Will be great if the next version add the ability to schedule Agents.

when i run some agent,i start to click another target,when i come back to the target agent tag again,the agent's last run is still never,but i had run it just now.And is the last run tag work with the target i open now but all the other target?Why when i open another target that i added new,the last run of the agent had been there but not the never?

postgres uses an image, skipping
Building web
Sending build context to Docker daemon 276.8MB
Step 1/26 : FROM mcr.microsoft.com/dotnet/sdk:6.0.100-bullseye-slim AS build
---> c8231459539b
Step 2/26 : WORKDIR /app
---> Using cache
---> 32e5e673f533
Step 3/26 : RUN curl -sL https://deb.nodesource.com/setup_10.x | bash -
---> Using cache
---> fdb483973751
Step 4/26 : RUN apt-get install -y nodejs
---> Using cache
---> bb045eae9ad8
Step 5/26 : RUN npm install -g @vue/cli
---> Running in be3034abdbbf
/bin/sh: 1: npm: not found
The command '/bin/sh -c npm install -g @vue/cli' returned a non-zero code: 127
ERROR: Service 'web' failed to build : Build failed

Is your feature request related to a problem? Please describe.
I'd like a field to be added to subdomains/directories where vulnerability details can be stored for them from scanners such as nuclei.

Preferably it would work similar to how agents work now but instead of updating ip's or service you return vulnerability information to reconness.

Will be great to see in next version a way to export subdomain list in different formats in order to run local tools.

when i run some agents like nmap or dirsearch,the terminal and the logs don't have any output there but the process is really run,and when the agent run complet,the agent looks like is still run,only i fresh the page the agent is going to be normal,i don't know whether the agent had run over.

I'm use a vps with 2048MB ram and 1vCore cpu,the reconness allways crash exit with code 137
It seems because of the agent result is more and more,when i start some agent,the dotnet process's memory is more and more

Even when i just run the ping agent,the memory of the dotnet process is still increase slowly,i don't know why,but it must not a good result there.

And the memory of the dotnet process even never reduce when i don't run any agent,it's really a big problem.

the dirsearch seems don't work correctly,when i run the dirsearch agent install in the reconness with my own command,the dirsearch seems don't work, and the terminal and logs output nothing,and there is no result at the Directories tag.But when i scan the target with the dirsearch by myself at my vps,it works good.

Could an API be added to allow us to pull a list of all subdomains, services/ports and the directories/url's belonging to that subdomain.

1. For example I could create an agent to pull all the subdomains & spider the one's with web servers running on whatever ports, spider them & return the directories./url's.
2. Then create another agent to check all directories/url's for open redirects & update the vulnerability info in #154

I'd like to update the subdomain notes via the an agent/API so if I run an agent that find some useful information it can be stored in the notes field.

e.g suspicious directory or url changed at date xyz

Click install on any agent and the pop up reads "Donwload Dockerfile" should read Download Dockerfile

I add a target first,then i when i add another target,there is something wrong.It seems when i add another target ,the form don't refresh and the key had been there.The same problem seems been when i add last target and open the target before i added,i start to run the agent ,the agent scan the last tartget i added but not the target i select

And the code
reconness | Exception data:
reconness | Severity: ERROR
reconness | SqlState: 23505
reconness | MessageText: duplicate key value violates unique constraint "PK_Targets"
reconness | Detail: Key ("Id")=(bdea8f4b-2217-4483-a935-7ee25e480c76) already exists.
reconness | SchemaName: public
reconness | TableName: Targets
reconness | ConstraintName: PK_Targets
reconness | File: nbtinsert.c
reconness | Line: 570
reconness | Routine: _bt_check_unique
reconness | --- End of inner exception stack trace ---
reconness | at ReconNess.Data.Npgsql.ReconNessContext.CommitAsync(CancellationToken cancellationToken) in /app/DAL/ReconNess.Data.Npgsql/ReconNessContext.cs:line 235
reconness | at ReconNess.Service1.AddAsync(TEntity entity, CancellationToken cancellationToken) in /app/ReconNess/Service.cs:line 153 reconness | at ReconNess.Web.Controllers.TargetsController.Post(TargetDto targetDto, CancellationToken cancellationToken) in /app/ReconNess.Web/Controllers/TargetsController.cs:line 76 reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.TaskOfIActionResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments) reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeActionMethodAsync>g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask)
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context)
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync()
reconness | --- End of stack trace from previous location where exception was thrown ---
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|24_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted)
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Rethrow(ResourceExecutedContextSealed context)
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.InvokeFilterPipelineAsync()
reconness | --- End of stack trace from previous location where exception was thrown ---
reconness | at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.g__Awaited|17_0(ResourceInvoker invoker, Task task, IDisposable scope)
reconness | at Microsoft.AspNetCore.Routing.EndpointMiddleware.g__AwaitRequestTask|6_0(Endpoint endpoint, Task requestTask, ILogger logger)
reconness | at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
reconness | at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
reconness | at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
reconness | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

