]; then
echo "New tool completed successfully. Output saved to $output_file"
else
echo "Error: New tool execution failed."
fi
# Cleanup
wait $!
echo "Completed"
# Remove from postponed list
if [[ -n "${POSTPONED_TOOLS[$tool]}" ]]; then
unset "POSTPONED_TOOLS[$tool]"
unset "TOOL_STATUS[$tool]"
save_postponed_state
fi
;;To add a new scanning stage:
- Create a new stage array:
STAGE_X=(
["option1"]="${SOME_OPTION}"
["option2"]="${ANOTHER_OPTION}"
)- Add the stage to the case statement in the
toolerfunction:
case $stage in
X)
log "Starting Stage X scan."
for option_group in "${!STAGE_X[@]}"; do
option="${STAGE_X[$option_group]}"
scan_options+="$option "
done
;;
# Existing stages...
esacThe config.cfg file can include variables to customize your scanning experience:
# Log file
LOG_FILE="netreconx.log"
# Input XML and JSON files
XML_FILE="${tooler_output_files["xml"]}"
JSON_FILE="${tooler_output_files["json"]}"
NetReconX includes a system for postponing tools:
- The user can postpone a tool when prompted
- Tools can be postponed for a specific time period or for manual execution later
- The state is saved to
postponed_tools.state - Postponed tools can be run using
--run-postponed
Results are saved in the following directories:
./output_dir/: Main output directory for tool results./dumped_html/: Directory for HTML content dumps from web scanning- Log files with timestamps for debugging and record-keeping
- Obtain proper authorization before scanning any network
- Be aware that some scanning techniques can be disruptive or trigger security alerts
- Handle credentials and sensitive information carefully
- Review scan outputs for sensitive data before sharing
- Use responsibly and ethically
- Follow applicable laws and regulations
- Tool Errors: Ensure all required tools are installed and in your PATH
- Permission Errors: Some scans require root/sudo privileges
- Missing Configuration: The script expects
config.cfgin the same directory - Output Directory Issues: Ensure the script can create/write to the output directory
Enable DEBUG_MODE in the config file to see more detailed logs:
DEBUG_MODE=trueCheck the log file for detailed information:
cat netreconx.logContributions to NetReconX are welcome! To contribute:
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
- Dynamic IP/DNS configuration
- Web interface for scan management
- More tool integrations
- Enhanced reporting capabilities
- Automated vulnerability correlation
This tool is provided for educational and authorized security testing purposes only. The authors are not responsible for any misuse or damage caused by this program.