LinuxCommandLibrary

recon-ng

Automated web reconnaissance framework

TLDR

Start the tool

$ recon-ng
copy

Create a workspace
$ workspaces create [workspace_name]
copy

Search the marketplace for modules used to accomplish different reconnaissance tasks
$ marketplace search
copy

Install all available modules (some may need API keys to function completely)
$ marketplace install all
copy

Load the profiler module. It is used to scan the web for profiles matching the target, scrape them, and store them
$ modules load profiler
copy

Insert the target's username. After entering this command, enter the desired username of the search and leave the rest of the options blank
$ db insert profiles
copy

Run the current module
$ run
copy

SYNOPSIS

recon-ng

PARAMETERS

None
    Recon-ng is executed without any specific command-line arguments. It starts an interactive console environment.

DESCRIPTION

Recon-ng is a powerful, modular, and open-source web reconnaissance framework written in Python. It is designed to automate the process of information gathering on target organizations or individuals.

It provides a command-line interface with features similar to Metasploit, allowing users to perform reconnaissance tasks such as: discovering subdomains, finding email addresses, identifying employee names, mapping network infrastructure, and harvesting information from various online sources.

Recon-ng leverages publicly available APIs and data sources to conduct passive reconnaissance, minimizing the risk of detection. Its modular design enables easy extension and customization through custom modules, allowing users to adapt the framework to their specific reconnaissance needs. It has an embedded database that helps with tracking found information which can be then filtered for easier reading. The framework is frequently updated with new modules and features, making it a valuable tool for penetration testers, security researchers, and intelligence analysts.

CAVEATS

Recon-ng relies on publicly available APIs. The accuracy and availability of the data gathered depends on these APIs and the target's online presence.
Information collected might not be accurate.

MODULES

Recon-ng uses modules for information gathering. To browse the available modules, use the command 'marketplace search'. To install a module, use 'marketplace install '. To load a module, use 'modules load '.

KEYS

Many modules require API keys to function. API keys can be added with the command 'keys add '.

WORKSPACE

Recon-ng organizes data within workspaces, creating a new workspace for each project will improve workflow. Use the command 'workspaces create ' to create a new workspace.

DATA OUTPUT

Data can be displayed with the command 'show ', or written to files. Example: `show hosts`

HISTORY

Recon-ng was created by Tim Tomes (@LaNMaSteR53) and has been actively developed and maintained by the community.

SEE ALSO

nmap(1), whois(1), dig(1)

Copied to clipboard