So you’ve been doing some research into preparing for the OSCP Penetration Testing with Kali course and certification. You have discovered that in order to stand a good chance of doing well in the exam it pays to become proficient in enumeration. Enumeration is the process by which the pen tester discovers as much as possible about the technology stack and structure of the network behind the target IP or IP range.
Reconscan is a python script that will launch multiple scanning tools against the target IP and then output the results to the console. What is spectacularly good about Reconscan though is the fact that it also creates a series of files in the reports directory (directory created as part of the setup process). The reports are split into individual files based on the services found during the scan. This means the user can straight to the information relevant to that service or network application that they are trying to exploit. In a stressful and fatiguing exam, that takes place over 24 hrs, the ability to go straight to what you are looking for can not be overestimated.
Many thanks to Mike Czumak for the original reconscan and Philip Linghammar for the modified scan used in this guide.
⚠️ WARNING: Using this script against any IP address you do not own could result in serious legal consequences!
If in doubt: DON’T DO IT !
How to download and setup Reconscan
Start up your installation of Kali and open the terminal. Navigate to the directory that you will use to keep all of the files related to reconscan. If this directory doesn’t exist create it.
For more information on using basic Linux terminal commands to navigate and create files click here.
Boot up Firefox and navigate to the GitHub page containing the reconscan files:
On the right-hand side of the page click on the green clone or download button. Copy the link that appears.
Go back to the terminal in Kali and type the following, posting in the link copied above:
git clone https://github.com/xapax/oscp.git
The script and the supporting files will now be downloaded in the directory.
Once the script is downloaded cd into the OSCP folder and then run the setup.sh script by entering the following into the terminal:
Reconscan can now be launched just by entering reconscan into the terminal.
How to launch Reconscan against a target
To launch Reconscan against a target IP simply enter the following:
The following screenshot shows the terminal output of reconscan running against my local installation of Metasploitable.
Once the script has finished running you can either use the terminal or the guy file browser to navigate to the reports folder within Reconscan to view the output files: