What Is Recon-ng?
Recon-ng is a Web Reconnaissance Framework which is written in Python. It provides a very powerful environment for users. It has so many modules by which we can gather so many information like sub-domains, IP, Geolocation, Images, Vulnerabilities and much more.
Recon-ng Tool is made by Tim Tomes at The Black Hills. It is pre-installed in Kali Linux. So, you can open it manually by typing recon-ng in your terminal. You can also open this tool from Information Gathering Module which is present on Application Tab.
It shows here that it has
- 77 Recon Modules
- 8 Reporting Modules
- 2 Import Modules
- 2 Exploitation Modules
- 2 Discovery Modules
You wanted to see these modules? So, type show modules. It will show you all the modules list.
Before using this tool we have to set a workspace on which you save your retrieve data. So, type workspaces add ‘workspace name’.
You can see where my workspace is changed from default to hacking. If you wanted to see your list of workspaces then type workspaces list
If you wanted to use another workspace then type workspaces select ‘workspace name‘. Now after typing this command your, all work will save to this workspace only. You can also create different workspaces for different targets.
After setting workspace I’m going to add Website from which I have to retrieve data. Type add domains hackingblogs.com Now, I put the name of the website on which I wanted to perform the scan.
This tool contains so many modules so here we have to select a module through which we are going to scan. Every Module performs a different scan. I will use Netcraft here.
To search Netcraft Module type search Netcraft. It shows that only one module is present of Netcraft. I will use this module by typing use ‘module name’
Now, all the configuration are completed. Type run to execute this module.
When I type run it starts finding all the sub-domains of that particular domain. If you type show hosts. It will show you all the sub-domains in a table form.
Now, I try to find IP of each Sub-Domain for this type search resolve to find the module which will resolve the IP. I will use the First module. To load this module type use recon/hosts-hosts/resolve.
Now, type run to execute this module. To see all these domain and IP in a clear table type show hosts.
Now we will find the exact Location of that IP address. So, type search freegeoip. Simply use this module by typing use recon/hosts-hosts/freegeoip and then type run to execute this module.
Type show hosts to see the all the data which we found.
You can also find any vulnerability is present on this site or not. Type search xssposed to search this vulnerability finder module. Use first module and type run to execute this module.
We find Sub-Domains, IP address, Location, Vulnerability. Now, we have to create a report of this. We use HTML to create a report. Type use reporting/html. With the help of this module, we can create a report of everything which we found above.
Now, it will ask us to complete some details about the project. So that it makes a genuine report. Type show options this command will show you every information which this module needs.
As you can see there we have to give creator name, customer name, and filename with location. Type
- set creator hackingblogs.com
- set customer kali.org
- set filename /root/Desktop/results.html
This module creates a file at your desktop with a results.html name. Just open it in your browser and see the details are correct or not.
I think this is the best tool for beginners. This is a multi-task performer tool. To find so many details about the target system. In future, I will also upload some advanced tutorials on it as well.