Recon-ng basics: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 1: | Zeile 1: | ||
− | = | + | =help= |
− | *[recon-ng][default] > | + | *[recon-ng][default] > help |
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
+ | Commands (type [help|?] <topic>): | ||
+ | --------------------------------- | ||
+ | back Exits the current context | ||
+ | dashboard Displays a summary of activity | ||
+ | db Interfaces with the workspace's database | ||
+ | exit Exits the framework | ||
+ | help Displays this menu | ||
+ | index Creates a module index (dev only) | ||
+ | keys Manages third party resource credentials | ||
+ | marketplace Interfaces with the module marketplace | ||
+ | modules Interfaces with installed modules | ||
+ | options Manages the current context options | ||
+ | pdb Starts a Python Debugger session (dev only) | ||
+ | script Records and executes command scripts | ||
+ | shell Executes shell commands | ||
+ | show Shows various framework items | ||
+ | snapshots Manages workspace snapshots | ||
+ | spool Spools output to a file | ||
+ | workspaces Manages workspaces | ||
+ | </pre> | ||
+ | =options list= | ||
+ | *[recon-ng][default] > options list | ||
− | + | Name Current Value Required Description | |
− | + | ---------- ------------- -------- ----------- | |
− | + | NAMESERVER 8.8.8.8 yes default nameserver for the resolver mixin | |
− | | | + | PROXY no proxy server (address:port) |
− | +--------------------------------------------------------+ | + | THREADS 10 yes number of threads (where applicable) |
− | + | TIMEOUT 10 yes socket timeout (seconds) | |
− | + | USER-AGENT Recon-ng/v5 yes user-agent string | |
− | | recon/domains-hosts/hackertarget | + | VERBOSITY 1 yes verbosity level (0 = minimal, 1 = verbose, 2 = debug) |
− | + | =market place= | |
− | + | *[recon-ng][default] > marketplace refresh | |
− | +--------------------------------------------------------+ | + | [*] Marketplace index refreshed. |
+ | =search hackertarge modul= | ||
+ | *[*] Searching module index for 'hackertarget'... | ||
+ | |||
+ | +---------------------------------------------------------------------------------+ | ||
+ | | Path | Version | Status | Updated | D | K | | ||
+ | +---------------------------------------------------------------------------------+ | ||
+ | | recon/domains-hosts/hackertarget | 1.0 | not installed | 2019-06-24 | | | | ||
+ | +---------------------------------------------------------------------------------+ | ||
+ | |||
+ | D = Has dependencies. See info for details. | ||
+ | K = Requires keys. See info for details. | ||
+ | =install hackertarge modul= | ||
+ | *[recon-ng][default] > marketplace install recon/domains-hosts/hackertarget | ||
+ | [*] Module installed: recon/domains-hosts/hackertarget | ||
+ | [*] Reloading modules... | ||
+ | |||
+ | =load hackertarget modul= | ||
+ | *[recon-ng][default] > modules load recon/domains-hosts/hackertarget | ||
+ | =info hackertarget modul= | ||
+ | *[recon-ng][default][hackertarget] > info | ||
+ | |||
+ | Name: HackerTarget Lookup | ||
+ | Author: Michael Henriksen (@michenriksen) | ||
+ | Version: 1.0 | ||
+ | |||
+ | Description: | ||
+ | Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results. | ||
+ | |||
+ | Options: | ||
+ | Name Current Value Required Description | ||
+ | ------ ------------- -------- ----------- | ||
+ | SOURCE yes source of input (see 'show info' for details) | ||
+ | |||
+ | Source Options: | ||
+ | default SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL | ||
+ | <string> string representing a single input | ||
+ | <path> path to a file containing a list of inputs | ||
+ | query <sql> database query returning one column of inputs | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
==use module== | ==use module== | ||
*[recon-ng][default] > use recon/domains-hosts/hackertarget | *[recon-ng][default] > use recon/domains-hosts/hackertarget |
Version vom 10. Oktober 2020, 17:27 Uhr
help
- [recon-ng][default] > help
Commands (type [help|?] <topic>): --------------------------------- back Exits the current context dashboard Displays a summary of activity db Interfaces with the workspace's database exit Exits the framework help Displays this menu index Creates a module index (dev only) keys Manages third party resource credentials marketplace Interfaces with the module marketplace modules Interfaces with installed modules options Manages the current context options pdb Starts a Python Debugger session (dev only) script Records and executes command scripts shell Executes shell commands show Shows various framework items snapshots Manages workspace snapshots spool Spools output to a file workspaces Manages workspaces
options list
- [recon-ng][default] > options list
Name Current Value Required Description ---------- ------------- -------- ----------- NAMESERVER 8.8.8.8 yes default nameserver for the resolver mixin PROXY no proxy server (address:port) THREADS 10 yes number of threads (where applicable) TIMEOUT 10 yes socket timeout (seconds) USER-AGENT Recon-ng/v5 yes user-agent string VERBOSITY 1 yes verbosity level (0 = minimal, 1 = verbose, 2 = debug)
market place
- [recon-ng][default] > marketplace refresh
[*] Marketplace index refreshed.
search hackertarge modul
- [*] Searching module index for 'hackertarget'...
