Recon-ng basics: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
 
(19 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 1: Zeile 1:
=help=
+
=Marketplace search=
*[recon-ng][default] > help
+
*[recon-ng][default] > marketplace search  
<pre>
 
Commands (type [help|?] <topic>):
 
---------------------------------
 
back            Exits the current context
 
dashboard      Displays a summary of activity
 
db              Interfaces with the workspace's database
 
exit            Exits the framework
 
help            Displays this menu
 
index          Creates a module index (dev only)
 
keys            Manages third party resource credentials
 
marketplace     Interfaces with the module marketplace
 
modules        Interfaces with installed modules
 
options        Manages the current context options
 
pdb            Starts a Python Debugger session (dev only)
 
script          Records and executes command scripts
 
shell          Executes shell commands
 
show            Shows various framework items
 
snapshots      Manages workspace snapshots
 
spool          Spools output to a file
 
workspaces      Manages workspaces
 
</pre>
 
=options list=
 
*[recon-ng][default] > options list
 
 
 
  Name        Current Value  Required  Description
 
  ----------  -------------  --------  -----------
 
  NAMESERVER  8.8.8.8        yes      default nameserver for the resolver mixin
 
  PROXY                      no        proxy server (address:port)
 
  THREADS    10            yes      number of threads (where applicable)
 
  TIMEOUT    10            yes      socket timeout (seconds)
 
  USER-AGENT  Recon-ng/v5    yes      user-agent string
 
  VERBOSITY  1              yes      verbosity level (0 = minimal, 1 = verbose, 2 = debug)
 
=market place=
 
*[recon-ng][default] > marketplace refresh
 
[*] Marketplace index refreshed.
 
=search hackertarge modul=
 
*[*] Searching module index for 'hackertarget'...
 
  
   +---------------------------------------------------------------------------------+
+
   +---------------------------------------------------------------------------------------------------+
   |               Path               | Version |    Status    |  Updated  | D | K |
+
   |                       Path                       | Version |    Status    |  Updated  | D | K |
   +---------------------------------------------------------------------------------+
+
   +---------------------------------------------------------------------------------------------------+
   | recon/domains-hosts/hackertarget | 1.0    | not installed | 2019-06-24 |  |  |
+
  | discovery/info_disclosure/cache_snoop              | 1.1    | not installed | 2020-10-13 |  |  |
   +---------------------------------------------------------------------------------+
+
  | discovery/info_disclosure/interesting_files        | 1.1    | not installed | 2020-01-13 |  |  |
 +
  | exploitation/injection/command_injector            | 1.0    | not installed | 2019-06-24 |  |  |
 +
  | exploitation/injection/xpath_bruter                | 1.2    | not installed | 2019-10-08 |  |  |
 +
  ...
 +
  ...
 +
  ...
 +
   | recon/domains-contacts/whois_pocs                  | 1.0    | not installed | 2019-06-24 |  |  |
 +
  ...
 +
  ...
 +
  ...
 +
  | reporting/json                                    | 1.0    | not installed | 2019-06-24 |  |  |
 +
  | reporting/list                                    | 1.0    | not installed | 2019-06-24 |  |  |
 +
  | reporting/proxifier                                | 1.0    | not installed | 2019-06-24 |  |  |
 +
  | reporting/pushpin                                  | 1.0    | not installed | 2019-06-24 |  | * |
 +
  | reporting/xlsx                                    | 1.0     | not installed | 2019-06-24 |  |  |
 +
  | reporting/xml                                      | 1.1     | not installed | 2019-06-24 |  |  |
 +
   +---------------------------------------------------------------------------------------------------+
  
 
   D = Has dependencies. See info for details.
 
   D = Has dependencies. See info for details.
 
   K = Requires keys. See info for details.
 
   K = Requires keys. See info for details.
=install hackertarge modul=
 
*[recon-ng][default] > marketplace install recon/domains-hosts/hackertarget
 
[*] Module installed: recon/domains-hosts/hackertarget
 
[*] Reloading modules...
 
  
=load hackertarget modul=
+
=search=
*[recon-ng][default] > modules load recon/domains-hosts/hackertarget
+
*marketplace search whois
=info hackertarget modul=
+
=install=
*[recon-ng][default][hackertarget] > info
+
*marketplace install  recon/domains-contacts/whois_pocs
  
       Name: HackerTarget Lookup
+
=load=
     Author: Michael Henriksen (@michenriksen)
+
*modules load  recon/domains-contacts/whois_pocs
 +
=info=
 +
*[recon-ng][default][whois_pocs] > info
 +
<pre>
 +
       Name: Whois POC Harvester
 +
     Author: Tim Tomes (@lanmaster53)
 
   Version: 1.0
 
   Version: 1.0
  
 
Description:
 
Description:
   Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results.
+
   Uses the ARIN Whois RWS to harvest POC data from whois queries for the given domain. Updates the
 +
  'contacts' table with the results.
  
