Skip to main content
HashnodeCode Chronicles

Command Palette

Search for a command to run...

Pathfinder

Automated Recon Tool

Updated
2 min read
Pathfinder
J
Jeff Tong

I am a developer in Seattle with interests in Security (cyber and IRL), machine learning, and distributed systems.

I've been meaning to consolidate scripts I've been using to call various reconnaissance tools for Hack-the-Box and CTFs. The tools (first of each list) are usually the ones I use for pre-liminary scan for foothold. I just had a bash script which kicks off a bunch of tools, but it's getting unwieldy.

Web Fuzzing & Content Discovery

  • ffuf - Fuzz Faster U Fool

  • feroxbuster - Fast, recursive content discovery tool written in Rust.

  • gobuster - Efficient tool for discovering URIs and DNS subdomains.

  • dirsearch - Command-line tool for brute-forcing directories and files.

  • wfuzz - Flexible web application fuzzer for finding resources and parameters.

Port Scanning & Network Discovery

  • rustscan - The modern port scanner

  • nmap - The industry standard for network mapping and service detection.

  • naabu - Reliable and fast port scanner written in Go.

  • masscan - Ultra-fast TCP port scanner for internet-scale discovery.

CMS & Web Vulnerability Scanning (Similar to WPScan)

  • nuclei - Template-based scanner for modern CVEs and misconfigurations.

  • nikto - Classic web server scanner for finding dangerous files and outdated software.

  • joomscan - Dedicated scanner for Joomla CMS installations.

  • droopescan - Version and vulnerability scanner for Drupal, SilverStripe, and WordPress.

Subdomain & Asset Discovery

  • amass - In-depth tool for attack surface mapping and asset discovery.

  • subfinder - Fast subdomain discovery using passive sources.

  • theHarvester - OSINT tool for gathering emails, subdomains, and hostnames.

Automation Frameworks

  • reconFTW - An automated script that chains multiple recon tools into one workflow.

  • Recon-ng - Full-featured web reconnaissance framework written in Python.

Finally took some time to rethink and re-create the automation as Pathfinder. It's configurable via YAML and can run tools in sequence and in parallel. Can update the /etc/hosts file which is common when working on a box which is reset or over several days.

Install

pipx install git+https://github.com/wind010/pathfinder

With this and Navi along with my custom cheatsheets, I'm able to work much quicker to get root.

The tool draws inspiration from CyberDeck and Chestburster from my buddy DotNetRussell.

#hacking#hackthebox#reconnaissance#cybersecurity

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Code Chronicles

130 posts

I am a developer in Seattle with interests in Security (cyber and IRL), machine learning, and distributed systems. The best practice is doing. Teaching is learning.