If you run 2 times (different days) a Subdomain Enumeration Agent will be great to see a Subdomain Diff between executions in order to get only new subdomains.

Over the weekend I ran into an issue where the VPS I use didn't have the horsepower to complete a task in a reasonable ammount of time so I came up with the idea of remote workers/agents (not sure what to call them yet) that can be installed on other servers and will fetch tasks from reconness, complete them and return the results.

I can create the remote workers/agents but to really get this working there needs to be changes to the core of reconness. Essentially a "orchestrator" needs to be created that will distribute tasks & process the results. Below I'll explain what I think is required to get a basic proof of concept up and running, please feel free to make suggestions or criticisms as this is the first time doing any sort of distributed computing.

Worker Registration

When an worker is first installed it needs to register with reconness, so that reconness knows they exist & can assign tasks to them. As a POC they will send a POST request (with a valid JWT) with an worker ID (random string) to reconness.

POST: { Agent: "abc", Status: "New" }

• An API endpoint needs to be created to accept and store these ID's
• Bonus, they should also be able to de-register themselves e.g when uninstalling the worker.

Worker Status

Workers will "check in" with reconness periodically & provide their status (free or busy),

Example:
POST: {agent: "abc", status: "free"}
POST: {agent: "abc", status: "busy", task: "123"}

Workers that don't provide an update within 15 minutes should be considered dead & deleted. Workers that are free can have tasks assigned to them, those that are busy shouldn't.

• An endpoint needs to be created for workers to report their status (or maybe use the same as above)
• A "garbage collection" script needs to be run on the saved workers so that dead one's are removed

Worker Tasks

When running an agent inside reconnness (e.g nmap), you should have the option (e.g a checkbox) to send it to a worker. Reconness should then assign this task to a worker by updating an API endpoint with the task to run e.g /api/worker/tasks

Example:
/api/workers/tasks
{ taskID: "123", agent: "abc", task: "nmap -T4 yahoo.com", status: "pending"}

Agents will check this endpoint for tasks & accept them by sending a post request saying they accept task 123

Example:
POST: { taskID: "123", agent: "abc", action: "accept"}

Reonness would then update the endpoint and change the status to wip or etc

Example:
/api/workers/tasks
{ taskID: "123", agent: "abc", task: "nmap -T4 yahoo.com", status: "wip"}

When workers complete a task they would send a post request saying its complete, with the results. Reconness would then need to run the agent script on the results to save the data. The worker would also update their status to free.

Example:
POST: { taskID: "123", agent: "abc", action: "Complete", results: "nmap cli output..."}

I think this covers the basics of what would be needed for a working poc, also note the JSON above are just examples so feel free to use what you think is best.

Will be great to get a Slack notification when an Agent ends its execution.

