Although Kali contains multiple tools to facilitate reconnaissance, many of the tools contain features that overlap, and importing data from one tool into another is usually a complex manual process. Most testers select a subset of tools and invoke them with a script.

Comprehensive tools focused on reconnaissance were originally command-line tools with a defined set of functions; one of the most commonly used was Deep Magic Information Gathering Tool (DMitry). DMitry could perform whois lookups, retrieve netcraft.com information, search for sub-domains and email addresses, and perform TCP scans. Unfortunately, it wasn't extensible beyond these functions.

The following screenshot provides details on running DMitry on www.cyberhia.com:

dmitry -winsepo out.txt www.cyberhia.com

Recent advances have created comprehensive framework applications that combine passive and active reconnaissance; in the following section, we will be looking more at recon-ng.