Recon-ng

Web reconnaissance framework written in Python, with a look & feel similar to the Metasploit framework.

Tutorial

Major changes in command syntax happened between different versions.

Settings

View current settings

options list

Modify settings

options set PROXY <proxyserver>:<port>
options set USER-AGENT Mozilla/5.0

Install modules

List modules

marketplace info all

Search modules

marketplace search poc

Install a specific module

marketplace refresh
marketplace install recon/domains-contacts/whois_pocs

Install all modules

marketplace install all

Add API keys

keys list

keys add shodan_api <api key>
keys add binaryedge_api <api key>
keys add bing_api <api key>
keys add builtwith_api <api key>
keys add censysio_id <api key>
keys add censysio_secret <api key>
keys add flickr_api <api key>
keys add fullcontact_api <api key>
keys add github_api <api key>
keys add google_api <api key>
keys add hashes_api <api key>
keys add hibp_api <api key>
keys add hunter_io <api key>
keys add ipinfodb_api <api key>
keys add ipstack_api <api key>
keys add namechk_api <api key>
keys add pwnedlist_api <api key>
keys add pwnedlist_secret <api key>
keys add shodan_api <api key>
keys add twitter_api <api key>
keys add twitter_secret <api key>
keys add virustotal_api <api key>
keys add whoxy_api <api key>

Workspaces

Use workspaces to separate results from investigations.

List workspaces

workspaces list

Use an existing workspace

workspaces load megacorpone

Create a workspace

workspaces create megacorpone

Add domains

db insert domains
<megacorpone.com>

Modules

List installed modules

modules search

Execute modules

Discover contacts – module whois_pocs

recon-ng
modules load recon/domains-contacts/whois_pocs
info
options set SOURCE megacorpone.com
run
show contacts

Discover hosts – module hackertarget

Uses the HackerTarget.com API to find host names. Updates the ‘hosts’ table with the results.

modules load recon/domains-hosts/hackertarget
info
options set SOURCE megacorpone.com
run
show hosts

Discover hosts – module google_site_web

keys add google_api <api key>
modules load recon/domains-hosts/google_site_web
info
options set SOURCE megacorpone.com
run
show hosts

Reporting

modules load reporting/html
info
options set CREATOR Lisandre
options set CUSTOMER Megacorpone
options set FILENAME /root/recon-ng-megacorpone.html
options set SANITIZE True
run