Recon ng kali linux

Recon-NG Tutorial

What is Recon-ng?

Recon-ng is a reconnaissance tool with an interface similar to Metasploit. Running recon-ng from the command line, you enter a shell like environment where you can configure options, perform recon and output results to different report types.

This article has been updated October 2019 to reflect the changes in version 5.

Recon-ng Installation

Often used with the Kali Linux penetration testing distribution, installing within Kali is a simple matter of apt-get update && apt-get install recon-ng . Update Kali to ensure latest dependencies installed.

For those seeking the latest code on Ubuntu, the process is nearly as simple. Make sure you have git and pip installed.

Next to run recon-ng;

The Recon-NG console is now loaded.

Using recon-ng

From the console it is easy to get help and get started with your recon.

On your first load of recon-ng note the message below. You begin with an empty framework.

As shown in the help menu the Marketplace: Interfaces with the module marketplace to pick and choose modules you want.

How to:

Firstly lets use the hackertarget module to gather some subdomains. This uses the hackertarget.com API and hostname search.

Install module

Syntax to install is marketplace install hackertarget as seen below.

Load module

Set source

Now set the source . Currently set at default (see below)

Syntax options set SOURCE tesla.com

I am using tesla.com as an example domain because they have a published bug bounty program and Tesla’s are cool.

Use command — info — which shows «Current Value» has changed to tesla.com

If we use input we can see

Run the module

Type run to execute the module.

Show hosts

Now we have begun to populate our hosts. Typing show hosts will give you a summary of the resources discovered.

Add API keys to Recon-ng

It is a simple matter to add API keys to recon-ng. Shodan with a PRO account is a highly recommended option. Allowing you to query open ports on your discovered hosts without sending any packets to the target systems.

.recon-ng configuration files

When you install recon-ng on your machine, it creates a folder in your home directory called .recon-ng. Contained in this folder is keys.db . If you are upgrading from one version to another or changed computers, and have previous modules that require keys to work, copy this file from the old version on your system and move it on the new one. You do not have to start all over again.

Recon-ng Marketplace and Modules

Typing marketplace search will display a list of all the modules. From which you can start following the white rabbit exploring and getting deeper into recon and open source intelligence.

Here again the help comes in handy marketplace help shows commands for removing modules, how to find more info, search, refresh and install.

The help command from within a loaded module has different options to the global ‘help’.
When you are ready to explore more modules use ‘back’.

This help menu brings additional commands such as:

• goptions: Manages the global context options
• reload: Reloads the loaded module
• run: Runs the loaded module
• script: Records and executes command scripts

Conclusion

Recon-ng is a powerful tool that can be further explored by viewing through the list of modules. The help within the console is clear, and with a bit of playing around it won’t take long to become an expert.

Once you start to become more familiar with the layout of the tool, you will discover options such as workspaces that allow you to segment based on organization or network.

The rise of bug bounties allows you to play with new tools and explore Organizations’ Internet facing footprint. Have fun. Don’t break the rules.

Источник

Recon-ng Information gathering tool in Kali Linux

Recon-ng is free and open source tool available on GitHub. Recon-ng is based upon Open Source Intelligence (OSINT), the easiest and useful tool for reconnaissance. Recon-ng interface is very similar to Metasploit 1 and Metasploit 2.Recon-ng provides a command-line interface that you can run on Kali Linux. This tool can be used to get information about our target(domain). The interactive console provides a number of helpful features, such as command completion and contextual help. Recon-ng is a Web Reconnaissance tool written in Python. It has so many modules, database interaction, built-in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted, and we can gather all information.

