Recon-ng
Another important tool/framework for reconnaissance is Recon-ng. Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.
When invoking recon-ng you are presented with an welcome screen, where you can do a set of commands. First, lets look at the help of the tool, by entering the command "help".
[*] Version check disabled.
_/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
/\
/ \\ /\
Sponsored by... /\ /\/ \\V \/\
/ \\/ // \\\\\ \\ \/\
// // BLACK HILLS \/ \\
www.blackhillsinfosec.com
____ ____ ____ ____ _____ _ ____ ____ ____
|____] | ___/ |____| | | | |____ |____ |
| | \_ | | |____ | | ____| |____ |____
www.practisec.com
[recon-ng v5.1.2, Tim Tomes (@lanmaster53)]
[1] Recon modules
[recon-ng][default] > help
Commands (type [help|?] <topic>):
---------------------------------
back Exits the current context
dashboard Displays a summary of activity
db Interfaces with the workspace's database
exit Exits the framework
help Displays this menu
index Creates a module index (dev only)
keys Manages third party resource credentials
marketplace Interfaces with the module marketplace
modules Interfaces with installed modules
options Manages the current context options
pdb Starts a Python Debugger session (dev only)
script Records and executes command scripts
shell Executes shell commands
show Shows various framework items
snapshots Manages workspace snapshots
spool Spools output to a file
workspaces Manages workspaces
[recon-ng][default] > We can create a new workspace for a reconnaissance project.
Next, we can add domains to test in our project workspace.
And enter the domain name.
We can list the domains in the database.
show domains
And we got.
Now, we need to select the modules from recon-ng. There are plenty of available modules. The list is here.
Using the marketplace command, it is possible to check available modules.
This produces a list.
We can search for a specific module to use in recon-ng.
And we can see is the module exists and the information about it.
If the module exists, we may install it.
After the module is installed, we can load it.
If we need to know which modules are installed, we can use:
And we get the list of modules.
After selecting anf loading a module, we can run it. We can discover which are the options of the module.
And we receive all the information of the module.
From the information, we see that we need to set a "SOURCE" for the module. So lets do that.
So, lets run the module and check the results.
And lets look at the results.
Gathering information for a person
You can also look for personal information that might be present on a web-site of an organization. There are specific recon-ng modules to do that.
So, first of all lets create a new workspace.
Let us select and install the appropriate module.
And load the module.
modules load recon/domains-contacts/whois_pocs
Check the options to run the module.
The module options are:
It is necessary to set the "SOURCE".
And run the module.
Explore the multiple options and modules of recon-ng.
Last updated