+---------------------------------------------------------------------------------+ | Path | Version | Status | Updated | D | K | +---------------------------------------------------------------------------------+ | recon/domains-hosts/hackertarget | 1.0 | not installed | 2019-06-24 | | | +---------------------------------------------------------------------------------+
D = Has dependencies. See info for details. K = Requires keys. See info for details.
install hackertarge modul
- [recon-ng][default] > marketplace install recon/domains-hosts/hackertarget
[*] Module installed: recon/domains-hosts/hackertarget [*] Reloading modules...
load hackertarget modul
- [recon-ng][default] > modules load recon/domains-hosts/hackertarget
info hackertarget modul
- [recon-ng][default][hackertarget] > info
Name: HackerTarget Lookup Author: Michael Henriksen (@michenriksen) Version: 1.0
Description:
Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results.
Options:
Name Current Value Required Description ------ ------------- -------- ----------- SOURCE yes source of input (see 'show info' for details)
Source Options:
default SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL <string> string representing a single input <path> path to a file containing a list of inputs query <sql> database query returning one column of inputs
use module
- [recon-ng][default] > use recon/domains-hosts/hackertarget
- [recon-ng][default][hackertarget] > show info
Name: HackerTarget Lookup Path: modules/recon/domains-hosts/hackertarget.py Author: Michael Henriksen (@michenriksen) Description: Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results. Options: Name Current Value Required Description ------ ------------- -------- ----------- SOURCE default yes source of input (see 'show info' for details) Source Options: default SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL <string> string representing a single input <path> path to a file containing a list of inputs query <sql> database query returning one column of inputs
set
set source
[recon-ng][default][hackertarget] > set SOURCE suse.de
SOURCE => suse.de
run
- [recon-ng][default][hackertarget] > run
------- SUSE.DE ------- [*] [host] suse.de (130.57.5.70) [*] [host] cc-s390x-kvm1.suse.de (195.135.221.74) [*] [host] smtp1.suse.de (195.135.220.23) [*] [host] director1.suse.de (195.135.220.21) [*] [host] cloud-dev1.suse.de (195.135.221.78) [*] [host] mx1.suse.de (195.135.220.2) [*] [host] mail2.suse.de (195.135.221.8) [*] [host] cc-s390x-kvm2.suse.de (195.135.221.79) [*] [host] smtp2.suse.de (195.135.220.24) [*] [host] director2.suse.de (195.135.220.22) [*] [host] mx2.suse.de (195.135.220.15) [*] [host] cantor3.suse.de (195.135.220.16) [*] [host] mx3.suse.de (143.186.213.3) [*] [host] mx4.suse.de (143.186.213.4) [*] [host] hydra.suse.de (195.135.221.167) [*] [host] opentc.suse.de (195.135.221.137) [*] [host] freeipa-opensuse.suse.de (149.44.161.62) [*] [host] gate.suse.de (195.135.221.12) [*] [host] turing.suse.de (195.135.220.3) [*] [host] storage-ci.suse.de (158.69.69.166) [*] [host] practicum.suse.de (130.57.14.222) [*] [host] imap.suse.de (195.135.220.8) [*] [host] aruba-rap.suse.de (195.135.221.3) [*] [host] ftp.suse.de (195.135.221.132) [*] [host] skylla-router.suse.de (195.135.221.1) [*] [host] soliddriver.suse.de (149.44.170.31) [*] [host] director.suse.de (195.135.220.20) [*] [host] visit.suse.de (195.135.221.17) [*] [host] munin-ext.suse.de (195.135.221.11) [*] [host] charybdis-ext.suse.de (195.135.221.2) [*] [host] relay-ext.suse.de (195.135.221.8)
- [recon-ng][default][hackertarget] > show keys
+--------------------------+ | Name | Value | +--------------------------+ | bing_api | | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | google_cse | | | hashes_api | | | ipinfodb_api | | | jigsaw_api | | | jigsaw_password | | | jigsaw_username | | | pwnedlist_api | | | pwnedlist_iv | | | pwnedlist_secret | | | shodan_api | | | twitter_api | | | twitter_secret | | +--------------------------+
- [recon-ng][default][hackertarget] > keys add shodan_api xxxxxxxxxxxxxxxxxxxxx
- [recon-ng][default][hackertarget] > show keys
+-----------------------------------------------------+ | Name | Value | +-----------------------------------------------------+ | bing_api | | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | google_cse | | | hashes_api | | | ipinfodb_api | | | jigsaw_api | | | jigsaw_password | | | jigsaw_username | | | pwnedlist_api | | | pwnedlist_iv | | | pwnedlist_secret | | | shodan_api | xxxxxxxxxxxxxxxxxxxxx | | twitter_api | | | twitter_secret | | +-----------------------------------------------------+
Workspaces
- [recon-ng][default] > workspaces add xinux-workspace
- [recon-ng][xinux-workspace] >
- [recon-ng][xinux-workspace] > workspaces select default
- [recon-ng][default] > workspaces select xinux-workspace
- [recon-ng][xinux-workspace] >
add
- [recon-ng][xinux-workspace] > add + <TAB>
companies credentials hosts locations ports pushpins vulnerabilities contacts domains leaks netblocks profiles repositories
add domain
- [recon-ng][xinux-workspace] > add domains
domain (TEXT): xinux.de
add companies
- [recon-ng][xinux-workspace] > add companies
company (TEXT): xinux description (TEXT): e.K.
export
- [recon-ng][test] > search reporting results
Reporting --------- reporting/csv reporting/html reporting/json reporting/list reporting/proxifier reporting/pushpin reporting/xlsx reporting/xml
- [recon-ng][test] > use reporting/xml
- [recon-ng][test][xml] > show dashboard results
- [recon-ng][test][xml] > set <tablename>
- [recon-ng][test][xml] > show options
- [recon-ng][test][xml] > run