First look of Recon-ng framework

Features of Recon-ng :

• Recon-ng is free and open source tool this means you can download and use it at free of cost.
• Recon-ng is a complete package of information gathering modules. It has so many modules that you can use for information gathering.
• Recon-ng works and acts as a web application/website scanner.
• Recon-ng is one of the easiest and useful tool for performing reconnaissance.
• Recon-ng interface is very similar to metasploitable 1 and metasploitable 2 that makes is easy to use.
• Recon-ng’s interactive console provides a number of helpful features.
• Recon-ng is used for information gathering and vulnerability assessment of web applications.
• Recon-ng uses shodan search engine to scan iot devices.
• Recon-ng can easily find loopholes in the code of web applications and websites.
• Recon-ng has following modules Geoip lookup, Banner grabbing, DNS lookup, port scanning, These modules makes this tool so powerful.
• Recon-ng can target a single domain and can found all the subdomains of that domain which makes work easy for pentesters.

Uses of Recon-ng :

• Recon-ng is a complete package of Information gathering tools.
• Recon-ng can be used to find IP Addresses of target.
• Recon-ng can be used to look for error based SQL injections.
• Recon-ng can be used to find sensitive files such as robots.txt.
• Recon-ng can be used to find information about Geo-IP lookup, Banner grabbing, DNS lookup, port scanning, sub-domain information, reverse IP using WHOIS lookup .
• Recon-ng can be used to detects Content Management Systems (CMS) in use of a target web application,
• InfoSploit can be used for WHOIS data collection, Geo-IP lookup, Banner grabbing, DNS lookup, port scanning, sub-domain information, reverse IP, and MX records lookup
• Recon-ng is a complete package (TOOL) for information gathering. This tool is free and Open Source.
• Recon-ng subdomain finder modules is used to find subdomains of a singer domain.
• Recon-ng can be used to find robots.txt file of a website.
• Recon-ng port scanner modules find closes and open ports which can be used to maintain access to the server.
• Recon-ng has various modules that can be used to get the information about target.

Recon-ng Installation:

Step 1: Open Terminal of your Kali Linux

Step 2: On Terminal now type command.

Congratulations recon-ng has been installed on your Kali Linux .now you just have to run recon-ng.

Step 3: Type command.

Now Recon-ng has been downloaded and running successfully.

Step 4: To launch recon-ng on your kali Linux type the following the command and press enter.

Step 5: Now to do Reconnaissance first you have to create a workspace for that. Basically, workspaces are like separate spaces in which you can perform reconnaissance of different targets. To know about workspaces just type the following command.

Step 6. You have created workspace for you now you have to go to marketplace to install modules to initiate your Reconnaissance here we have created a workspace called GeeksForGeeks. Now we will Reconnaissance within GeeksForGeeks workspace. Now go to marketplace and install modules.

Step 7: As you can now see a list of modules and so many of them are not installed so to install those modules type following command.

Step 8: As you can see we have installed the module names recon/companies-domains/viewdns_reverse_whois. Now we will load this module in our workspace GeeksForGeeks.

Step 9: As you can see now we are under those modules i.e viewdns_reverse_whois. Now to use this module we have to set the source.

Источник

Recon-ng — инструмент интеллектуальной системы отслеживания

Recon-ng – это система сбора информации, которая работает с помощью открытых источников данных. Recon-ng загружает модули разных типов, такие как модули отслеживания, эксплуатации, отчета и импорта. Тип информации, которая может быть собрана с этими модулями, включает:

• контакты;
• учетные данные; профили социальных сетей;
• IP адрес;
• обратный IP-адрес;
• информация WHOIS;
• информация о портах.

Recon-ng также может искать определенные уязвимости в целевом веб-приложении, такие как:

• межсайтовый скриптинг;
• PunkSPIDER;
• GHDB (Google Hacking Database).

Установка Recon-ng на Kali Linux или другую ОС

Мы рекомендуем использовать инструмент Recon-ng на операционной системе Kali Linux или Parrot OS. Также вы можете почитать, как установить Kali Linux на операционную систему Windows 10, чтобы не устанавливать вторую ОС.

