Recon-ng is an open-source reconnaissance framework written in Python, designed to assist ethical hackers, security professionals, and penetration testers in collecting and analyzing information about targets. It offers a wide array of modules and tools for gathering data from various sources and organizing it for effective use.
Key Tools in Recon-ng
Modules:
Recon-ng's strength lies in its extensive collection of modules. These modules focus on different aspects of information gathering, from DNS data to social media reconnaissance. Here are a few notable ones:
recon/domains-hosts: This module helps in discovering hosts related to a domain, including IP addresses and subdomains.
recon/hosts-hosts/resolve: It resolves hostnames to their corresponding IP addresses.
recon/companies-contacts/pgp_search: This module searches for PGP keys associated with a specific company, which can be valuable for email encryption and communication security.
recon/contacts-credentials/hibp: It checks email addresses against the "Have I Been Pwned" database to identify compromised accounts.
Reporting Module:
Recon-ng provides a reporting module that allows users to generate comprehensive reports based on the data collected. Reports can be exported in various formats, making it easy to share findings with clients or team members.
Database Management:
Recon-ng maintains an internal database where collected data is stored. This allows users to organize, search, and retrieve information easily. You can view hosts, services, contacts, and other relevant data within the tool.
Resource Configuration:
Recon-ng offers options to configure external resources such as API keys for services like Shodan and VirusTotal. This enhances the tool's functionality and the depth of information it can gather.
Customization:
Recon-ng is highly customizable, allowing users to tailor modules and settings to their specific needs. Whether you want to adjust module options or fine-tune your scans, Recon-ng can be adapted to your requirements.
Data Handling:
Users can navigate collected data with ease, using commands like show hosts, show contacts, and show creds to view the results of their reconnaissance efforts.
show hosts: This command displays information about hosts, including IP addresses, domain names, and subdomains. To use it, simply type show hosts in the Recon-ng console. [recon-ng][default] > show hosts
show contacts: Use this command to view contact details, such as email addresses, social media profiles, and other relevant contact information. Enter show contacts in the console to see the list of contacts. [recon-ng][default] > show contacts
show creds: The show creds command lists any credentials that have been collected during reconnaissance, such as usernames and passwords. Type show creds to view the collected credentials. [recon-ng][default] > show creds
show options: When you're configuring a module, the show options command helps you view the current settings and options for that module. It's used to check the configuration of a module before running it. [recon-ng][default] > use recon/hosts-hosts/resolve [recon-ng][default][resolve] > show options
show modules: This command lists all the available modules in Recon-ng. It's a way to see the complete list of modules that can be loaded and used. [recon-ng][default] > show modules
Commentaires