AccessRecon is a PowerShell tool that scans your Windows domain for SMB/NTFS exposure and produces clean, actionable reports. It automatically discovers computers from your domain, checks each computer for reachability, and then only scans the live computers. AccessRecon exports structured results and generates an executive HTML and PDF summary.
- AD-aware discovery
- Enumerates domain computers directly from Active Directory.
- Logs discovery stats (counts, timing) for auditability.
- Fast reachability filtering
- Parallelized ping scan to identify hosts that are actually online.
- Only reachable hosts proceed to deep scan—saves time and noise.
- Parallel SMB/NTFS scan
- Adaptive scan tuning with profile defaults (Conservative, Balanced, Aggressive)
- Multithreaded runspace pool for high throughput.
- Per-host diagnostics (duration, “slow scan” flag) and robust error capture.
- Caches lookups (e.g., SIDs) to reduce redundant calls.
- Host retry for UnknownHosts found in first scan pass (-RetryUnknownHosts)
- Clean exports
- Timestamped outputs under
.\Reports\<MM_dd_yyyy>\AccessRecon_<timestamp>.csv– main resultsErrorLog_<timestamp>.csv– structured errors (host, type, message)DiagnosticsLog_<timestamp>.csv– discovery/ping/scan/export stats
- Timestamped outputs under
- Executive summary
- One-click HTML report and PDF summarizing totals, reachability, findings, and errors.
- Safe by design
- Read-only enumeration
- Defensive error handling and detailed diagnostics
- Windows PowerShell 5.1
- ActiveDirectory PowerShell module (RSAT) on a domain-joined admin workstation/server
- Credentials that can enumerate AD and read SMB/NTFS metadata
# 1) Clone the repo
git clone https://github.com/Master-of-Bytes/AccessRecon.git
cd AccessRecon
# 2) Import the module
Import-Module .\AccessRecon.psd1
# 3) Start the scan with auto profile tune and no host retry
Invoke-AccessRecon
Start the scan with auto profile tune and host retry
Invoke-AccessRecon -RetryUnknownHosts
Start the scan with a set profile and no host retry
Invoke-AccessRecon -ScanProfile Aggressive
Start the scan with a set profile and hostretry
Invoke-AccessRecon -ScanProfile Aggressive -RetryUnknownHosts
Tip: Run from an elevated, domain-joined PowerShell session with network access to targets for the most complete results.
AccessRecon is licensed under the GNU General Public License v3.0 (see LICENSE).
If you distribute a modified version of AccessRecon, GPL-3.0 requires you to state prominently that you modified the work and the date of the modification. It is recommend to add a line like the following to each changed file: Modifications: 2025-10-22 by Your Name — short description like fixed X, added Y
To report an issue please use the following link: Report an issue