All About Recon
In cyber security, before performing a penetration test or similar operation on a system, we need to have information about that system.It is necessary to understand the topography of the system and identify potential security weak points and create an attack rotation based on their results.This entire process of collecting and analyzing information is called “Recon”.This process can take weeks to months.No matter how long it takes, it is not a process that can be ignored. We cannot enter a system without knowledge.
To gather as much information as possible about a target system, an ethical hacker follows the seven steps:
- Collecting initial data
- Calculating the range of the network
- Identifying active machines
- Find out about the available ports and access points
- Identification of the operating system using its fingerprint
- Services available at ports
- Create a network map
An attacker will use these steps to gain access to information about a network:
- File permissions
- Running network services
- OS platform
- Trust relationships
- Information about user accounts
We learned that this entire discovery process was called Recon.This discovery process is divided into two: Active Reconnaissance and Passive Reconnaissance.
Active Reconnaissance:
- Active reconnaissance is the process of an attacker gathering information by directly interacting with the target system.
- It may include port scanning, service versioning, and other techniques.
- By communicating with the target system, the attacker tries to identify open ports, running services and potential vulnerabilities.
- This type of reconnaissance can be noticed in the target system and detected by defense mechanisms.
Passive Reconnaissance:
- Passive reconnaissance is the process of gathering information, usually from publicly available sources, without directly interacting with the target system.
- It may include information obtained from sources such as social media, WHOIS databases, news sites.
- This type of reconnaissance is generally less noticeable and has a greater ability to hide the attacker’s presence.
- However, the information obtained may be limited and contain less technical detail.
Some tools have been developed to facilitate the passive and active information collection part of Recon. “Recon-Ng” comes first among these tools.
What is Recon-Ng
Recon-ng is an open source tool used for information gathering (reconnaissance) purposes. This tool is used by cybersecurity experts, ethical hackers, and penetration testers to help gather information about target systems. Recon-ng comes with numerous modules used in cybersecurity testing and penetration testing, and these modules include capabilities to collect information from different sources.When we examine ReconNg, we see that it contains around 100 modules, that it can be customized and expanded according to the needs of the users, that various modules such as WHOIS queries, DNS analysis, e-mail address collection, social media monitoring, different information collection techniques can be performed, and that it can be used in a simple way to organize and report the collected information. We can see that the user interface.
How to use Recon-Ng
Recon-Ng comes pre-installed on most Linux systems, but in some cases we need to install it ourselves.
How to install Recon-Ng
1-)Since Recon-ng is a Python-based tool, it supports the Python language. That’s why we need to install Python first.
- $sudo apt-get update
- $sudo apt-get install python3 git
2-)Then we need to download the tool from the Git repository
3-)Then we need to enter the recon-ng directory we downloaded and install the necessary libraries.
- cd recon-ng
- sudo pip3 install -r REQUIREMENTS
4-)Now that we have completed the installation process, we can run the tool.
- ./recon-ng
or
- python3 ./recon-ng
Use the Recon-Ng
There are around 100 modules in the Recon-ng tool, but the modules do not come installed. All modules can be installed with a single line of code.
$marketplace install all
Using modules in the Recon-ng tool requires API. After the modules are installed, modules for which API information is not entered will give a red warning at startup.
If you want to find out which APIs are needed. You can list all of them with the (keys list) command.After creating a membership on the relevant websites and receiving the APIs created specifically for you. You can add it to recon-ng using (keys add) parameters.
You can use the — help command to get information about the general use of Recon.
