惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Tenable Blog
Last Week in AI
Last Week in AI
P
Proofpoint News Feed
Engineering at Meta
Engineering at Meta
H
Help Net Security
F
Fortinet All Blogs
MyScale Blog
MyScale Blog
宝玉的分享
宝玉的分享
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 司徒正美
量子位
N
Netflix TechBlog - Medium
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Recorded Future
Recorded Future
博客园 - 三生石上(FineUI控件)
Vercel News
Vercel News
aimingoo的专栏
aimingoo的专栏
I
InfoQ
Microsoft Security Blog
Microsoft Security Blog
Scott Helme
Scott Helme
The Last Watchdog
The Last Watchdog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
IT之家
IT之家
AI
AI
WordPress大学
WordPress大学
Security Archives - TechRepublic
Security Archives - TechRepublic
Google Online Security Blog
Google Online Security Blog
U
Unit 42
V2EX - 技术
V2EX - 技术
MongoDB | Blog
MongoDB | Blog
Schneier on Security
Schneier on Security
博客园 - Franky
H
Heimdal Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Jina AI
Jina AI
W
WeLiveSecurity
P
Privacy & Cybersecurity Law Blog
Cloudbric
Cloudbric
B
Blog RSS Feed
N
News | PayPal Newsroom
S
Securelist
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
I
Intezer
Hacker News - Newest:
Hacker News - Newest: "LLM"
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
雷峰网
雷峰网

Darknet – Hacking Tools, Hacker News & Cyber Security

MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like SmbCrawler – SMB Share Discovery and Secret-Hunting Heisenberg Dependency Health Check – GitHub Action for Supply Chain Risk Dark Web Search Engines in 2025 – Enterprise Monitoring, APIs and IOC Hunting mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers Initial Access Brokers (IAB) in 2025 – From Dark Web Listings to Supply Chain Ransomware Events
Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool
Darknet · 2025-11-10 · via Darknet – Hacking Tools, Hacker News & Cyber Security

You are here: Home / Hacking Tools / Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool

Reconnoitre is an open-source reconnaissance tool that automates multithreaded information gathering and service enumeration. It structures your results, generates follow-up recommendations, and is widely used in OSCP-style labs and red team environments. Built by Codingo, it focuses on reliable, repeatable recon automation.

Reconnoitre - Open-Source Reconnaissance and Service Enumeration Tool

Overview

Reconnoitre removes the manual overhead from early-stage reconnaissance. It performs host discovery, port and service scanning, directory setup, and next-step generation. The tool outputs a consistent directory layout with scans, notes, and proof files — enabling structured recon and easier collaboration across teams.

Features

  • Multithreaded scanning for fast host and service enumeration.
  • Automatic directory structure — creates per-host folders for scans, loot, and proofs.
  • Protocol coverage including TCP, UDP, SNMP, and virtual host discovery.
  • Built for training and red-team use — integrates into lab-style workflows (e.g., OSCP, HTB, Proving Grounds).
  • Open source and actively maintained under GPL-3.0.

Installation

The installation commands below are taken verbatim from the project’s README. Run them only in authorised test environments.

# Clone the repository
git clone https://github.com/codingo/Reconnoitre.git

# Install the tool into your environment
python3 setup.py install

# Once installed, run Reconnoitre
reconnoitre <args>

Usage

These usage examples are also taken verbatim from the README. Adjust paths and scopes to your environment before running.

# Basic usage
Usage:
  reconnoitre -t TARGET_HOSTS -o OUTPUT_DIRECTORY [options]

Examples:
# Scan a single host, create directories and discover services:
reconnoitre -t 192.168.1.5 -o /root/Documents/labs/ --services

# Common flags:
-h, --help                 Display help message and exit
-t TARGET_HOSTS            Set a single host, IP range, or file containing hosts.
-o OUTPUT_DIRECTORY        Directory where results are written.
-w WORDLIST                Optional custom wordlist for compiled commands or attacks.
--pingsweep                Discover live hosts via ping sweep.
--dns, --dnssweep          Find DNS servers among targets.
--snmp                     Discover SNMP hosts.
--services                 Perform a service scan and write recommendations.
--hostnames                Identify target hostnames and write to hostnames.txt.
--virtualhosts             Discover virtual hosts using the wordlist.
--quiet                    Suppress headers, output only essential data.
--quick                    Run a quick scan and move to next target.
--no-udp                   Disable UDP scanning.

Attack Scenario

Objective: build a structured reconnaissance baseline for internal labs or early engagement mapping.

  1. Deploy Reconnoitre on an isolated analysis host or VM.
  2. Run a ping sweep to find live targets using --pingsweep, then launch --services to enumerate ports and protocols.
  3. Review generated per-host folders for findings, nmap results, and suggested follow-up commands.
  4. Validate open services manually using tools like Nmap or the dnmap distributed Nmap framework.

Red Team Relevance

Reconnoitre provides a baseline for reconnaissance standardisation. New operators can run consistent scans, store data in predictable structures, and hand off results cleanly to exploitation teams. It is beneficial for OSCP preparation and internal red-team exercises, where disciplined recon improves efficiency.

Extend its outputs with automation or combine it with broader recon aggregators such as Sn1per for multi-phase scanning. Use results as feed data for scripting frameworks or dashboards that track discovered hosts and services.

Detection and Mitigation

  • Monitor scanning patterns: alert on aggressive TCP/UDP enumeration and host sweeps matching Reconnoitre’s cadence.
  • Limit egress: restrict network ranges accessible from CI or developer machines to prevent misuse of internal scanners.
  • Deploy honeypots: detect and fingerprint scanners through bait services to generate indicators of compromise.
  • Track fingerprints: log port-scan metadata (user-agent strings, Nmap signatures, timing) for future correlation.
  • Harden pipelines: use CI/CD gating tools like Anteater to prevent unauthorised scanner installs.

Comparison

While tools like Sn1per or AutoRecon perform similar roles, Reconnoitre stands out for its simplicity and clarity. It doesn’t try to do everything — it focuses on reliable network discovery and structured output, making it ideal for reproducible workflows and training scenarios.

Conclusion

Reconnoitre remains a foundational reconnaissance tool for ethical hackers and red teams. It bridges the gap between manual scanning and full automation by structuring output intelligently and embedding best practices into every run. Use it in isolated environments, audit your scans, and feed results into downstream tooling for correlation and reporting.

You can read more or download Reconnoitre here: https://github.com/codingo/Reconnoitre