recon-ng

Start recon-ng interactive console

$ recon-ng

$ recon-ng -w [workspace_name]

$ marketplace search

$ marketplace install [module_name]

$ modules load [module_name]

$ options list

$ run

recon-ng [-w workspace] [-r resource] [--no-analytics]

recon-ng is a modular reconnaissance framework for gathering open-source intelligence (OSINT). Designed with a Metasploit-like interface, it provides a familiar workflow for security professionals conducting the information-gathering phase of assessments.
The framework uses workspaces to organize reconnaissance projects, with each workspace maintaining its own database of collected data (domains, hosts, contacts, credentials, etc.). Modules can query this data and add new findings, building comprehensive intelligence profiles.
Modules cover various reconnaissance categories: discovery (subdomain enumeration, port scanning), recon (WHOIS, DNS records, social media), import (data ingestion), and reporting (HTML, JSON, Excel exports). Many modules integrate with external APIs (Shodan, VirusTotal, HaveIBeenPwned) requiring API keys.

-w workspace

Create or load the specified workspace

Execute resource file (automation script)

Disable anonymous usage tracking

Disable version check at startup

Display help message

~/.recon-ng/workspaces/

Workspace directories containing per-project SQLite databases with collected hosts, contacts, domains, and credentials.

API keys for external services (Shodan, VirusTotal, HaveIBeenPwned, etc.) stored in the workspace database and required by many modules.

workspaces list

List available workspaces

Create a new workspace

Search available modules in marketplace

Install a module from marketplace

Load an installed module

Set module option

Display current module options

Execute the loaded module

Display data from database tables (hosts, contacts, domains, etc.)

Add API key for external services

List configured API keys

Authorization required: Only perform reconnaissance against targets you have permission to assess. Unauthorized reconnaissance may violate laws and terms of service.
Many powerful modules require API keys from external services. Configure keys with keys add before using those modules. Some services have rate limits or require paid subscriptions.
The marketplace must be accessed to install modules beyond the base set. Ensure network connectivity for marketplace operations.
Module results vary in accuracy. Cross-reference findings from multiple sources and validate critical information manually.

Recon-ng was developed by Tim Tomes while working at Black Hills Information Security. First released around 2012, it was designed to bring the modular, database-driven approach of Metasploit to the reconnaissance phase. The framework is written in Python and continues active development with community-contributed modules.

maltego(1), theharvester(1), amass(1), nmap(1)