Установку можно выполнить путем клонирования инструмента с официального репозитория GitHub:

git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git

На следующем шаге необходимо перейти в директорию, где установлен Recon-ng для того, чтобы установить все зависимости:

cd recon-ng
pip install -r REQUIREMENTS

Пример работы инструмента Recon-ng

Запуск осуществляется с помощью следующей команды в терминале:

Для вызова меню помощи необходимо набрать следующую команду:

Для того, чтобы увидеть список всех возможных модулей, которые использует фреймворк, необходимо выполнить следующую команду:

В следствии, для использования любого модуля выполняем следующую команду в терминале:

use — где директория модуля или его название.

Для того, чтобы установить целевой домен для проведения сканирования, необходимо выполнить простую команду:

set source — где является целевым доменом.
run

Например, если мы хотим запустить тестовый модуль уязвимостей XSSED, мы можем сделать это следующим образом.

use recon/domains-vulnerabilities/xssed
set source http://phptest.vulnweb.com
run

Инструмент запускает определенный модуль и отображает результаты на экране, как показано ниже.

Мы можем попробовать другие модули, используя тот же подход. Существуют определенные модули, такие как: Shodan, Facebook, twitter, Instagram и так далее, для которых требуются ключи API для получения результатов. Ключ API можно добавить, используя следующую команду.

Например, у нас есть ключ API от Shodan «SH1254AKD». Мы можем добавить этот ключ API следующим образом.

keys add shodan_api SH1254AKD

Чтобы просмотреть сконфигурированные ключи в Recon-ng, используйте следующую команду.

Выводы об инструменте Recon-ng

Recon-ng – это модульная структура, которая может собирать подробную информацию о целевых веб-приложениях и отдельных лицах, это отличный инструмент для OSINT(разведка на основе открытых источников).

Подписывайтесь на обновления сайта, а также на наш Telegram.

Источник

Recon-ng v5 Tutorial

In this recon-ng v5 tutorial you will discover open source intelligence and easily pivot to new results. Find targets and move to discovering vulnerabilities.

What is recon-ng?

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience.

Running recon-ng from the command line you enter a shell like environment where you can configure options, perform recon and output results to different report types.

The interactive console provides a number of helpful features such as command completion and contextual help.

Recon-ng 5 comes without modules, which is also one of the major differences. Also the parameters, commands, etc. have changed a bit to the previous versions.

recon-ng usage example based on Kali Linux

The command options list displays the current settings and with options set the parameters (e.g. NameServer, Proxy, User-Agent) can be changed.

Since version 5 no modules are available by default , we add them using the command marketplace.
But first, the module list should be updated with the command marketplace refresh.

With the command marketplace info all all modules including description can be displayed.
You can search for example “hackertarget” with the command marketplace search hackertarget.

To install the module “hackertarget” the command marketplace install recon/domains-hosts/hackertarget or marketplace install hackertarget can be used.

To use a module the syntax is modules load recon/domains-hosts/hackertarget and the command info to display the options as seen below.

To change the “SOURCE” option use the command options set SOURCE for example options set SOURCE rapid7.com to display the hosts of rapid7.com.
Type run to execute the module.

Now we have begun to populate our hosts. Typing show hosts will give you a summary of the resources discovered.

Add API keys to recon-ng

It is a simple matter to add API keys to recon-ng. Shodan with a Membership account is a highly recommended option.
Allowing you to query open ports on your discovered hosts without sending any packets to the target systems.

In this example, the Rapid7 Project Sonar internet-wide scanner IP addresses is displayed, for example to block them on the firewall to make passive reconnaissance harder. Of course, there are other scanners, for example Shodan, Censys, University of Michigan, Shadow Server, Cybergreen, Errata, etc. A list can be found at the following URL Scan.io.

Conclusion

Recon-ng is a powerful tool that can be further explored by looking through the list of modules. The help within the console is very clear and with a bit of playing around it won’t take long to become an expert.

Once you start to become more familiar with the layout of the tool you will discover options such as workspaces that allow you to segment based on organization or network.

The rise of bug bounties allows you to play with new tools and explore organizations internet-facing footprint. Have fun and don’t break the rules.

Disclaimer

Use this only for research purposes and ethical hacking, do not break any laws by exploiting weaknesses of companies!

Источник