TmuxRecon: The Metasploit of External Enumeration

Automate the scanning and enumeration of machines externally while maintaining complete control over scans shot to the targets with the speed and convenience of Tmux. Great for OSCP/HTB type Machines as well as penetration testing.

• Think Metasploit, but for external enumeration…
• TmuxRecon is a scalable and straightforward platform to place your operational workflow.
• The database for TmuxRecon (Main.csv) is easily altered to support your methodologies as they are substituted and appended.
• Great for HTB and OSCP like machines.
• TmuxRecon is a product of 19% security solutions.

Demo

Methodology

• Kickoff TmuxRecon (TmuxRecon 10.10.10.5).

• C-b w (Move into the TmuxRecon Session).

• When prompted, type “Y” to kickoff a Quick, Banner, All-Port, and UDP nmap scan.

• Notice that new windows were opened kicking off those scans. Depending upon the ports returned, run scans for those ports.

• Change variables as you need to suit your target (Example: HTTP running on port 8500).

ProTips

• Run multiple commands from a table at once by splitting the command numbers with commas. EX: 0,1,2 (Spaces and periods work aswell)

Build

git clone https://github.com/CoolHandSquid/TmuxRecon.git
cd TmuxRecon
./Build.sh

Adding Modules

• Open Main.csv with your favorite csv editor (I’m partial to ModernCSV and Excel).
• When adding a command, keep in mind Name, Port, and Description are for the primary display screen; Cmd_Name, Cmd_Description, Cmd_Command, Cmd_Comment, and SubDisplayOrder are for the secondary display screen.

Special Characters and Syntax

Cmd_Command has a few special characters including &&&&, #, ##, ?, and {}.

&&&&

• &&&& Anywhere in the command will split the line and start each command individually in separate tabs.
• Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open.

# and ##

• “#” is for sending yourself notes to another tab.
• “#” can be useful if you don’t want to run a command, but you want to give yourself copy-paste notes for manual enumeration.
• Set only the first character of the line to # if you want variables to be evaluated.
• Set the first two characters of the line to ## if you do not want variables to be evaluated.

?

• “?” is for sending a question to the user. The responce will be set to a numbered variable.
• You can send multiple lines of questions for multiple variables.
• Example:

?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
?What is a known password you would like to brute force?
wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e 

{}

• {} is for grabbing a variable from TmuxRecon.
• Available variables can be viewed in the variables table.