Recon-ng basics: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Zeile 37: | Zeile 37: | ||
[*] Marketplace index refreshed. | [*] Marketplace index refreshed. | ||
=search hackertarge modul= | =search hackertarge modul= | ||
− | [recon-ng][default] > marketplace search hackertarget | + | *[recon-ng][default] > marketplace search hackertarget |
*[*] Searching module index for 'hackertarget'... | *[*] Searching module index for 'hackertarget'... | ||
Version vom 7. Juni 2021, 18:54 Uhr
help
- [recon-ng][default] > help
Commands (type [help|?] <topic>): --------------------------------- back Exits the current context dashboard Displays a summary of activity db Interfaces with the workspace's database exit Exits the framework help Displays this menu index Creates a module index (dev only) keys Manages third party resource credentials marketplace Interfaces with the module marketplace modules Interfaces with installed modules options Manages the current context options pdb Starts a Python Debugger session (dev only) script Records and executes command scripts shell Executes shell commands show Shows various framework items snapshots Manages workspace snapshots spool Spools output to a file workspaces Manages workspaces
options list
- [recon-ng][default] > options list
Name Current Value Required Description ---------- ------------- -------- ----------- NAMESERVER 8.8.8.8 yes default nameserver for the resolver mixin PROXY no proxy server (address:port) THREADS 10 yes number of threads (where applicable) TIMEOUT 10 yes socket timeout (seconds) USER-AGENT Recon-ng/v5 yes user-agent string VERBOSITY 1 yes verbosity level (0 = minimal, 1 = verbose, 2 = debug)
market place
- [recon-ng][default] > marketplace refresh
[*] Marketplace index refreshed.
search hackertarge modul
- [recon-ng][default] > marketplace search hackertarget
- [*] Searching module index for 'hackertarget'...
+---------------------------------------------------------------------------------+ | Path | Version | Status | Updated | D | K | +---------------------------------------------------------------------------------+ | recon/domains-hosts/hackertarget | 1.0 | not installed | 2019-06-24 | | | +---------------------------------------------------------------------------------+
D = Has dependencies. See info for details. K = Requires keys. See info for details.
install hackertarge modul
- [recon-ng][default] > marketplace install recon/domains-hosts/hackertarget
[*] Module installed: recon/domains-hosts/hackertarget [*] Reloading modules...
load hackertarget modul
- [recon-ng][default] > modules load recon/domains-hosts/hackertarget
info hackertarget modul
- [recon-ng][default][hackertarget] > info
Name: HackerTarget Lookup Author: Michael Henriksen (@michenriksen) Version: 1.0
Description:
Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results.
Options:
Name Current Value Required Description ------ ------------- -------- ----------- SOURCE yes source of input (see 'show info' for details)
Source Options:
default SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL <string> string representing a single input <path> path to a file containing a list of inputs query <sql> database query returning one column of inputs
set source
[recon-ng][default][hackertarget] > options set SOURCE suse.de
SOURCE => suse.de
run
- [recon-ng][default][hackertarget] > run
------- SUSE.DE ------- [*] [host] suse.de (130.57.5.70) [*] [host] cc-s390x-kvm1.suse.de (195.135.221.74) [*] [host] smtp1.suse.de (195.135.220.23) [*] [host] director1.suse.de (195.135.220.21) [*] [host] cloud-dev1.suse.de (195.135.221.78) [*] [host] mx1.suse.de (195.135.220.2) [*] [host] mail2.suse.de (195.135.221.8) [*] [host] cc-s390x-kvm2.suse.de (195.135.221.79) [*] [host] smtp2.suse.de (195.135.220.24) [*] [host] director2.suse.de (195.135.220.22) [*] [host] mx2.suse.de (195.135.220.15) [*] [host] cantor3.suse.de (195.135.220.16) [*] [host] mx3.suse.de (143.186.213.3) [*] [host] mx4.suse.de (143.186.213.4) [*] [host] hydra.suse.de (195.135.221.167) [*] [host] opentc.suse.de (195.135.221.137) [*] [host] freeipa-opensuse.suse.de (149.44.161.62) [*] [host] gate.suse.de (195.135.221.12) [*] [host] turing.suse.de (195.135.220.3) [*] [host] storage-ci.suse.de (158.69.69.166) [*] [host] practicum.suse.de (130.57.14.222) [*] [host] imap.suse.de (195.135.220.8) [*] [host] aruba-rap.suse.de (195.135.221.3) [*] [host] ftp.suse.de (195.135.221.132) [*] [host] skylla-router.suse.de (195.135.221.1) [*] [host] soliddriver.suse.de (149.44.170.31) [*] [host] director.suse.de (195.135.220.20) [*] [host] visit.suse.de (195.135.221.17) [*] [host] munin-ext.suse.de (195.135.221.11) [*] [host] charybdis-ext.suse.de (195.135.221.2) [*] [host] relay-ext.suse.de (195.135.221.8)
Add API keys to recon-ng
- [recon-ng][default]> keys add shodan_api xxxxxxxxxxxxxxxxxxxxx
search shodan
- [recon-ng][default] > marketplace search shodan
[*] Searching module index for 'shodan'...
+------------------------------------------------------------------------------------+ | Path | Version | Status | Updated | D | K | +------------------------------------------------------------------------------------+ | recon/companies-multi/shodan_org | 1.1 | not installed | 2020-07-01 | * | * | | recon/domains-hosts/shodan_hostname | 1.1 | not installed | 2020-07-01 | * | * | | recon/hosts-ports/shodan_ip | 1.2 | not installed | 2020-07-01 | * | * | | recon/locations-pushpins/shodan | 1.1 | not installed | 2020-07-07 | * | * | | recon/netblocks-hosts/shodan_net | 1.2 | not installed | 2020-07-21 | * | * | +------------------------------------------------------------------------------------+
D = Has dependencies. See info for details. K = Requires keys. See info for details.
install recon/hosts-ports/shodan_ip
- [recon-ng][xinux] > marketplace install recon/hosts-ports/shodan_ip
[recon-ng][xinux][shodan_ip] > back
load module
- [recon-ng][xinux] > modules load recon/hosts-ports/shodan_ip
info
- [recon-ng][xinux][shodan] > info
Name: Shodan IP Enumerator Author: Tim Tomes (@lanmaster53) and Matt Puckett (@t3lc0) & Ryan Hays (@_ryanhays) Version: 1.2 Keys: shodan_api Description: Harvests port information from the Shodan API by using the 'ip' search operator. Updates the 'ports' table with the results. Options: Name Current Value Required Description ------ ------------- -------- ----------- LIMIT 1 yes limit number of api requests per input source (0 = unlimited) SOURCE yes source of input (see 'info' for details) Source Options: default SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL <string> string representing a single input <path> path to a file containing a list of inputs query <sql> database query returning one column of inputs
set source
- [recon-ng][xinux][shodan_ip] > options set SOURCE 176.9.81.219
run
- [recon-ng][xinux][shodan_ip] > run