Recon-NG How-To II
We’re going to do some network reconnaissance on Medium. Our first task was creating a dedicated workspace for the information gathered. Remember it’s easy to collect data, but it’s crucial to keep it organized. Let’s add ‘medium.com’ to the list of domains:
> add domains medium.com
> show domains
We now have ‘medium.com’ in our database. Let’s find our hosts.
We’ll start by using the Google Hostname Enumerator:
> use recon/domains-host/google_site_web
Lets display our findings running ‘show hosts’:
Let’s dig deeper in our domain’s target and use the ‘findsubdomains’ module:
> use recon/domains-host/findsubdomains
> show info
> show hosts
Resolve Hosts to IP
Now that we have a list of hosts, lets find their IP address:
> use recon/hosts-hosts/resolve
> show hosts
Our list is getting more complete. Let’s try to obtain their location.
Recon-NG has several modules for different uses. We can see a full list with the command ‘show’
> show modules
We can search through its modules using the command ‘search’:
> search location
We can use ipinfodb.com API or ipstack.com API to update our hosts table. Remember to obtain a key and update Recon-NG.
There is no right way of obtaining locations from IP. We’ll go through several modules until we have obtained all the information possible.
> use recon/hosts-hosts/ipinfodb