Information Gathering Using Recon-ng Tool

Recon-ng is a full-featured web reconnaissance framework written in Python. With independent modules, database interactions, built-in feature functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and well. Recon-ng has the same look and feel as the Metasploit Framework, reducing the learning curve to take advantage of the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is specifically designed for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want a Social Engineer, we are the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng.

 

To start Recon-ng in Kali Linux in the terminal type.

Command: recon-ng

To add workspace type

Command: workspaces add pen_test

To add domains about which you want to gather information type

Command: add domains comptia.org (here we are taking the example of CompTIA website)

To check whether the domain is added successfully type

Command: show domains

Now to check the modules available type

Command: show modules

A module is a specific task that recon-ng will execute based on the parameters you provide it. the Recon category has the most modules so far.

Command: search the domain for contact information.

Command: use recon/domains-contacts/whois_pocs

show options (it will show source option )

run (contacts & email addresses will be displayed)

Search account for evidence of compromise

Command: use recon/contacts-credentials/hibp_breach

This module search that has I been pawned ??HIBP database to see if a particular email account is known to have been affected by any major breaches in the last few years.

set source email address (enter the email address you found in the previous step to check whether I was compromised in last few years or not.)

Identify the organization’s social media presence

Command: use recon/profiles-profiles/profiler

set source comptia (here domain will be domain name without the top level domain suffix)

run

In the same way, you can use different modules to gather information about the organization like.

Identify organization mail based DNS Records

Command: recon/domains-hosts/mx_spf_ip

run

Search subdomains

Command : recon/domains-hosts/brute_hosts

run

At last to generate a report of your findings type

Command: use reporting /html

show options

set creator (your name)

set customer (clients name )

set filename /root/desktop/recon_report.html

run

Download os

1.Kali linux 

2.parrot os

15 thoughts on “Information Gathering Using Recon-ng Tool

  1. Hi! I could have sworn I’ve been to this site before but after going through a few of the posts I realized it’s new to me. Anyhow, I’m definitely delighted I found it and I’ll be bookmarking it and checking back regularly!

  2. Hi,

    I hope you are doing well.

    I want to contribute a guest post article to your website that may interest your readers.

    It would be of high quality and free of cost. You can choose the topic of the article from the topic ideas that I’ll send you in my next email once you approve this offer.

    Please note that I will need you to give me a backlink within the guest post article.

    Please let me know if I shall send over some amazing topic ideas?

    Regards,

    Lindsay Johnson

  3. It’s truly very difficult in this full of activity life to listen news on TV, thus I just use internet for that reason, and take the hottest information.|

  4. I just couldn’t depart your site before suggesting that I really enjoyed the usual information a person provide for your guests? Is going to be back often in order to check up on new posts|

  5. Superb blog you have here but I was wanting to know if you knew of any user discussion forums that cover the same topics talked about here? I’d really love to be a part of group where I can get advice from other knowledgeable people that share the same interest. If you have any recommendations, please let me know. Thanks!|

Comments are closed.