The recon-ng framework

The recon-ng framework is an open source framework for conducting reconnaissance (passive and active). The framework is similar to Metasploit and Social Engineer Toolkit (SET); recon-ng uses a very modular framework. Each module is a customized command interpreter, preconfigured to perform a specific task.

The recon-ng framework and its modules are written in Python, allowing penetration testers to easily build or alter modules to facilitate testing.

The recon-ng tool also leverages third-party APIs to conduct some assessments; this additional flexibility means that some activities undertaken by recon-ng may be tracked by those parties. Users can specify a custom useragent string or proxy requests to minimize alerting the target network.

recon-ng is installed by default in the newer versions of Kali. All data collected by recon-ng is placed in a database, allowing you to create various reports against the stored data. The user can select one of the report modules to automatically create either a CVS report or an HTML report.

To start the application, enter recon-ng at the prompt, as shown in the following screenshot. The start screen will indicate the number of modules present, and the help command will show the commands available for navigation, as shown in the following screenshot:

To show the available modules, type show at the recon-ng> prompt. To load a specific module, type load followed by the name of the module. Hitting the Tab key while typing will autocomplete the command. If the module has a unique name, you can type in the unique part of the name, and the module will be loaded without entering the full path.

Entering info, as shown in the screenshot that follows, will provide you with information on how the module works and where to obtain API keys if required.

Once the module is loaded, use the set command to set the options, and then enter run to execute, as shown in the following screenshot:

In general, testers rely on recon-ng to do the following:

  • Harvest contacts using whois, Jigsaw, LinkedIn, and Twitter (use the mangle module to extract and present email data)
  • Identify hosts
  • Identify geographical locations of hosts and individuals using hostop, ipinfodb, maxmind, uniapple, and wigle
  • Identify host information using netcraft and related modules
  • Identify account and password information that has previously been compromised and leaked onto the internet (the pwnedlist modules, wascompanyhacked, xssed, and punkspider)
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.136.170