Recon-NG (Part 1)
Hackers Academy last edited by admin
Hello! Today I’ll talk about a great framework like Recon-NG.
Recon-NG is a full-featured web intelligence framework written in Python. Included are independent modules, interaction with the database, convenient built-in functions, interactive help and completion of commands. Recon-ng provides a powerful environment in which exploration based on open web sources can be carried out quickly and thoroughly. Information Gathering is needed for OSINT (Open Source INTellegence).
Completely modular framework, which makes writing new modules easy even for novice Python developers.
Each module is a subclass of the "module" class. The module class is a customized cmd interpreter with built-in functionality that provides simple interfaces for popular tasks such as standardized output, interacting with a database, creating web requests and managing API keys. Thus, all the hard work has already been done. Creating modules is easy and takes a little more than a few minutes.
Carries out an automated search for usernames, profiles, devices, etc.
- Open source.
- Сli interface (Metasploit).
- Uses modules.
- It is written in Python.
- Recon-ng is already embedded in Kali linux, Parrot OS, * Cyborg Hawk (All OSs where IB tools are installed)
Install specific packages
sudo apt install libxm12-dev libxslt1-dev python-dev
git clone https: //[email protected]/LaNMaSteR53/recon-ng.git
Go to the utility folder
pip install -r REQUIREMENTS
Above the splash screen, you get a red error screen, these are just warnings that the API keys for these services are not full. Many of the modules within the reconfiguration use web services, which require an API key for full access to the data.
The reconfigured wiki has a quick mileage of keys where you can get them. This will save you time on each of the sites that are looking for an API registration page.
For example, to get the key to use the google API, you need to register at the following link: https://console.developers.google.com/apis/dashboard
You will need these APIs:
YouTube Data API
- Custom Search API
Recon-ng uses many sources of information. These are popular search engines, social networks and popular services like github.
Among them, specialized search engines can be noted:
Shodan - a search engine for Internet devices;
censys.io - Search engine on devices and networks of the Internet.
haveibeenpwned.com - account hacking information.
recon-ng [-h] [-v] [-w workspace] [-r filename] [--no-check]
-h, --help show help message and exit
-v, --version show program version and exit
-w workspace load / create workspace
-r filename load commands from source file
--no-check disable version checking
--no-analytics disable reporting analytics
The text interface is similar to that of Metasploit and set (Social Enginering Toolkit). So here you can create workspaces (workspace), connect the modules, set their parameters and finally run. Information will be saved in the database. For each working environment, their own instances of tables are saved.
We load the module with the command:
use recon / contacts-contacts / mailtester
To create a workplace you need to enter:
workspace add name
View the main parameters (proxy, user agent, etc.):
Show all tables:
Show all modules:
use <modules name>
As a rule, for the module to work, you need to set one or more initial variables (site address, user name, etc.). Their name and purpose depends on the purpose of the module. By default, most modules use data from tables. Almost every module has a SOURCE parameter (see example below). SOURCE = default if data from the table will be used. But you can take data, such as a list of email addresses from a file.
set SOURCE full_file_name
Or if you need to check only one value, then specify it directly:
set SOURCE value
After executing a module, the results of work are usually written in tables.
Show the number of records in each table (this is also a separate table):
Show any table, for example profiles:
Add an entry to the table:
add table_name field1 ~ field2 ~ field3
Login in your account to Start Chat