惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
D
DataBreaches.Net
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
D
Docker
N
Netflix TechBlog - Medium
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Check Point Blog
腾讯CDC
Stack Overflow Blog
Stack Overflow Blog
V
Visual Studio Blog
IT之家
IT之家
月光博客
月光博客
U
Unit 42
K
Kaspersky official blog
T
Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
GbyAI
GbyAI
P
Proofpoint News Feed
Last Week in AI
Last Week in AI
云风的 BLOG
云风的 BLOG
酷 壳 – CoolShell
酷 壳 – CoolShell
I
InfoQ
Engineering at Meta
Engineering at Meta
Recorded Future
Recorded Future
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Security @ Cisco Blogs
MyScale Blog
MyScale Blog
大猫的无限游戏
大猫的无限游戏
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Schneier on Security
S
Secure Thoughts
The Register - Security
The Register - Security
B
Blog RSS Feed
The Last Watchdog
The Last Watchdog
P
Palo Alto Networks Blog
爱范儿
爱范儿
B
Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
C
Cisco Blogs
Spread Privacy
Spread Privacy
F
Full Disclosure
博客园 - 聂微东
T
The Blog of Author Tim Ferriss

Darknet – Hacking Tools, Hacker News & Cyber Security

MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation Credential Stuffing in 2025 - How Combolists, Infostealers and Account Takeover Became an Industry DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like SmbCrawler – SMB Share Discovery and Secret-Hunting Heisenberg Dependency Health Check – GitHub Action for Supply Chain Risk Dark Web Search Engines in 2025 – Enterprise Monitoring, APIs and IOC Hunting mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers Initial Access Brokers (IAB) in 2025 – From Dark Web Listings to Supply Chain Ransomware Events
Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool
Darknet · 2025-11-10 · via Darknet – Hacking Tools, Hacker News & Cyber Security

You are here: Home / Hacking Tools / Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool

Reconnoitre is an open-source reconnaissance tool that automates multithreaded information gathering and service enumeration. It structures your results, generates follow-up recommendations, and is widely used in OSCP-style labs and red team environments. Built by Codingo, it focuses on reliable, repeatable recon automation.

Reconnoitre - Open-Source Reconnaissance and Service Enumeration Tool

Overview

Reconnoitre removes the manual overhead from early-stage reconnaissance. It performs host discovery, port and service scanning, directory setup, and next-step generation. The tool outputs a consistent directory layout with scans, notes, and proof files — enabling structured recon and easier collaboration across teams.

Features

  • Multithreaded scanning for fast host and service enumeration.
  • Automatic directory structure — creates per-host folders for scans, loot, and proofs.
  • Protocol coverage including TCP, UDP, SNMP, and virtual host discovery.
  • Built for training and red-team use — integrates into lab-style workflows (e.g., OSCP, HTB, Proving Grounds).
  • Open source and actively maintained under GPL-3.0.

Installation

The installation commands below are taken verbatim from the project’s README. Run them only in authorised test environments.

# Clone the repository
git clone https://github.com/codingo/Reconnoitre.git

# Install the tool into your environment
python3 setup.py install

# Once installed, run Reconnoitre
reconnoitre <args>

Usage

These usage examples are also taken verbatim from the README. Adjust paths and scopes to your environment before running.

# Basic usage
Usage:
  reconnoitre -t TARGET_HOSTS -o OUTPUT_DIRECTORY [options]

Examples:
# Scan a single host, create directories and discover services:
reconnoitre -t 192.168.1.5 -o /root/Documents/labs/ --services

# Common flags:
-h, --help                 Display help message and exit
-t TARGET_HOSTS            Set a single host, IP range, or file containing hosts.
-o OUTPUT_DIRECTORY        Directory where results are written.
-w WORDLIST                Optional custom wordlist for compiled commands or attacks.
--pingsweep                Discover live hosts via ping sweep.
--dns, --dnssweep          Find DNS servers among targets.
--snmp                     Discover SNMP hosts.
--services                 Perform a service scan and write recommendations.
--hostnames                Identify target hostnames and write to hostnames.txt.
--virtualhosts             Discover virtual hosts using the wordlist.
--quiet                    Suppress headers, output only essential data.
--quick                    Run a quick scan and move to next target.
--no-udp                   Disable UDP scanning.

Attack Scenario

Objective: build a structured reconnaissance baseline for internal labs or early engagement mapping.

  1. Deploy Reconnoitre on an isolated analysis host or VM.
  2. Run a ping sweep to find live targets using --pingsweep, then launch --services to enumerate ports and protocols.
  3. Review generated per-host folders for findings, nmap results, and suggested follow-up commands.
  4. Validate open services manually using tools like Nmap or the dnmap distributed Nmap framework.

Red Team Relevance

Reconnoitre provides a baseline for reconnaissance standardisation. New operators can run consistent scans, store data in predictable structures, and hand off results cleanly to exploitation teams. It is beneficial for OSCP preparation and internal red-team exercises, where disciplined recon improves efficiency.

Extend its outputs with automation or combine it with broader recon aggregators such as Sn1per for multi-phase scanning. Use results as feed data for scripting frameworks or dashboards that track discovered hosts and services.

Detection and Mitigation

  • Monitor scanning patterns: alert on aggressive TCP/UDP enumeration and host sweeps matching Reconnoitre’s cadence.
  • Limit egress: restrict network ranges accessible from CI or developer machines to prevent misuse of internal scanners.
  • Deploy honeypots: detect and fingerprint scanners through bait services to generate indicators of compromise.
  • Track fingerprints: log port-scan metadata (user-agent strings, Nmap signatures, timing) for future correlation.
  • Harden pipelines: use CI/CD gating tools like Anteater to prevent unauthorised scanner installs.

Comparison

While tools like Sn1per or AutoRecon perform similar roles, Reconnoitre stands out for its simplicity and clarity. It doesn’t try to do everything — it focuses on reliable network discovery and structured output, making it ideal for reproducible workflows and training scenarios.

Conclusion

Reconnoitre remains a foundational reconnaissance tool for ethical hackers and red teams. It bridges the gap between manual scanning and full automation by structuring output intelligently and embedding best practices into every run. Use it in isolated environments, audit your scans, and feed results into downstream tooling for correlation and reporting.

You can read more or download Reconnoitre here: https://github.com/codingo/Reconnoitre