Information Gathering Using Recon-ng Tool

Recon-ng is a full-featured web reconnaissance framework written in Python. With independent modules, database interactions, built-in feature functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and well. Recon-ng has the same look and feel as the Metasploit Framework, reducing the learning curve to take advantage of the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is specifically designed for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want a Social Engineer, we are the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng.


To start Recon-ng in Kali Linux in the terminal type.

Command: recon-ng

To add workspace type

Command: workspaces add pen_test

To add domains about which you want to gather information type

Command: add domains (here we are taking the example of CompTIA website)

To check whether the domain is added successfully type

Command: show domains

Now to check the modules available type

Command: show modules

A module is a specific task that recon-ng will execute based on the parameters you provide it. the Recon category has the most modules so far.

Command: search the domain for contact information.

Command: use recon/domains-contacts/whois_pocs

show options (it will show source option )

run (contacts & email addresses will be displayed)

Search account for evidence of compromise

Command: use recon/contacts-credentials/hibp_breach

This module search that has I been pawned ??HIBP database to see if a particular email account is known to have been affected by any major breaches in the last few years.

set source email address (enter the email address you found in the previous step to check whether I was compromised in last few years or not.)

Identify the organization’s social media presence

Command: use recon/profiles-profiles/profiler

set source comptia (here domain will be domain name without the top level domain suffix)


In the same way, you can use different modules to gather information about the organization like.

Identify organization mail based DNS Records

Command: recon/domains-hosts/mx_spf_ip


Search subdomains

Command : recon/domains-hosts/brute_hosts


At last to generate a report of your findings type

Command: use reporting /html

show options

set creator (your name)

set customer (clients name )

set filename /root/desktop/recon_report.html


Download os

1.Kali linux 

2.parrot os

Have any Question or Comment?

5 comments on “Information Gathering Using Recon-ng Tool

Like!! Really appreciate you sharing this blog post.Really thank you! Keep writing.


Like!! I blog frequently and I really thank you for your content. The article has truly peaked my interest.


I like the valuable information you provide in your articles.


I like the valuable information you provide in your articles.


I really like it when folks come together and share ideas. Great site, stick with it!


Leave a Reply

Your email address will not be published. Required fields are marked *

Contact me

If you need any kind of hacking tools and software, then contact me.


Jdsingh group