Recon-ng

Recon-ng is a powerful and open-source web reconnaissance framework used for gathering information during penetration testing, security assessments, or red team operations. It is designed for performing automated information gathering and reconnaissance on domains, IP addresses, and other network infrastructure. The tool provides various modules for conducting reconnaissance tasks, which can be extended and customized based on specific needs.

Recon-ng Installation :

Official Github Repo: 
    git clone https://github.com/lanmaster53/recon-ng.git

In latest versions of kali linux it can be installed directly from the apt libraries but in other linux distributions the installation is as follows :

vm@ubuntu:~/$ git clone https://github.com/lanmaster53/recon-ng.git
vm@ubuntu:~/$ cd recon-ng
vm@ubuntu:~/recon-ng/$ pip install -r REQUIREMENTS

& in kali based machine it can be installed thorugh:

sudo apt update && sudo apt upgrade
sudo apt install recon-ng

---

Recon-ng Interface

Using Recon-ng

[recon-ng][default] > help

Commands (type [help|?] <topic>):
---------------------------------
back            Exits the current context
dashboard       Displays a summary of activity
db              Interfaces with the workspace's database
exit            Exits the framework
help            Displays this menu
index           Creates a module index (dev only)
keys            Manages third party resource credentials
marketplace     Interfaces with the module marketplace
modules         Interfaces with installed modules
options         Manages the current context options
pdb             Starts a Python Debugger session (dev only)
script          Records and executes command scripts
shell           Executes shell commands
show            Shows various framework items
snapshots       Manages workspace snapshots
spool           Spools output to a file
workspaces      Manages workspaces

Creating the workspace

workspaces create example_name 

To use the existing workspace

recon-ng -w example_name 

Recon-ng Modules :

- discovery
- exploitation
- import
- recon
- reporting

Marketplace of modules to be installed

[recon-ng][default] > marketplace help
Interfaces with the module marketplace
Usage: marketplace <info|install|refresh|remove|search> [...]

Marketplace search , info, search & installation of modules

[recon-ng][default] > marketplace search ssl
[*] Searching module index for 'ssl'...

  +----------------------------------------------------------------------------+
  |             Path            | Version |     Status    |  Updated   | D | K |
  +----------------------------------------------------------------------------+
  | recon/domains-hosts/ssl_san | 1.0     | not installed | 2019-06-24 |   |   |
  | recon/hosts-hosts/ssltools  | 1.0     | not installed | 2019-06-24 |   |   |
  | recon/ports-hosts/ssl_scan  | 1.1     | not installed | 2021-08-24 |   |   |
  +----------------------------------------------------------------------------+

  D = Has dependencies. See info for details.
  K = Requires keys. See info for details.

[recon-ng][default] > marketplace info recon/domains-hosts/ssl_san

  +---------------------------------------------------------------------------------------------------------------------------------------------+
  | path          | recon/domains-hosts/ssl_san                                                                                                 |
  | name          | SSL SAN Lookup                                                                                                              |
  | author        | Zach Grace (@ztgrace) zgrace@403labs.com and Bryan Onel (@BryanOnel86) onel@oneleet.com                                     |
  | version       | 1.0                                                                                                                         |
  | last_updated  | 2019-06-24                                                                                                                  |
  | description   | Uses the ssltools.com API to obtain the Subject Alternative Names for a domain. Updates the 'hosts' table with the results. |
  | required_keys | []                                                                                                                          |
  | dependencies  | []                                                                                                                          |
  | files         | []                                                                                                                          |
  | status        | not installed                                                                                                               |
  +---------------------------------------------------------------------------------------------------------------------------------------------+

[recon-ng][default] > marketplace install recon/ports-hosts/ssl_scan
[*] Module installed: recon/ports-hosts/ssl_scan
[*] Reloading modules...

## To install all modules : 
[recon-ng][default] > marketplace install all 

[recon-ng][default] > modules load recon/ports-hosts/ssl_scan

---

Installing API Keys

[recon-ng][default] keys add shodan_api ghoulsec@123 

Sacnning Targets

To insert target domains we will pass this command

[recon-ng][tesla] > db insert domains

Now we will load the module

[recon-ng][tesla] > modules load brute_hosts
[recon-ng][tesla] > run