Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience.
The interactive console provides a number of helpful features such as command completion and contextual help.
Recon-ng Installation
You can install the tool by simply typing : apt-get update && apt-get install recon-ng or clone it from github.
git clone https://github.com/lanmaster53/recon-ng.git cd recon-ng pip install -r REQUIREMENTS
Now start the tool by running the command ./recon-ng :
As you can see there are no modules installed in v5 by default. So we want to install required modules from the marketplace.
Using recon-ng
From the console it is easy to get help and get started with your recon.
First we creates a workspace for enumeration by workspaces commands which helps us for a segmented enumeration process.
show commands shows different database tables includes domains, hosts, vulnerabilities etc.
We can add the values to the table using db insert [table] [value]
Recon-ng Marketplace and Modules
Firstly, update the marketplace list with the command marketplace refresh.
The command marketplace search will list all modules available in the marketplace:
Here again the help comes in handy marketplace help shows commands for removing modules, how to find more info, search, refresh and install.
marketplace info [module] shows description of a module in the marketplace. So we can undrestand the usage of each module. marketplace install [module] will help us to install the module.
So we installed a module named netcraft, which helps to find the subdomains of target.
Now we have to load the modules using modules load [module] command.
After module loaded info command shows the details, required parameters of netcraft module.
Most importantly, we have to set required parameters using options set command.
After setting options we will run the module using run command. The module collects data and stores in database tables –
As a result, netcraft module updated the host table with subdomains of kali.org
Add API keys to Recon-ng
Some modules need API token to collect OSINT data, for instance shodan module. we can add the keys using keys add shodan_api <api key>
The keys added will be stored in .recon-ng configuration file. so if you want to migrate in to a different system or upgrade the tool, you can copy this file.
Conclusion
Recon-ng is a powerful tool that can be further explored by viewing through the list of modules. The help within the console is clear, and with a bit of playing around it won’t take long to become an expert.
Knowledge is power especially when it shared. If you have any suggestions put it in the comments…😊