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• Update dependency Newtonsoft.Json to v13.0.3
• Update dependency vue-loading-overlay to v3.4.3
• Update dotnet monorepo (Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.AspNetCore.Identity.EntityFrameworkCore, Microsoft.AspNetCore.SpaServices.Extensions, Microsoft.EntityFrameworkCore, Microsoft.EntityFrameworkCore.Tools, Microsoft.Extensions.DependencyInjection, Microsoft.Extensions.Hosting, Microsoft.Extensions.Identity.Stores, mcr.microsoft.com/dotnet/sdk)
• Update mstest monorepo to v2.2.10 (MSTest.TestAdapter, MSTest.TestFramework)
• Update dependency FluentValidation.AspNetCore to v10.4.0
• Update dependency Microsoft.CodeAnalysis.CSharp.Scripting to v4.9.2
• Update dependency Microsoft.NET.Test.Sdk to v17.9.0
• Update dependency Moq to v4.20.70
• Update dependency NLog.Web.AspNetCore to v4.15.0
• Update dependency Swashbuckle.AspNetCore to v6.5.0
• Update dependency coverlet.collector to v3.2.0
• Update dependency jquery to v3.7.1
• Update dependency vue-router to v3.6.5
• Update dotnet-azure-ad-identitymodel-extensions monorepo to v6.35.0 (Microsoft.IdentityModel.Tokens, System.IdentityModel.Tokens.Jwt)
• Update vue monorepo to v2.7.16 (vue, vue-template-compiler)
• Update Font Awesome (major) (@fortawesome/fontawesome-svg-core, @fortawesome/free-regular-svg-icons, @fortawesome/free-solid-svg-icons, @fortawesome/vue-fontawesome)
• Update actions/checkout action to v4
• Update dependency AutoMapper.Extensions.Microsoft.DependencyInjection to v12
• Update dependency Bogus to v35
• Update dependency FluentValidation.AspNetCore to v11
• Update dependency NLog to v5
• Update dependency NLog.Web.AspNetCore to v5
• Update dependency Npgsql.EntityFrameworkCore.PostgreSQL to v8
• Update dependency RestSharp to v110
• Update dependency RestSharp.Serializers.NewtonsoftJson to v110
• Update dependency coverlet.collector to v6
• Update dependency eslint to v9
• Update dependency eslint-plugin-vue to v9
• Update dependency vue to v3
• Update dependency vue-loading-overlay to v6
• Update dependency vue-router to v4
• Update dependency vuex to v4
• Update dependency xterm to v5
• Update dotnet monorepo (major) (Microsoft.AspNetCore.Authentication.JwtBearer, Microsoft.AspNetCore.Identity.EntityFrameworkCore, Microsoft.AspNetCore.SpaServices.Extensions, Microsoft.EntityFrameworkCore, Microsoft.EntityFrameworkCore.Tools, Microsoft.Extensions.DependencyInjection, Microsoft.Extensions.Hosting, Microsoft.Extensions.Identity.Stores, mcr.microsoft.com/dotnet/aspnet, mcr.microsoft.com/dotnet/sdk)
• Update dotnet-azure-ad-identitymodel-extensions monorepo to v7 (major) (Microsoft.IdentityModel.Tokens, System.IdentityModel.Tokens.Jwt)
• Update github/codeql-action action to v3
• Update mstest monorepo to v3 (major) (MSTest.TestAdapter, MSTest.TestFramework)
• Update vue-cli monorepo to v5 (major) (@vue/cli-plugin-babel, @vue/cli-plugin-eslint, @vue/cli-service)
• 🔐 Create all rate-limited PRs at once 🔐

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update dependency moment to v2.29.4 [SECURITY]
• Update dependency axios to v0.28.0 [SECURITY]
• Replace dependency babel-eslint with @babel/eslint-parser 7.11.0
• Update dependency @fortawesome/vue-fontawesome to v2.0.10
• Update dependency Bogus to v34.0.2
• Update dependency NLog to v4.7.15
• Update dependency Npgsql.EntityFrameworkCore.PostgreSQL to v6.0.22
• Update dependency bootstrap to v4.6.2
• Update dependency xterm to v4.19.0
• Update dependency bootstrap to v5
• Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• Update dependency core-js to v3
• Update dependency vue-axios to v3

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Will be great to see a way to look screenshots of the subdomains found with Sublist3r / Amass, support for Aquatone / Eyewitness as a column in the subdomain list view. This feature will add a lot of value to this tool.

I hope add a sort function with the agents tag in the target,example ,i can sort the agent with the categories tag or name or the last run.

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: Cannot find preset's package (github>whitesource/merge-confidence:beta)

Will be great to chain different Agents in one lineal process (Pipeline), for example, Sublist3r to get subdomains, then Ping to get Alive host, then Nmap to get ports of the Alive host, and at the end Aquatone / Eyewitness to get Screenshots of all the HTTP/HTTPS ports.

i' love it, please add screenshot for the sub domain

keep going like that

Describe the bug
In the docs.reconness.com, the images seems broken

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://docs.reconness.com/getting-started/quick-start'

Screenshots

Describe the bug
When I was following the directions on https://docs.reconness.com/scan/httprobe, I continued to get this error
Step 63/68 : RUN . ~/.profile && go get github.com/tomnomnom/httprobe
---> Running in 92108c763b91
crypto/ecdsa
/usr/local/go/src/crypto/ecdsa/ecdsa_noasm.go:16:14: undefined: signGeneric
/usr/local/go/src/crypto/ecdsa/ecdsa_noasm.go:21:9: undefined: verifyGeneric
ERROR: Service 'web' failed to build: The command '/bin/sh -c . ~/.profile && go get github.com/tomnomnom/httprobe' returned a non-zero code: 2

