Recon-NG How-To I
Reconnaissance is the first step in pentesting. Not only that, it’s the step in which we’ll have to spend most of out time. There are a number of tools to help us with this task. In this story I’m going to talk about Recon-NG
Recon-NG is one open source tool to facilitate our task of information gathering. In this brief tutorial I’ll demonstrate how to use it.
From Tim Tomes bitbucket’s repository: “Recon-NG is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion”.
If you’re using Kali Linux — and I strongly advise you to if you’re thinking of pentesting seriously — Recon-NG is installed by default.
Major Linux distributions have Recon-NG in their repositories. If it’s Debian based there should be a DEB package. If it’s Red Hat based, search for a RPM. If you’re using Arch or anything else you can always built it from source.
To start, open a terminal window to enter in console mode. Type:
Ignore the red lines (we’ll cover that later).
Recon-NG uses workpaces to help organize collected information according to our workflow. The command is ‘workspaces’ and its options are list, add, select and delete.
Let’s do some reconnaissance on medium. We’ll first create a workspace ‘medium’ and the domain’medium.com’.
> workspace add medium
> add domains medium.com
> show domains
The ‘list’ option displays available workspaces created in Recon-NG:
> workspace list
To navigate to the default workspace just type the command:
> workspace select default
Notice the change in the brackets from medium to default.
To delete just type:
> workspaces delete medium
Recon-NG as a modular architecture and some of its modules require an API key. Let’s start by viewing available and installed keys:
> keys list
To acquire API keys go to the respective URL and create an account. You can use the following page. Some modules are more interesting than others. My personal favorites are Builtin, Google, IPInfoDB and Shodan.
Once you have your key, just add it with
> keys add module_name API_Key
You’ll notice that the error list gets shorter when starting Recon-NG.