How to Setup and Use Recon-ng

How to Setup and Use Recon-ng

How to Setup and Use Recon-ng

Setting up Recon-ng  to install recon-ng you must have Python 3.6 or higher installed on your system, Please follow the instructions below to assist you in how to setup and use Recon-ng on your operating system.

What is Recon-ng

What is Recon-ng? Recon-ng is a web reconnaissance tool that automates information gathering to aid penetration testers in collecting data about targets efficiently.

Why use Recon-ng

Why Use Recon-ng? we use it for automated, efficient, and organized data gathering during the reconnaissance phase of penetration testing.

Step 1: Install Recon-ng

  1. Using Kali Linux:
    • Recon-ng typically comes pre-installed on Kali Linux. You can check by running:
      bash
      recon-ng
    • If it’s not installed or you need to update it, follow the steps below.
  2. Install via Python:
    • Make sure you have Python installed on your system (Python 3.6+ recommended).
    • Open your terminal and run:
      bash
      git clone https://github.com/lanmaster53/recon-ng.git
      cd recon-ng
      pip install -r REQUIREMENTS
  3. Running Recon-ng:
    • Navigate to the Recon-ng directory and run:
      bash
      python3 recon-ng
    • You should see the Recon-ng command-line interface (CLI) loaded up.

Step 2: Setting Up Recon-ng

  1. Configure Your Workspace:
    • Create a new workspace to keep your data organized:
      bash
      workspace create <workspace_name>
    • Example:
      bash
      workspace create example
    • This helps you manage multiple recon projects simultaneously.
  2. Adding API Keys:
    • Some Recon-ng modules require API keys for services like Shodan, Virustotal, and Censys. To add these:
      bash
      keys add <service_name> <api_key>
    • Example:
      bash
      keys add shodan YOUR_SHODAN_API_KEY
    • You can view all keys you have set up using:
      bash
      keys list

Step 3: Using Recon-ng

  1. Basic Commands:
    • Show Available Modules: Use this command to see a list of all available modules.
      bash
      show modules
    • Load a Module: Load a specific module to use.
      bash
      use <module_name>
    • Example:
      bash
      use recon/domains-hosts/bing_domain_web
    • Show Module Options: View the options and parameters needed for a module.
      bash
      show options
    • Set Options: Configure options for the module, such as the target domain.
      bash
      set SOURCE example.com
    • Run the Module: Execute the module with the configured options.
      bash
      run
  2. Gathering Information:
    • Domain Reconnaissance: You can use modules to gather subdomains, host information, and more.
    • Data Export: Export gathered data for reporting:
      bash
      export csv /path/to/output.csv

Step 4: Useful Modules and Techniques

  1. Domain Enumeration:
    • Use recon/domains-hosts modules to gather hostnames from search engines.
    • Example:
      bash
      use recon/domains-hosts/google_site_web
      set SOURCE example.com
      run
  2. Whois Lookup:
    • Perform WHOIS lookups to get registration information:
      bash
      use recon/domains-contacts/whois_pocs
      set SOURCE example.com
      run
  3. Social Media Information:
    • Use recon/profiles-profiles modules to search for usernames or email addresses across social media platforms.

Step 5: Saving and Exiting

  1. Save Your Workspace:
    • Recon-ng automatically saves your workspace. However, you can manually save data to a file if needed.
  2. Exit Recon-ng:
    bash
    exit

Step-by-Step Guide to Using Recon-ng in a Workflow

1. Initial Setup

  1. Start Recon-ng:
    • Open your terminal and run:
      bash
      recon-ng
  2. Create a Workspace:
    • Use workspaces to organize your findings:
      bash
      workspace create example_workspace
    • This ensures all data for this engagement is stored separately.

2. Gathering Domain Information

  1. Setting the Target Domain:
    • Load a domain-based module, for example:
      bash
      use recon/domains-hosts/bing_domain_web
    • Set the Target Domain:
      bash
      set SOURCE example.com
    • Run the Module:
      bash
      run
    • Output: This will collect hostnames and subdomains found using Bing search.
  2. Using Multiple Modules:
    • Google Site Search:
      bash
      use recon/domains-hosts/google_site_web
      set SOURCE example.com
      run
    • Netcraft Module:
      bash
      use recon/domains-hosts/netcraft
      set SOURCE example.com
      run
    • These modules complement each other, increasing the chances of finding additional hosts.

3. Performing WHOIS Lookups

  1. Load the WHOIS Module:
    bash
    use recon/domains-contacts/whois_pocs
  2. Set the Target Domain:
    bash
    set SOURCE example.com
  3. Run the Module:
    bash
    run
  4. Output: This retrieves Points of Contact (POCs) associated with the domain registration, which can be useful for social engineering or understanding the target’s infrastructure.

4. Collecting Email Addresses

  1. Use Email Gathering Modules:
    • Using Hunter.io:
      bash
      use recon/domains-contacts/hunter
      set SOURCE example.com
      run
    • Using the Jigsaw Module:
      bash
      use recon/domains-contacts/jigsaw
      set SOURCE example.com
      run
    • Output: A list of email addresses associated with the domain, which can be used for phishing simulations or further analysis.

5. Social Media and Profile Information

  1. Username and Profile Search:
    • Use a Profile Search Module:
      bash
      use recon/profiles-profiles/namechk
      set SOURCE username
      run
    • This checks for the existence of a given username across multiple social media platforms.
  2. LinkedIn Contacts:
    • Use LinkedIn Gathering Module:
      bash
      use recon/companies-contacts/linkedin
      set COMPANY example
      run
    • Output: Collects information about employees working at the target company, useful for social engineering and understanding the organizational structure.

Step 6: Exporting Data

  1. Export to CSV:
    • To save your collected data for reporting or further analysis:
      bash
      export csv /path/to/output.csv
    • Example:
      bash
      export csv /home/user/recon_results.csv
  2. Review Collected Data:
    • Open the CSV file to ensure all relevant data is captured.

video  Tutorials on Recon-Ng

    Leave Your Comment Here

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    HACKING TOOLS

    INVESTIGATOR- RECON TOOL