What Is Recon-ng? How To Use Recon-ng Best Guide

Information Gathering

What Is Recon-ng?




Recon-ng is a Web Reconnaissance Framework which is written in Python. It provides a very powerful environment for users. It has so many modules by which we can gather so many information like sub-domains, IP, Geolocation, Images, Vulnerabilities and much more.

Recon-ng Tool is made by Tim Tomes at The Black HillsIt is pre-installed in Kali Linux. So, you can open it manually by typing recon-ng in your terminal. You can also open this tool from Information Gathering Module which is present on Application Tab.

recon-ng

It shows here that it has

  • 77 Recon Modules
  • 8  Reporting Modules
  • 2  Import Modules
  • 2  Exploitation Modules
  • 2  Discovery Modules




You wanted to see these modules? So, type show modules. It will show you all the modules list.

modules of Recon-ng

Before using this tool we have to set a workspace on which you save your retrieve data. So, type workspaces add ‘workspace name’. 

add workspaces

You can see where my workspace is changed from default to hacking. If you wanted to see your list of workspaces then type workspaces list

workspaces list

If you wanted to use another workspace then type workspaces select ‘workspace name‘. Now after typing this command your, all work will save to this workspace only. You can also create different workspaces for different targets.

workspaces select

After setting workspace I’m going to add Website from which I have to retrieve data. Type add domains hackingblogs.com Now, I put the name of the website on which I wanted to perform the scan.

add domains

This tool contains so many modules so here we have to select a module through which we are going to scan. Every Module performs a different scan. I will use Netcraft here.

ALSO READ:-  Website Vulnerability Scanner Kali Linux (Red Hawk)

To search Netcraft Module type search NetcraftIt shows that only one module is present of Netcraft. I will use this module by typing use ‘module name’ 

using netcraft

Now, all the configuration are completed. Type run to execute this module.

When I type run it starts finding all the sub-domains of that particular domain. If you type show hosts. It will show you all the sub-domains in a table form.

sub-domains

Now, I try to find IP of each Sub-Domain for this type search resolve to find the module which will resolve the IP. I will use the First module. To load this module type use recon/hosts-hosts/resolve.




using ip module

Now, type run to execute this module. To see all these domain and IP in a clear table type show hosts.

ip with sub-domain

Now we will find the exact Location of that IP address. So, type search freegeoip. Simply use this module by typing use recon/hosts-hosts/freegeoip and then type run to execute this module.

geo location

Type show hosts to see the all the data which we found.

exact location

You can also find any vulnerability is present on this site or not. Type search xssposed to search this vulnerability finder module. Use first module and type run to execute this module.

vulnerability

We find Sub-Domains, IP address, Location, Vulnerability. Now, we have to create a report of this. We use HTML to create a report. Type use reporting/html. With the help of this module, we can create a report of everything which we found above.

Now, it will ask us to complete some details about the project. So that it makes a genuine report. Type show options this command will show you every information which this module needs.

ALSO READ:-  Play Within Your Local Area Network With XEROSPLOIT




make report

As you can see there we have to give creator name, customer name, and filename with location. Type

  • set creator hackingblogs.com 
  • set customer kali.org
  • set filename /root/Desktop/results.html
  • run

report generating

This module creates a file at your desktop with a results.html name. Just open it in your browser and see the details are correct or not.

I think this is the best tool for beginners. This is a multi-task performer tool. To find so many details about the target system. In future, I will also upload some advanced tutorials on it as well.




 

1
Leave a Reply

avatar
1 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
1 Comment authors
Make Money from Home Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Make Money from Home
Guest

Thanks for sharing.