Skip to content

psychedelic-theory/Auto_Recon_Vulnerability_Report_Generator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

20 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ›‘οΈ Automated Reconnaissance & Vulnerability Report Generator

CS4240/6240 β€” System Administration & Security
Johan Zapata & Nathan Kitchens β€” Clemson University


πŸ“‹ Description

The Automated Reconnaissance & Vulnerability Report Generator is an open source security tool designed to automate the reconnaissance phase of a penetration test against a target Linux system. Instead of running each security tool manually and interpreting raw terminal output one by one, this tool chains together several industry-standard tools into a single executable workflow and produces a clean, easy-to-read HTML report at the end.

The report highlights open ports, running services, software versions, web server vulnerabilities, hidden directories, SMB shares, user accounts, and known public exploits β€” giving security professionals and students a fast, repeatable, and well-documented starting point for any penetration test.


🎯 Purpose

Reconnaissance is the first and one of the most critical phases of any real-world penetration test. Security professionals typically have to:

  • Run each tool separately from the command line
  • Read through raw terminal output manually
  • Piece together findings from multiple sources into a coherent report

This tool solves that problem by giving Linux users and security professionals a single command they can run to automate the entire process. The generated HTML report makes the results accessible to both technical and non-technical audiences by turning raw data into something actionable and easy to understand.


πŸ” What We Are Reconning For

The tool performs reconnaissance across the following attack surface areas:

1. Open Ports & Services

Identifies all open TCP ports on the target system and detects what services and software versions are running on each port. This is the foundation of any reconnaissance effort β€” knowing what is exposed is the first step to understanding the attack surface.

2. Web Server Vulnerabilities

Scans any detected web server for common misconfigurations, outdated software, missing security headers, exposed admin panels, and other known web vulnerabilities. This covers both HTTP and HTTPS services.

3. Hidden Directories & Files

Enumerates hidden or unlisted directories and files on any detected web server using a wordlist-based brute force approach. This can reveal admin panels, backup files, configuration files, and other sensitive resources that are not publicly linked but are still accessible.

4. SMB Shares & User Accounts

Enumerates any SMB (Server Message Block) file sharing services running on the target. This includes discovering shared network folders, user accounts, workgroup information, and password policies. Misconfigured SMB services are a common entry point in real-world attacks.

5. Known Public Exploits

Cross-references all detected services and software versions against the Exploit Database (ExploitDB) to identify any publicly known exploits or CVEs that apply to the target system. This gives a direct indication of what an attacker could use against the system.


🧰 Tech Stack & Tools

Tool Purpose Language
Nmap Port scanning and service/version detection C
Nikto Web server vulnerability scanning Perl
Gobuster Directory and file enumeration Go
enum4linux-ng SMB enumeration Python
Searchsploit / ExploitDB Known exploit lookup Bash / Ruby
Python 3 Report generation and JSON parsing Python
Jinja2 HTML report templating Python
Bash Main workflow orchestration Bash

πŸ’» System Requirements

Attacker Machine (Scanner)

  • OS: Ubuntu 22.04 or Ubuntu 24.04 LTS
  • RAM: 2GB minimum, 4GB recommended
  • Disk: 20GB minimum
  • Network: Host-Only VirtualBox adapter configured

Target Machine (for testing)

  • Metasploitable 2 (intentionally vulnerable Linux VM)
  • RAM: 512MB
  • Network: Same Host-Only VirtualBox adapter as scanner

Prerequisites

Before running the setup script, make sure the following are available:

  • git β€” to clone the repository
  • sudo / root access β€” required for installation
  • Internet access β€” required during setup to download tools
  • VirtualBox with a Host-Only network configured

πŸ“ Project Structure

recon-tool/ β”œβ”€β”€ recon.sh # Main entry point β€” run this β”œβ”€β”€ setup.sh # Automated installer for all tools β”œβ”€β”€ modules/ β”‚ β”œβ”€β”€ nmap_scan.sh # Port and service detection β”‚ β”œβ”€β”€ nikto_scan.sh # Web vulnerability scanning β”‚ β”œβ”€β”€ gobuster_scan.sh # Directory enumeration β”‚ β”œβ”€β”€ enum4linux_scan.sh # SMB enumeration β”‚ └── searchsploit_scan.sh # Known exploit lookup β”œβ”€β”€ report/ β”‚ └── generate_report.py # Parses results and builds HTML report β”œβ”€β”€ results/ # Scan output saved here (auto-created) └── README.md

βš™οΈ Installation

Step 1 β€” Clone the Repository

git clone https://github.com/YOUR_USERNAME/recon-tool.git
cd recon-tool

Step 2 β€” Run the Setup Script

chmod +x setup.sh
sudo ./setup.sh

The setup script will automatically:

  • Install all required system packages and dependencies
  • Clone and configure Nikto, ExploitDB, and enum4linux-ng
  • Install required Python packages (Jinja2, Weasyprint)
  • Download the Gobuster wordlist
  • Verify every tool is working correctly
  • Print a pass/fail summary at the end

If any tools fail to install, check /tmp/recon_setup.log for detailed error output.


