Sign up to save your podcasts
Or
Share Recon-NG: An Open Source Reconnaissance Tool
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Recon-NG: An Open Source Reconnaissance Tool
The Osint tools arsenal is now filled with more pieces of code that help "get things done" better, faster and more effectively than ever before. And Recon-ng, with its modular design, brings you a familiar way to operate a command line while its similar syntax to the Metasploit framework allows you to mount different purpose modules and configure them independently.
This kind of tool really enhances your toolbox when realizing an attack surface analysis against a desired target. Additionally, it provides a development interface that enables you to create your own modules and expand the tools' capabilities even further.
Getting to know Recon-ng
This Osint tool has plenty of features that come "out of the box" for you to enable and use. These features differ as do their sources of information, from domain name discovery and credentials gathering to repository scrapping with additional integrations like Masscan. In this post, we'll take a look at installing Recon-ng, examine the different options available, and explore displaying scan results.
Also, its CLI usability deserves a special mention. Merely pressing the tab key twice will display the already-typed command, which is especially helpful when you're not too familiar with the tool and need extra information to see what you can do with it.
In the following sections, we'll delve into each of the different options available, to show you just how painless it is to use Recon-ng.
Recon-ng installation
Installing is a simple process. Simply clone all the repository files using git, and it's ready for execution:
We recommend that you check all requirements beforehand, using a PIP version that uses Python3:
Once all of this is done, you're ready to launch the application. There are three executables in this folder that allow you to run Recon-ng for different purposes:
recon-ng: This is the command-line interactive interpreter. With it you can run all commands within the internal command prompt:
You'll notice with the first run the "No modules enabled/installed" message. That's because there isn't one yet—we need to install the ones we intend to use before putting the software to work.
recon-cli: This is the correspondent command-line script. It allows you to execute modules and different features as a single line command.
recon-web: This process starts a web daemon so you can enter the dashboard to visualize all activities:
To access by default, you can enter the following address on your browser. The web interface looks like this:
While web visualization is very simple, it provides you with a quick overview of what is being done and the status of different processes in conjunction with the obtained information.
Recon-ng usage
This information gathering tool comes with many options that can be tricky to use. The modules don't come installed by default so you have to bring them in as needed. This will be done with the marketplace option:
A simple marketplace search will show all available modules, along with their different characteristics. Some of them require the use of API keys, others have dependencies to be satisfied, and others have both.
When you find the desired module, you can install it with the **marketplace install** command followed by the designated path to reach the module. In the case below we're installing the **migrate_contacts** module:
You can also search the marketplace for a particular type of category, such as a repository search using different techniques:
If you want to take a deeper look at what the module does, you can use the marketplace info module followed by the module name or path, in this case Github Dorks:
API configuration
As mentioned before, some modules will require an API key to the associated service they run on to work properly. You'll need to provide this key after its installation, as demonstrated in the message below:
You'll need to use the keys command to operate with the mentioned tokens....
View all episodes
By SecurityTrailsThe Osint tools arsenal is now filled with more pieces of code that help "get things done" better, faster and more effectively than ever before. And Recon-ng, with its modular design, brings you a familiar way to operate a command line while its similar syntax to the Metasploit framework allows you to mount different purpose modules and configure them independently.
This kind of tool really enhances your toolbox when realizing an attack surface analysis against a desired target. Additionally, it provides a development interface that enables you to create your own modules and expand the tools' capabilities even further.
Getting to know Recon-ng
This Osint tool has plenty of features that come "out of the box" for you to enable and use. These features differ as do their sources of information, from domain name discovery and credentials gathering to repository scrapping with additional integrations like Masscan. In this post, we'll take a look at installing Recon-ng, examine the different options available, and explore displaying scan results.
Also, its CLI usability deserves a special mention. Merely pressing the tab key twice will display the already-typed command, which is especially helpful when you're not too familiar with the tool and need extra information to see what you can do with it.
In the following sections, we'll delve into each of the different options available, to show you just how painless it is to use Recon-ng.
Recon-ng installation
Installing is a simple process. Simply clone all the repository files using git, and it's ready for execution:
We recommend that you check all requirements beforehand, using a PIP version that uses Python3:
Once all of this is done, you're ready to launch the application. There are three executables in this folder that allow you to run Recon-ng for different purposes:
recon-ng: This is the command-line interactive interpreter. With it you can run all commands within the internal command prompt:
You'll notice with the first run the "No modules enabled/installed" message. That's because there isn't one yet—we need to install the ones we intend to use before putting the software to work.
recon-cli: This is the correspondent command-line script. It allows you to execute modules and different features as a single line command.
recon-web: This process starts a web daemon so you can enter the dashboard to visualize all activities:
To access by default, you can enter the following address on your browser. The web interface looks like this:
While web visualization is very simple, it provides you with a quick overview of what is being done and the status of different processes in conjunction with the obtained information.
Recon-ng usage
This information gathering tool comes with many options that can be tricky to use. The modules don't come installed by default so you have to bring them in as needed. This will be done with the marketplace option:
A simple marketplace search will show all available modules, along with their different characteristics. Some of them require the use of API keys, others have dependencies to be satisfied, and others have both.
When you find the desired module, you can install it with the **marketplace install** command followed by the designated path to reach the module. In the case below we're installing the **migrate_contacts** module:
You can also search the marketplace for a particular type of category, such as a repository search using different techniques:
If you want to take a deeper look at what the module does, you can use the marketplace info module followed by the module name or path, in this case Github Dorks:
API configuration
As mentioned before, some modules will require an API key to the associated service they run on to work properly. You'll need to provide this key after its installation, as demonstrated in the message below:
You'll need to use the keys command to operate with the mentioned tokens....