Description
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance.
Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the “module” class. The “module” class is a customized “cmd” interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys.
Usage
Syntax
recon-ng [options]
Options
-
--version show program's version number and exit -h, --help show this help message and exit -w workspace load/create a workspace -r filename load commands from a resource file
Example
cyborg@cyborg:~$ sudo recon-ng _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ [recon-ng v1.41 Copyright (C) 2015, Tim Tomes (@LaNMaSteR53)] [65] Recon modules [7] Discovery modules [4] Reporting modules [1] Experimental modules recon-ng > show modules Discovery --------- discovery/exploitable/http/dnn_fcklinkgallery discovery/exploitable/http/generic_restaurantmenu discovery/exploitable/http/webwiz_rte discovery/info_disclosure/dns/cache_snoop discovery/info_disclosure/http/backup_finder discovery/info_disclosure/http/google_ids discovery/info_disclosure/http/interesting_files Experimental ------------ experimental/rce Recon ----- recon/contacts/enum/http/web/dev_diver recon/contacts/enum/http/web/namechk recon/contacts/enum/http/web/pwnedlist recon/contacts/enum/http/web/should_change_password recon/contacts/gather/http/api/jigsaw/point_usage recon/contacts/gather/http/api/jigsaw/purchase_contact recon/contacts/gather/http/api/jigsaw/search_contacts recon/contacts/gather/http/api/linkedin_auth recon/contacts/gather/http/api/twitter recon/contacts/gather/http/api/whois_pocs recon/contacts/gather/http/web/jigsaw recon/contacts/gather/http/web/pgp_search recon/contacts/support/add_contact recon/contacts/support/mangle recon/creds/enum/http/api/leakdb recon/creds/enum/http/api/noisette recon/creds/gather/http/api/pwnedlist/account_creds recon/creds/gather/http/api/pwnedlist/api_usage recon/creds/gather/http/api/pwnedlist/domain_creds recon/creds/gather/http/api/pwnedlist/domain_ispwned recon/creds/gather/http/api/pwnedlist/leak_lookup recon/creds/gather/http/api/pwnedlist/leaks_dump recon/hosts/enum/dns/resolve recon/hosts/enum/http/api/builtwith recon/hosts/enum/http/api/punkspider recon/hosts/enum/http/api/wascompanyhacked recon/hosts/enum/http/api/whatweb recon/hosts/enum/http/api/whois_lookup recon/hosts/enum/http/web/age_analyzer recon/hosts/enum/http/web/asafaweb recon/hosts/enum/http/web/gender_analyzer recon/hosts/enum/http/web/ipvoid recon/hosts/enum/http/web/malwaredomain recon/hosts/enum/http/web/mywot recon/hosts/enum/http/web/netbios recon/hosts/enum/http/web/netcraft_history recon/hosts/enum/http/web/open_resolvers recon/hosts/enum/http/web/urlvoid recon/hosts/enum/http/web/web_archive recon/hosts/enum/http/web/xssed recon/hosts/gather/dns/brute_force recon/hosts/gather/http/api/bing_ip recon/hosts/gather/http/api/google_site recon/hosts/gather/http/api/shodan_hostname recon/hosts/gather/http/web/baidu_site recon/hosts/gather/http/web/bing_site recon/hosts/gather/http/web/census_2012 recon/hosts/gather/http/web/google_site recon/hosts/gather/http/web/ip_neighbor recon/hosts/gather/http/web/mcafee/mcafee_affil recon/hosts/gather/http/web/mcafee/mcafee_dns recon/hosts/gather/http/web/mcafee/mcafee_mail recon/hosts/gather/http/web/netcraft recon/hosts/gather/http/web/yahoo_site recon/hosts/geo/http/api/hostip recon/hosts/geo/http/api/ipinfodb recon/hosts/geo/http/api/maxmind recon/hosts/geo/http/api/uniapple recon/hosts/geo/http/web/wigle recon/hosts/support/add_host recon/pushpin/flickr recon/pushpin/picasa recon/pushpin/shodan recon/pushpin/twitter recon/pushpin/youtube Reporting --------- reporting/csv_file reporting/html_report reporting/list reporting/pushpin recon-ng > load recon/contacts/gather/http/web/jigsaw recon-ng [jigsaw] > show options Name Current Value Req Description -------- ------------- --- ----------- COMPANY yes target company name KEYWORDS no additional keywords to identify company recon-ng [jigsaw] > set company "ztrela" COMPANY => "ztrela" recon-ng [jigsaw] > run [*] Gathering Company IDs... [*] Query: http://www.jigsaw.com/FreeTextSearchCompany.xhtml?opCode=search&freeText=%22ztrela%22