I ended up adding the following line to the DockerFile which resolved the issue.
RUN rm -r /usr/local/go/

The full httprobe agent code looks like for me:

RUN apt-get update && apt-get install -y git wget
RUN rm -r /usr/local/go/
RUN wget https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz
RUN tar -C /usr/local -xzf go1.13.4.linux-amd64.tar.gz
RUN echo 'export GOROOT=/usr/local/go' >> ~/.profile
RUN echo 'export GOPATH=$HOME/go' >> ~/.profile
RUN echo 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' >> ~/.profile
RUN . ~/.profile && go get github.com/tomnomnom/httprobe

Describe the bug
When attempting to build docker, I am facing this issue that I have described below. I am using this https://github.com/reconness/reconness-agents/blob/master/Dockerfile

To Reproduce
Steps to reproduce the behavior:
Follow standard installation procedure, use the provided Dockerfile and issue

docker-compose build 

Error:

Step 25/61 : RUN /root/go/bin/reconness-universal-wrapper setup -u <reconness username> -p <reconness password> -s <reconness.mydomain.com>
 ---> Running in 1e6213185f9d
/bin/sh: 1: Syntax error: end of file unexpected
ERROR: Service 'web' failed to build: The command '/bin/sh -c /root/go/bin/reconness-universal-wrapper setup -u <reconness username> -p <reconness password> -s <reconness.mydomain.com>' returned a non-zero code: 2

Expected behavior
As per my knowledge, the server should immediately start.

I am currently using digitalocean $40 per month.

Let me know if you need more info.

Thanks

Hello,

Over the past few months I've been working on an improved version of the reconness-universal-wrapper I made a few months ago and I believe it would help with speeding up the recon process & remove the need for agents. It isn't 100% complete but the majority of it is.

What is Laelaps?

Laelaps is a CLI application and service/worker (think of gitlab runner ) written in Golang. It's objective was to create a unified application that the end user could use during their research and also serve as a worker to run automated tasks.

CLI Application

The CLI application is pretty straightforward, you can view & edit the data in your project aswell as run pipelines/agents manually on your local PC. There is also a built in cache so every request won't lead to a DB query. For example:

Show subdomains:

$ laelaps show subdomains -p project1
prints subdomains....

Show subdomains and pipe to another application:

$ laelaps show subdomains -p project1 | url-crawler-abc

Show subdomains, pipe to another application & save url's (URL's sent to the API):

$ laelaps show subdomains -p project1 | url-crawler-abc | laelaps add url -p project1

Run/test a Pipeline (wip):

$ laelaps run template recon101 -p project1

This can be done for just about anything in the database, URL's, subdomains etc etc. This allows for very powerful one-liners that you would normally have to build a agent/pipeline for. More about pipelines/agents later...

Worker (wip)

The worker side of it essentially turns laelpas into a service that periodically checks the API for available tasks from the pipeline, executes them and returns the results to the API. The reason I decided to do it this way was the following:

1. Users can spin up as many agents as they want/need. Install it on a laptop, a server, rasbery pi etc. Or provide a AWS/GCP/Digitial Ocean API key and they'll be spun up and down as needed.
2. This allows for distributed computing/microservices. As long as the pipeline has asynchronous tasks available, you agents will be working.
3. Liability I'm really concerned about this, if you shift to a cloud model who is liable for someone accidently ddosing some company? If reconness hosts the agents you might be in trouble. If the user hosts the agent on their laptop or their AWS/GCP/digitial ocean account, they're liable?

Pipelines and the removal of agents

I created my own version of pipelines and basically removed the need for agents as I found them a pain in the ass. Agents have been integrated into the pipelines, you define the Task(agent) and define the command that is to be ran. You use variables similar to reconness-universal-wrapper. e.g dirsearch $subdomain. I don't have a template infront of me put will paste some of the go code and maybe it will explain it a bit better

type WorkFlow struct {
	Version   int                 `validate:"required" yaml:"version,omitempty"` //Version of the workflow
	Vars      []map[string]string `validate:"unique" yaml:"vars,omitempty"` //custom variables
	Tasks     []*Task             `validate:"required,unique" yaml:"tasks,omitempty"` //Tasks (agents)
	
