Recon-ng is an advanced Web Reconnaissance tool written in Python.It is an effective tool in which open source web-based reconnaissance can be led rapidly and all together.
Recon-ng is a total system and makes it simple for even the most up to the date of Python designers to contribute. Every module is a subclass of the “module” class.
The “module” class is an altered “cmd” mediator furnished with inherent usefulness that gives basic interfaces to basic errands, for example, institutionalizing yield, associating with the database, making the web asks for, and overseeing API keys.Recon-ng has a look and feels similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance.
Reconnaissance with recon-ng
Step 1: To launch type recon-ng in Terminal[email protected]:~# recon-ng
To list all the commands type [recon-ng][default] > help
Step2: To get the subdomains of a domain we need to add the domain to workspace first.
recon-ng][default] > workspaces
Usage: workspaces [list|add|select|delete][recon-ng][default] > workspaces add vulnweb.com
Step3: Netcraft need to be added to pull the subdomains of a domain.
[recon-ng][vulnweb.com] > use netcraft
[recon-ng][vulnweb.com][netcraft] > set source vulnweb.com
Step4: Now you should type “Run” to get the list of subdomains associated with the domain.[recon-ng][vulnweb.com][netcraft] > run
Step5: To get a clear list view type “show hosts”[recon-ng][vulnweb.com][netcraft] > show hosts
Step6: Next you need to find the IP address associated with that by using “resolve“.[recon-ng][vulnweb.com][netcraft] > use resolve
Step7: It shows list of options and we need to select “recon/hosts-hosts/resolve”recon-ng][vulnweb.com][netcraft] > use recon/hosts-hosts/resolve
Step8: To find the country, longitude and location you should use “freegeoip”
Step9: To extract the findings as a report use “use report”[recon-ng][vulnweb.com][freegeoip] > use report
Therefore, all the hard work has been done. It is simple and takes little more than a few minutes.
- Author: Tim Tomes
- License: GPLv3
- Masscan-Worlds fastest scanner
- FIREWALK – Active Reconnaissance Network Security Tool
- HPING3 – Network Scanner -Packer Generator
- Lynis – Open source security auditing tool – A Detailed Explanation