Recon-ng: A full tutorial from noob to pro [Updated 2024]
Introduction
Hey, there guys, In this post, you will learn what is recon-ng and how to work with the tool from scratch and you should just follow the upcoming steps to become a pro in recon-ng. All the best my friend ????
Video
What is recon-ng
Recon-ng is a reconnaissance tool and it is one of the powerful recon tools that exist in the modern world and I personally love this tool and do you, just comment down if you love it…
The tool has almost got every feature in it and simply we could say the tool is an all-rounder. The tool is in a command-line interface and the results can also be viewed in web format.
COOL is it
When I first worked with the tool, I said is it was a copy of Metasploit? Because the interface is much similar but not complicated as Metasploit.
Also Read: Installing custom kali is very easy
Advertisment
Who developed the tool❓
The tool was written by this guy ????, His name is Tim Tomes and I should really thank him and the contributors to the tool. The author seems to be an introvert and here are his social links????????.
To download recon-ng just enter sudo apt-get install recon-ng
What all the recon-ng can do
- Interactive Help
- Command Completion
- Database Interaction
- Shell Commands
- Spooling Activity
- Recording Commands
- Configuration Persistence
- Global Options
- Workspaces
- Module Marketplace
- Module Searching
- Smart Loading
- Database Snapshots
- Restricted Context
- Module Details
- Data Sources
- Third Party Modules
- Methodology Driven
- Automation
- Analysis and Reporting
- Analytics
Advertisment
Some use full commands in recon-ng
- back: Exits the current context
- dashboard: Displays a summary of activity
- db: Interfaces with the workspace’s database
- exit: Exits the framework
- help: Displays this menu
- index: Creates a module index (dev only)
- keys: Manages third-party resource credentials
- marketplace: Interfaces with the module marketplace
- modules: Interfaces with installed modules
- options: Manages the current context options
- pdb: Starts a Python Debugger session (dev only)
- script: Records and executes command scripts
- shell: Executes shell commands
- show: Shows various framework items
- snapshots: Manages workspace snapshots
- spool: Spools output to a file
- workspaces: Manages workspaces
There are much more commands and if you want more familiarity just watch my youtube video on recon-ng and the video is at the top of the page.
How to use recon-ng
Follow the below steps and examples to become a noob to pro in the recon-ng tool and If you have any doubt just comment down below and I’m ready to help you…
Workspace
In this example let’s see about workspaces. let’s create, list, load and remove a workspace. Workspaces are where you can work on your project.
Example1:
Let’s create a workspace, the command is
workspaces create moulik
instead of moulik, you add you workspace
Example2:
Let’s list the created workspaces, to list enter this command ????????
workspaces list
So here are the created workspaces and we listed them, by default there will be always a default workspace.
Example3:
Let’s load the moulik workspace, to load any workspace enter ????????
workspaces load moulik
Instead of moulik add the workspaces name you wanna load
workspaces load moulik
Example4:
To remove workspaces just enter ????????
workspaces remove moulik
You see we have removed the moulik workspaces and to check we removed just do
workspaces list
Snapshots
Let’s do a snapshot. Snapshot is taking a snap of your work
Example1:
To do a snapshot enter this command ????????
snapshots take moulik
Instead of moulik keep the name you wish
Example2:
Let’s list the snapshots
snapshots list
Example3:
Let’s load the snapshot
To load snapshots do this command ????????
snapshots load snapshot_20210911034707.db
Instead of the snapshot enter the snapshot file you wanna enter
Example4:
To remove snapshots do this command
snapshots remove snapshot_20210911034707.db
Dashboards
To see a summary of your activity enter
Example1:
Here is the command to check for your work activity ????????
dashboard
Shell
Executing a shell
Example1:
To execute a shell enter
shell sh
Instead of sh, you enter whatever shell you want Iam entering Bourne shell
Pdb
pdb is a debugger
Example1:
To start a debugger just do this command
pdb.set_trace()
db
Interfaces with the workspace’s database, Let’s do a schema, insert, delete, query, notes etc…
Example1:
Firstly let’s enter ???????? to find the workspaces related database in a good box format
db schema
Once you do db schema you see all this information in box format
companies|contacts|credentials|domains|hosts|leaks|locations|netblocks|ports|profiles|pushpins|repositories|vulnerabilities
Example2:
Now let’s add an insert port,
To insert something in db just enter
db insert ports
Instead of port you could enter whatever you want.
Example3:
To delete any rows enter
db delete hosts
Instead of host enter what you wanna delete and once you give this command it asks for the no of command in rows to delete like this ????????
Example4:
Let’s add notes in db
Do this ???????? specify the tables and then enter the rows and the enter the change
db notes ports
Index
Here is where we could know the information of the module.
Example1:
Gathering information on all installed modules
index all
Example2:
Now, let’s index a specific module here it will be
index import/masscan
Advertisment
Marketplace
In the marketplace, we are going to install, remove, search, info, refresh and let’s see about the marketplace.
In the marketplace, we can install all recon tools. Most of the recon tools are available in the marketplace but some tools will have some errors.
Example1:
Let’s search for a tool, to search just enter
marketplace search
Example2:
Let’s search for a specific tool, to search a specific tool enter this command ????????
marketplace search dns
Instead of DNS you enter whatever you want, you could enter nmap, or any other tool you search for…
Example3:
Okay, now let’s install the searched tool, to install any tool enter this command ????????
marketplace install recon/companies-domains/whoxy_dns
Instead of recon/companies-domains/whoxy_dns enter the tool you wanna install
Example4:
To remove any installed tool enter
marketplace remove recon/companies-domains/whoxy_dns
The installed tool will be in modules, Next, let’s see what is modules…
Advertisement
Modules
The installed tool in the marketplace will be in these modules, In modules let’s see how to search, load, reload…
Example1:
Now, let’s check for the installed tool in the marketplace, the tool will be saved in modules and to look for it do
Modules search
Example2:
To load the module just enter ????????
module load recon/domains-contacts/whois_pocs
Instead of recon/domains-contacts/whois_pocs enter the tool you wanna load
Now it is loaded, let’s give info
Example3:
Now let’s do info and look at the loaded module,
info
In the source, there is google.com, Instead of google.com we are entering bbc.com to set the SOURCE to let’s enter this ????????
Example4:
Changing target
options unset SOURCE
Now we have unset the target, see the SOURCE there is nothing
Example5:
To add the target simply enter ????????
options set SOURCE bbc.com
Now the new target is set
Example6:
To run the set target just give
run
Keys
Now, we move on to keys, You should have noticed at the marketplace some tools asking for API keys.
So, to add the API key follow these steps…
Example1:
Firstly you should install a tool that has API key dependency and once installed. Do this command and see what all tools require keys
keys list
So, I have installed these tools ???? which requires API and one tool has API key.
Example2:
To add an API key just follow my steps ????????
keys add builtwith_api 00000000000000000000000000000
Instead of buitwith_api add the tool you want, you could add whoxy_api, shodan_api and so on…
Example3:
To remove an API key do it ????????
keys remove builtwith_api 0000000000000000000000000000000
Show
The show command shows the various frameworks
Example1:
The show commands show all the frameworks existing
Example2:
Now to see any framework just enter ????????
show companies
Instead of companies, you could enter the frameworks that exist there on the above pic
Also Read: Parsero information gathering tool
Also Read: Hping3 full tutorial