 
Options:
 
Options:
 
   Name    Current Value  Required  Description
 
   Name    Current Value  Required  Description
 
   ------  -------------  --------  -----------
 
   ------  -------------  --------  -----------
   SOURCE                yes      source of input (see 'show info' for details)
+
   SOURCE                yes      source of input (see 'info' for details)
  
 
Source Options:
 
Source Options:
Zeile 74: Zeile 55:
 
   <path>        path to a file containing a list of inputs
 
   <path>        path to a file containing a list of inputs
 
   query <sql>    database query returning one column of inputs
 
   query <sql>    database query returning one column of inputs
 
=set source=
 
[recon-ng][default][hackertarget] > options set SOURCE suse.de
 
SOURCE => suse.de
 
 
=run=
 
*[recon-ng][default][hackertarget] > run
 
<pre>
 
 
-------
 
SUSE.DE
 
-------
 
[*] [host] suse.de (130.57.5.70)
 
[*] [host] cc-s390x-kvm1.suse.de (195.135.221.74)
 
[*] [host] smtp1.suse.de (195.135.220.23)
 
[*] [host] director1.suse.de (195.135.220.21)
 
[*] [host] cloud-dev1.suse.de (195.135.221.78)
 
[*] [host] mx1.suse.de (195.135.220.2)
 
[*] [host] mail2.suse.de (195.135.221.8)
 
[*] [host] cc-s390x-kvm2.suse.de (195.135.221.79)
 
[*] [host] smtp2.suse.de (195.135.220.24)
 
[*] [host] director2.suse.de (195.135.220.22)
 
[*] [host] mx2.suse.de (195.135.220.15)
 
[*] [host] cantor3.suse.de (195.135.220.16)
 
[*] [host] mx3.suse.de (143.186.213.3)
 
[*] [host] mx4.suse.de (143.186.213.4)
 
[*] [host] hydra.suse.de (195.135.221.167)
 
[*] [host] opentc.suse.de (195.135.221.137)
 
[*] [host] freeipa-opensuse.suse.de (149.44.161.62)
 
[*] [host] gate.suse.de (195.135.221.12)
 
[*] [host] turing.suse.de (195.135.220.3)
 
[*] [host] storage-ci.suse.de (158.69.69.166)
 
[*] [host] practicum.suse.de (130.57.14.222)
 
[*] [host] imap.suse.de (195.135.220.8)
 
[*] [host] aruba-rap.suse.de (195.135.221.3)
 
[*] [host] ftp.suse.de (195.135.221.132)
 
[*] [host] skylla-router.suse.de (195.135.221.1)
 
[*] [host] soliddriver.suse.de (149.44.170.31)
 
[*] [host] director.suse.de (195.135.220.20)
 
[*] [host] visit.suse.de (195.135.221.17)
 
[*] [host] munin-ext.suse.de (195.135.221.11)
 
[*] [host] charybdis-ext.suse.de (195.135.221.2)
 
[*] [host] relay-ext.suse.de (195.135.221.8)
 
 
</pre>
 
</pre>
=Add API keys to recon-ng=
 
*[recon-ng][default]> keys add shodan_api xxxxxxxxxxxxxxxxxxxxx
 
 
=search shodan=
 
*[recon-ng][default] >  marketplace search shodan
 
[*] Searching module index for 'shodan'...
 
 
  +------------------------------------------------------------------------------------+
 
  |                Path                | Version |    Status    |  Updated  | D | K |
 
  +------------------------------------------------------------------------------------+
 
  | recon/companies-multi/shodan_org    | 1.1    | not installed | 2020-07-01 | * | * |
 
  | recon/domains-hosts/shodan_hostname | 1.1    | not installed | 2020-07-01 | * | * |
 
  | recon/hosts-ports/shodan_ip        | 1.2    | not installed | 2020-07-01 | * | * |
 
  | recon/locations-pushpins/shodan    | 1.1    | not installed | 2020-07-07 | * | * |
 
  | recon/netblocks-hosts/shodan_net    | 1.2    | not installed | 2020-07-21 | * | * |
 
  +------------------------------------------------------------------------------------+
 
 
  D = Has dependencies. See info for details.
 
  K = Requires keys. See info for details.
 
=install recon/hosts-ports/shodan_ip=
 
*[recon-ng][xinux] >  marketplace install recon/hosts-ports/shodan_ip
 
[recon-ng][xinux][shodan_ip] > back
 
=load module=
 
*[recon-ng][xinux] > modules load recon/hosts-ports/shodan_ip
 
 
=info=
 
*[recon-ng][xinux][shodan] > info
 
<pre>
 
        Name: Shodan IP Enumerator
 
    Author: Tim Tomes (@lanmaster53) and Matt Puckett (@t3lc0) & