Hey, there guys, In this post, you will learn what is recon-ng and how to work with the tool from scratch and you should just follow the upcoming steps to become a pro in recon-ng. All the best my friend ????
What is recon-ng
Recon-ng is a reconnaissance tool and it is one of the powerful recon tools that exist in the modern world and I personally love this tool and do you, just comment down if you love it…
The tool has almost got every feature in it and simply we could say the tool is an all-rounder. The tool is in a command-line interface and the results can also be viewed in web format.
COOL is it
When I first worked with the tool, I said is it was a copy of Metasploit? Because the interface is much similar but not complicated as Metasploit.
Also Read: Installing custom kali is very easy
Who developed the tool❓
The tool was written by this guy ????, His name is Tim Tomes and I should really thank him and the contributors to the tool. The author seems to be an introvert and here are his social links????????.
To download recon-ng just enter sudo apt-get install recon-ng
What all the recon-ng can do
- Interactive Help
- Command Completion
- Database Interaction
- Shell Commands
- Spooling Activity
- Recording Commands
- Configuration Persistence
- Global Options
- Module Marketplace
- Module Searching
- Smart Loading
- Database Snapshots
- Restricted Context
- Module Details
- Data Sources
- Third Party Modules
- Methodology Driven
- Analysis and Reporting
Some use full commands in recon-ng
- back: Exits the current context
- dashboard: Displays a summary of activity
- db: Interfaces with the workspace’s database
- exit: Exits the framework
- help: Displays this menu
- index: Creates a module index (dev only)
- keys: Manages third-party resource credentials
- marketplace: Interfaces with the module marketplace
- modules: Interfaces with installed modules
- options: Manages the current context options
- pdb: Starts a Python Debugger session (dev only)
- script: Records and executes command scripts
- shell: Executes shell commands
- show: Shows various framework items
- snapshots: Manages workspace snapshots
- spool: Spools output to a file
- workspaces: Manages workspaces
There are much more commands and if you want more familiarity just watch my youtube video on recon-ng and the video is at the top of the page.
How to use recon-ng
Follow the below steps and examples to become a noob to pro in the recon-ng tool and If you have any doubt just comment down below and I’m ready to help you…
In this example let’s see about workspaces. let’s create, list, load and remove a workspace. Workspaces are where you can work on your project.
Let’s create a workspace, the command is
workspaces create moulik
instead of moulik, you add you workspace
Let’s list the created workspaces, to list enter this command ????????
So here are the created workspaces and we listed them, by default there will be always a default workspace.
Let’s load the moulik workspace, to load any workspace enter ????????
workspaces load moulik
Instead of moulik add the workspaces name you wanna load
workspaces load moulik
To remove workspaces just enter ????????
workspaces remove moulik
You see we have removed the moulik workspaces and to check we removed just do
Let’s do a snapshot. Snapshot is taking a snap of your work
To do a snapshot enter this command ????????
snapshots take moulik
Instead of moulik keep the name you wish
Let’s list the snapshots
Let’s load the snapshot
To load snapshots do this command ????????
snapshots load snapshot_20210911034707.db
Instead of the snapshot enter the snapshot file you wanna enter
To remove snapshots do this command
snapshots remove snapshot_20210911034707.db
To see a summary of your activity enter
Here is the command to check for your work activity ????????
Executing a shell
To execute a shell enter
Instead of sh, you enter whatever shell you want Iam entering Bourne shell
pdb is a debugger
To start a debugger just do this command
Interfaces with the workspace’s database, Let’s do a schema, insert, delete, query, notes etc…
Firstly let’s enter ???????? to find the workspaces related database in a good box format
Once you do db schema you see all this information in box format
Now let’s add an insert port,
To insert something in db just enter
db insert ports
Instead of port you could enter whatever you want.
To delete any rows enter
db delete hosts
Instead of host enter what you wanna delete and once you give this command it asks for the no of command in rows to delete like this ????????
Let’s add notes in db
Do this ???????? specify the tables and then enter the rows and the enter the change
db notes ports
Here is where we could know the information of the module.
Gathering information on all installed modules
Now, let’s index a specific module here it will be
In the marketplace, we are going to install, remove, search, info, refresh and let’s see about the marketplace.
In the marketplace, we can install all recon tools. Most of the recon tools are available in the marketplace but some tools will have some errors.
Let’s search for a tool, to search just enter
Let’s search for a specific tool, to search a specific tool enter this command ????????
marketplace search dns
Instead of DNS you enter whatever you want, you could enter nmap, or any other tool you search for…
Okay, now let’s install the searched tool, to install any tool enter this command ????????
marketplace install recon/companies-domains/whoxy_dns
Instead of recon/companies-domains/whoxy_dns enter the tool you wanna install
To remove any installed tool enter
marketplace remove recon/companies-domains/whoxy_dns
The installed tool will be in modules, Next, let’s see what is modules…
The installed tool in the marketplace will be in these modules, In modules let’s see how to search, load, reload…
Now, let’s check for the installed tool in the marketplace, the tool will be saved in modules and to look for it do
To load the module just enter ????????
module load recon/domains-contacts/whois_pocs
Instead of recon/domains-contacts/whois_pocs enter the tool you wanna load
Now it is loaded, let’s give info
Now let’s do info and look at the loaded module,
In the source, there is google.com, Instead of google.com we are entering bbc.com to set the SOURCE to let’s enter this ????????
options unset SOURCE
Now we have unset the target, see the SOURCE there is nothing
To add the target simply enter ????????
options set SOURCE bbc.com
Now the new target is set
To run the set target just give
Now, we move on to keys, You should have noticed at the marketplace some tools asking for API keys.
So, to add the API key follow these steps…
Firstly you should install a tool that has API key dependency and once installed. Do this command and see what all tools require keys
So, I have installed these tools ???? which requires API and one tool has API key.
To add an API key just follow my steps ????????
keys add builtwith_api 00000000000000000000000000000
Instead of buitwith_api add the tool you want, you could add whoxy_api, shodan_api and so on…
To remove an API key do it ????????
keys remove builtwith_api 0000000000000000000000000000000
The show command shows the various frameworks
The show commands show all the frameworks existing
Now to see any framework just enter ????????
Instead of companies, you could enter the frameworks that exist there on the above pic
Also Read: Parsero information gathering tool
Also Read: Hping3 full tutorial