πŸš€ Usage

Basic Scan

sudo ./recon.sh -t <TARGET_IP>

With Custom Output Directory

sudo ./recon.sh -t <TARGET_IP> -o ./results/my_scan

With Custom Wordlist

sudo ./recon.sh -t <TARGET_IP> -w /usr/share/wordlists/rockyou.txt

All Options

sudo ./recon.sh -t <TARGET_IP> [-o <output_dir>] [-w <wordlist>] [-h]

  -t  Target IP address (required)
  -o  Output directory (default: ./results/<timestamp>)
  -w  Wordlist for Gobuster (default: /usr/share/wordlists/dirb/common.txt)
  -h  Show help message

Example

sudo ./recon.sh -t 192.168.198.3

πŸ“Š Sample Output

After a completed scan, the following files are saved to results/<timestamp>/:

File Contents
nmap_ports.txt Raw Nmap port discovery output
nmap_results.txt Detailed Nmap service and version scan
nikto_results.txt Web server vulnerability findings
gobuster_results.txt Discovered directories and files
enum4linux_results.txt SMB users, shares, and password policy
searchsploit_results.txt Matched known exploits from ExploitDB
services_list.txt Extracted service list used for exploit lookup
report.html Final HTML report β€” open this in a browser

What the Report Includes

  • Executive Summary β€” four stat cards showing counts of open ports, web findings, directories, and known exploits
  • Risk Score β€” overall severity rating (LOW / MEDIUM / HIGH / CRITICAL)
  • Open Ports & Services table β€” port, service name, and version
  • Web Vulnerabilities β€” Nikto findings listed individually
  • Directory Enumeration β€” discovered paths with HTTP status codes
  • SMB Enumeration β€” users, shares, workgroup, and password policy
  • Known Exploits β€” matched ExploitDB entries per service
  • Raw Nmap Output β€” full unmodified Nmap scan for reference

⚠️ Known Limitations

  • TCP only β€” the tool currently scans TCP ports only. UDP scanning is not included as it significantly increases scan time.
  • Single target β€” the tool scans one IP address at a time. Subnet or range scanning is not supported.
  • Web scanning requires HTTP/HTTPS β€” Nikto and Gobuster only run if a web server is detected on ports 80, 443, or 8080. Non-standard web ports may be missed.
  • Searchsploit requires local ExploitDB copy β€” the tool does not query the internet for exploits. It relies on the locally cloned ExploitDB database which may not always be fully up to date.
  • enum4linux-ng requires SMB ports β€” SMB enumeration only runs if ports 139 or 445 are detected as open.
  • Scan time varies β€” a full scan against Metasploitable 2 typically takes 5-15 minutes depending on the number of open ports and web server response time.

πŸ§ͺ Test Environment

This tool was developed and tested using the following environment:

Component Details
Hypervisor Oracle VirtualBox
Scanner VM Ubuntu 24.04 LTS β€” IP: 192.168.198.4
Target VM Metasploitable 2 β€” IP: 192.168.198.5
Network VirtualBox Host-Only Adapter
Host OS Windows 11

🚫 Legal Disclaimer

This tool is intended for educational purposes and authorized security testing only.

Never run this tool against systems you do not own or do not have explicit written permission to test. Unauthorized scanning of systems is illegal and unethical. The authors take no responsibility for any misuse of this tool.

This project was developed as part of a university course on System Administration and Security. It is designed to be used exclusively in a controlled lab environment against intentionally vulnerable systems such as Metasploitable 2.


πŸ‘₯ Authors

Johan Zapata
Computer Science β€” Clemson University
CS4240/6240 β€” System Administration & Security

Nathan Kitchens
Computer Science β€” Clemson University
CS4240/6240 β€” System Administration & Security


πŸ“š References

About

A workflow tool that automates recon by running common enumeration scanners, collecting their results, and turning the output into a clean HTML report for quick review. It is built to streamline early-stage vulnerability assessment and make findings easier to organize, read, and present.

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors