My Recon-NG Cheat Sheet
API keys
show keys — list available API keys
keys add api_key_name #api_key_value — add key to module
Interesting APIs
builtwith — discover the technology used without touching the hosts
google — who doesn’t know it?
shodan — search engine for IoT
Obtaining API Keys
https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide#!acquiring-api-keys
Contacts
show contacts — list contacts in DB
recon
use recon/domains-contacts/whois_pocs
Companies
show companies — list companies in DB
add companies — add company to DB
Domains
show domains — list domains in database
add domains — add domain to DB for pentesting
delete domains #ID — remove unwanted domain (ID available in show domains)
recon
use recon/domains-hosts/findsubdomains
use recon/domains-hosts/bing_domain_web
use recon/domains-hosts/brute_hosts
use recon/domains-hosts/hackertarget
Hosts
show hosts — list hosts in DB
recon
use discovery/info_disclosure/interesting_files
IP
recon
use recon/hosts-hosts/resolve
Modules
search xyz — search recon-ng for nodule ‘xyz’
use xyz — select module ‘xyz’
show info — display module help and usage
run — execute previously selected module
Reports
show dashboard — display DB info
search reporting — list available report formats
set customer — set customer name for reports
Workspace
show workspaces — list available workspaces
workspaces add my-worspace — adds ‘my-workspace’
workspace select my-workspace — selects ‘my-workspace’ to use
Other Reconnaissance Tools
You can read more about reconnaissance tools here.