Recon-ng: Information Gathering with Open Source Intelligence

Posted by


Today we are going to learn about recon-ng. Recon-ng is a very good tool for web application analysis.

Recon-ng is a fully-featured Web-Reconnaissance framework written in Python3. It gives a powerful environment to its users.

Recon-ng has some modules and functions which gives much useful information about the target, like sub-domains, IP, Geo-locations, vulnerabilities etc.

Recon-ng’s look and feel are close to Metasploit framework This tool comes pre-installed with Kali Linux.

Let we check how we can use this tool as a basic user. Let we fire up our Kali Linux’s terminal window and apply the following command:


Our call will open this framework as shown in the following screenshot:

recon-ng kali linux

Here we got recon-ng version 5.0.1. We can see in the above screenshot that in this version ‘no modules enabled/installed’.

Let we run help command to see the help options.

recon-ng help

We can install modules from the market places. To see all the list of modules we can run the following command:

marketplace search

Then we can see all the modules in recon-ng as we can now see in the following screenshot:

recon-ng modules

Now if we want to install “hackertarget” module then we can search for its path using the following command:

marketplace search hackertarget

After applying this command we can see the path of hackertarget as shown following screenshot:

econ-ng searching module

Now in the V5 of recon-ng, no modules come pre-installed so we need to install “hackertarget” module. We can easily do it by applying the following command:

marketplace install recon/domains-hosts/hackertarget

So here we used marketplace install and the path of the module, that’s it.
This will install “hackertarget” module.

hackertarget module install


This is how we can install modules in recon-ng V5. But some advanced modules require api keys to run.

Now we load a module for the scan. For example, we choose “hackertarget” and load it by using the following command:

modules load recon/domains-hosts/hackertarget
hackertarget module install

Now we can set sources with the target, by using the following command:

options set SOURCE
set target source

Now we can run by using the run command.


Then this module will run on domain, as we can see in the following screenshot:

running Recon-ng

We can see after process complete that we got total 49 hosts These hosts are added in the hosts’ table. We can check by using the following command:

show hosts

The screenshot is following:

hosts table in recon-ng

We can see hosts in hosts table this is how we can use Recon-ng V5 in Kali Linux.

Feel free to leave a comment below or reach me on Instagram @iamshubhamkumar__.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.