Recon-ng, a Python-based Web Reconnaissance Framework, is fully featured. Recon-ng offers a powerful environment for open-source web-based reconnaissance. It includes modules that can be used independently, database interaction, convenience functions, interactive help and command completion. Recon-ng is similar to the Metasploit framework, which makes it easier to leverage the framework. It is however quite different. Recon-ng is not meant to compete with existing frameworks. It is only for web-based open-source reconnaissance. Metasploit Framework is recommended if you are looking to exploit. The Social Engineer Toolkit is available for Social Engineers. Recon-ng is a tool that allows you to do reconnaissance.
To start Recon-ng under Kali Linux in the terminal type.
Command:
recon-ng
To increase work space
Command:
Workspaces can be added to pen_test
To add domains to which you wish to gather information, type
Command:
Add domains comptia.org
To verify that the domain has been successfully added, type
command:
Show domains
Check the available modules now
Command :
Show modules
A module is a task that recon-ng will perform based on the parameters you give it. The Recon category has the most modules.
Search the domain to find contact information.
Command
use recon/domains-contacts/whois_pocs
Show options (it will show source option)
Run (contacts and email addresses will be displayed).
For evidence of compromise, search the account
Command:
use recon/contacts-credentials/hibp_breach
This module search that has I been pawned? ?HIBP database to determine if an email account has been affected by major breaches in the last few years.
Set source email address (insert email address you found in the previous step to verify that I have not been compromised in the last few years).
Identify your organization’s social media presence
Command
use recon/profiles-profiles/profiler
Set source comptia (here domain name will be domain without the top-level domain suffix).
run
You can also use different modules to gather information about your organization.
DNS Records for identifying organization mail
Command:
recon/domains-hosts/mx_spf_ip
run
Search subdomains
Command :
recon/domains-hosts/brute_hosts
run
Finally, you can generate a report of your findings
Command :
Reporting /html
Show options
Set creator (your name).
Set customer (clients name)
set filename /root/desktop/recon_report.html
run
Double-click recon_report.html to open the report
The harvester tool, which we discussed in an earlier article, can be used to collect additional information such as email addresses and host information. Stay tuned …. for more information on cyber security.
Certified Ethical Hacker (CEH version 10)
CompTIA PenTest+