Recon-NG How-To II


We’re going to do some network reconnaissance on Medium. Our first task was creating a dedicated workspace for the information gathered. Remember it’s easy to collect data, but it’s crucial to keep it organized. Let’s add ‘’ to the list of domains:

> add domains
> show domains

We now have ‘’ in our database. Let’s find our hosts.


We’ll start by using the Google Hostname Enumerator:

> use recon/domains-host/google_site_web
> run

Lets display our findings running ‘show hosts’:

Let’s dig deeper in our domain’s target and use the ‘findsubdomains’ module:

> back
> use recon/domains-host/findsubdomains
> show info
> run
> show hosts

Resolve Hosts to IP

Now that we have a list of hosts, lets find their IP address:

> back
> use recon/hosts-hosts/resolve
> run
> show hosts

Our list is getting more complete. Let’s try to obtain their location.

Searching modules

Recon-NG has several modules for different uses. We can see a full list with the command ‘show’

> show modules

We can search through its modules using the command ‘search’:

> search location

We can use API or API to update our hosts table. Remember to obtain a key and update Recon-NG.

IP Location

There is no right way of obtaining locations from IP. We’ll go through several modules until we have obtained all the information possible.

> use recon/hosts-hosts/ipinfodb