	//TaskOrder isn't seen by the end user, this is used by the server or laelaps to order tasks based on their dependencies
	//This is a 2D aray that orders tasks into "Phases" e.g task 1,2,3 have no dependencies so they'll be in phase 1 & will be
        // available for laelaps to work on
	// but task 3,4,5 have dependencies so will be in later phases based on their dependencies & won't be available
	// the ordering can get quite complex as you could imagine
	TaskOrder [][]int             `yaml:"-,omitempty"`
}

type Task struct {
	Name         string   `validate:"required" yaml:"name,omitempty"`
	Desc         string   `yaml:"desc,omitempty"`
	Status       string   `validate:"oneof=available unavailable" yaml:"status,omitempty"` //Laelaps will take available tasks
	Command      []string `yaml:"cmd,omitempty"` //the command to be executed
	Dependencies []string `yaml:"dependecies,omitempty"` //Name of the tasks that this task is dependent on

	//Producers defines what this task produces, there can be multiple but each piece of data produced needs an exporter
	Producers    []string `validate:"unique,oneof=rootdomain rootdomains subdomain subdomains" yaml:"produces,omitempty"`

	//RequirementCondition string       `validate:"oneof=and or" yaml:"reqCondition,omitempty"`
	//Requirments          []Requirment `validate:"unique" yaml:"req,omitempty"`

	//exporters are basically what the reconness c# scripts were
	Exporters []*Exporter `yaml:"exporters"`
}

type Exporter struct {
	Name         string `validate:"required" yaml:"name,omitempty"`
	Return       string `validate:"required" yaml:"return,omitempty"` //Has to match one of the producers above
	Resullts     []*interface{} //stored results

	//Exporters can have SubExporters. E.g You might have some complex output like line1: subdomain, line 2 url, line 3 vulnerability
	// You may want to create subexporter so that when a subdomain is found, trigger the subexporter to get the URL, when the url is found trigger another subexporter to get the vulnerability. Then this can all be saved for the same object/subdomain
	SubExporters []*Exporter 

	Regex         string `validate:"required" yaml:"regex,omitempty"` //regex to use to find the result
	RegexCompiled *regexp.Regexp
	//regex group to get results from if 0 or empty, all of regex will be taken as the result
	RegexGroup    int  `yaml:"regexGroup,omitempty"` 
	MinLine       int  `yaml:"minLine,omitempty"` //min line to start looking for results
	MaxLine       int  `yaml:"maxLine,omitempty"` //max line to stop looking for results
	InScope       bool `yaml:"inScope,omitempty"`//wip
	NextLines     int //similar to minline but really used for the subexporters
}

We have a bug after stop an agent and refresh the website, that is not happening is the website is not refreshed.

To Reproduce
Steps to reproduce the behavior:

1. Run an Agent
2. Stop the Agent before finish
3. Refresh the page (F5)
4. Try to run again an Agent

Expected behavior
After refresh the page the Agent need to run fine, after click on run button

Desktop (please complete the following information):

• Docker
• Version 1.5.0

Hey there. Cool looking project. Please see my username, but I am having issues building. I attempted on Ubuntu 18.04 within a VM as well as I signed up on DigitalOcean to see if I ruined something. I am getting the same error on both Ubuntu instances.

Local VM - Ubuntu 18.04

DigitalOcean Ubuntu 18.04

Googling failed for me sadly. If you can point me in the correct direction I would very much appreciate that!

Is your feature request related to a problem? Please describe.
In an effort to fully maximize my methodology before recentness it would be amazing to have an agent be able to screen shot

Describe the solution you'd like
As discussed in Discord, an Agent like Eyewitness and/or aquatone to take screenshots of each live host and have the mautomatically added to a photo gallery.

Describe alternatives you've considered
I have been manually doing it on a sperate VPS and using a seperate PHP server to handle the photo gallery, i'vealso tried uploading them directly to Discord. Those work, but haveit work in Reconness would be so damn awesome

Additional context
I will open a PR with the agents Eyewitness and/or Aquatone introduced to the ProJet, and then discuses with @gorums about getting reconnects to have a photo gallery automatically created for each subdomain that screenshots are taken. I am willing to implement this feature of work on something else as needed.

Host: Ubuntu 18.04
Docker Version: Docker version 19.03.8, build afacb8b7f0
Docker Compose: docker-compose version 1.25.4, build 8d51620a