Today we are going to learn about recon-ng. Recon-ng is a very good tool for web application analysis.
Recon-ng is a fully-featured Web-Reconnaissance framework written in Python3. It gives a powerful environment to its users.
Recon-ng has some modules and functions which gives much useful information about the target, like sub-domains, IP, Geo-locations, vulnerabilities etc.
Recon-ng’s look and feel are close to Metasploit framework This tool comes pre-installed with Kali Linux.
Let we check how we can use this tool as a basic user. Let we fire up our Kali Linux’s terminal window and apply the following command:
Our call will open this framework as shown in the following screenshot:
Here we got recon-ng version 5.0.1. We can see in the above screenshot that in this version ‘no modules enabled/installed’.
Let we run help command to see the help options.
We can install modules from the market places. To see all the list of modules we can run the following command:
Then we can see all the modules in recon-ng as we can now see in the following screenshot:
Now if we want to install “hackertarget” module then we can search for its path using the following command:
marketplace search hackertarget
After applying this command we can see the path of hackertarget as shown following screenshot:
Now in the V5 of recon-ng, no modules come pre-installed so we need to install “hackertarget” module. We can easily do it by applying the following command:
marketplace install recon/domains-hosts/hackertarget
So here we used marketplace install and the path of the module, that’s it.
This will install “hackertarget” module.
This is how we can install modules in recon-ng V5. But some advanced modules require api keys to run.
Now we load a module for the scan. For example, we choose “hackertarget” and load it by using the following command:
modules load recon/domains-hosts/hackertarget
Now we can set sources with the target, by using the following command:
options set SOURCE kali.org
Now we can run by using the run command.
Then this module will run on kali.org domain, as we can see in the following screenshot:
We can see after process complete that we got total 49 hosts These hosts are added in the hosts’ table. We can check by using the following command:
The screenshot is following:
We can see hosts in hosts table this is how we can use Recon-ng V5 in Kali Linux.
Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.