Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience.
The interactive console provides a number of helpful features such as command completion and contextual help.
You can install the tool by simply typing : apt-get update && apt-get install recon-ng or clone it from github.
git clone https://github.com/lanmaster53/recon-ng.git cd recon-ng pip install -r REQUIREMENTS
Now start the tool by running the command
As you can see there are no modules installed in v5 by default. So we want to install required modules from the marketplace.
From the console it is easy to get
help and get started with your recon.
First we creates a workspace for enumeration by
workspaces commands which helps us for a segmented enumeration process.
show commands shows different database tables includes domains, hosts, vulnerabilities etc.
We can add the values to the table using
db insert [table] [value]
Recon-ng Marketplace and Modules
Firstly, update the marketplace list with the command
marketplace search will list all modules available in the marketplace:
Here again the help comes in handy
marketplace help shows commands for removing modules, how to find more info, search, refresh and install.
marketplace info [module] shows description of a module in the marketplace. So we can undrestand the usage of each module.
marketplace install [module] will help us to install the module.
So we installed a module named netcraft, which helps to find the subdomains of target.
Now we have to load the modules using
modules load [module] command.
After module loaded
info command shows the details, required parameters of netcraft module.
Most importantly, we have to set required parameters using
options set command.
After setting options we will run the module using
run command. The module collects data and stores in database tables –
As a result, netcraft module updated the host table with subdomains of kali.org
Add API keys to Recon-ng
Some modules need API token to collect OSINT data, for instance shodan module. we can add the keys using
keys add shodan_api <api key>
The keys added will be stored in .recon-ng configuration file. so if you want to migrate in to a different system or upgrade the tool, you can copy this file.
Recon-ng is a powerful tool that can be further explored by viewing through the list of modules. The
help within the console is clear, and with a bit of playing around it won’t take long to become an expert.
Knowledge is power especially when it shared. If you have any suggestions put it in the comments…😊