TmuxRecon – Automate the scanning and enumeration


Automate the scanning and enumeration of machines while maintaining complete control over scans shot to targets. All the while applying the speed and convenience of tmux! Great for OSCP/HTB type Machines as well as penetration testing.

“The Metasploit of External Enumeration”



  • Think Metasploit, but for external enumeration…
  • TmuxRecon is a scalable and straightforward platform to place your operational workflow.
  • The database for TmuxRecon (Main.csv) is easily altered to support your methodologies as they are substituted and appended.
  • Great for HTB and OSCP like machines.
  • TmuxRecon is a product of 19% security solutions.




  1. Kickoff TmuxRecon (TmuxRecon

2. C-b w (Move into the TmuxRecon Session).


3. When prompted, type “Y” to kickoff a Quick, Banner, All-Port, and UDP nmap scan.


4. Notice that new windows were opened kicking off those scans. Depending upon the ports returned, run scans for those ports.


5. Change variables as you need to suit your target (Example: HTTP running on port 8500).



  • Run multiple commands from a table at once by splitting the command numbers with commas. EX: 0,1,2 (Spaces and periods work aswell)


git clone
cd TmuxRecon

Adding Modules

  • Open Main.csv with your favorite csv editor (I’m partial to ModernCSV and Excel).
  • When adding a command, keep in mind Name, Port, and Description are for the primary display screen; Cmd_Name, Cmd_Description, Cmd_Command, Cmd_Comment, and SubDisplayOrder are for the secondary display screen.

Special Characters and Syntax

  • Cmd_Command has a few special characters including &&&&, #, ##, ?, and {}.


  • &&&& Anywhere in the command will split the line and start each command individually in separate tabs.
  • Example: whoami &&&& id &&&& ifconfig will open three tabs and run the desired command in each. &&&& is useful if you initially run multiple separate commands every time you see a specific port open.

# and ##

  • “#” is for sending yourself notes to another tab.
  • “#” can be useful if you don’t want to run a command, but you want to give yourself copy-paste notes for manual enumeration.
  • Set only the first character of the line to # if you want variables to be evaluated.
  • Set the first two characters of the line to ## if you do not want variables to be evaluated.


  • “?” is for sending a question to the user. The responce will be set to a numbered variable.
  • You can send multiple lines of questions for multiple variables.
  • Example:
?What is the location of the wp-login.php? Example: /Yeet/cannon/wp-login.php
?What is a known password you would like to brute force?
wpscan --url {Web_Proto}://{IP}{1} --enumerate u,tt,t,vp --password {2} -e 


  • {} is for grabbing a variable from TmuxRecon.
  • Available variables can be viewed in the variables table.