My Recon-NG Cheat Sheet

API keys

show keys — list available API keys

keys add api_key_name #api_key_value — add key to module

Interesting APIs

builtwith — discover the technology used without touching the hosts

google — who doesn’t know it?

shodan — search engine for IoT

Obtaining API Keys

https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide#!acquiring-api-keys

Contacts

show contacts — list contacts in DB

recon

use recon/domains-contacts/whois_pocs

Companies

show companies — list companies in DB

add companies — add company to DB

Domains

show domains — list domains in database

add domains — add domain to DB for pentesting

delete domains #ID — remove unwanted domain (ID available in show domains)

recon

use recon/domains-hosts/findsubdomains

use recon/domains-hosts/bing_domain_web

use recon/domains-hosts/brute_hosts

use recon/domains-hosts/hackertarget

Hosts

show hosts — list hosts in DB

recon

use discovery/info_disclosure/interesting_files

IP

recon

use recon/hosts-hosts/resolve

Modules

search xyz — search recon-ng for nodule ‘xyz’

use xyz — select module ‘xyz’

show info — display module help and usage

run — execute previously selected module

Reports

show dashboard — display DB info

search reporting — list available report formats

set customer — set customer name for reports

Workspace

show workspaces — list available workspaces

workspaces add my-worspace — adds ‘my-workspace’

workspace select my-workspace — selects ‘my-workspace’ to use

Other Reconnaissance Tools

You can read more about reconnaissance tools here.