Information Gathering using Recon-ng

recon-ng feature

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience.

The interactive console provides a number of helpful features such as command completion and contextual help.

Recon-ng Installation

You can install the tool by simply typing : apt-get update && apt-get install recon-ng or clone it from github.

git clone https://github.com/lanmaster53/recon-ng.git
cd recon-ng
pip install -r REQUIREMENTS

Now start the tool by running the command ./recon-ng :

recon-ng kali linux tool

As you can see there are no modules installed in v5 by default. So we want to install required modules from the marketplace.

Using recon-ng

From the console it is easy to get help and get started with your recon.

recon-ng help menu

First we creates a workspace for enumeration by workspaces commands which helps us for a segmented enumeration process.

recon workspaces setup

show commands shows different database tables includes domains, hosts, vulnerabilities etc.

We can add the values to the table using db insert [table] [value]

recon database insert

Recon-ng Marketplace and Modules

Firstly, update the marketplace list with the command marketplace refresh.

The command marketplace search will list all modules available in the marketplace:

module marketplace

Here again the help comes in handy marketplace help shows commands for removing modules, how to find more info, search, refresh and install.

marketplace info [module] shows description of a module in the marketplace. So we can undrestand the usage of each module. marketplace install [module] will help us to install the module.

recon-ng module info and installation

So we installed a module named netcraft, which helps to find the subdomains of target.

Now we have to load the modules using modules load [module] command.

After module loaded info command shows the details, required parameters of netcraft module.

recon-ng netcraft module info

Most importantly, we have to set required parameters using options set command.

After setting options we will run the module using run command. The module collects data and stores in database tables –

recon-ng netcraft module results

As a result, netcraft module updated the host table with subdomains of kali.org

recon-ng host tables

Add API keys to Recon-ng

Some modules need API token to collect OSINT data, for instance shodan module. we can add the keys using keys add shodan_api <api key> 

add api key to tool kali linux

The keys added will be stored in .recon-ng configuration file. so if you want to migrate in to a different system or upgrade the tool, you can copy this file.


Recon-ng is a powerful tool that can be further explored by viewing through the list of modules. The help within the console is clear, and with a bit of playing around it won’t take long to become an expert.

Knowledge is power especially when it shared. If you have any suggestions put it in the comments…😊

Leave a Reply

Your email address will not be published.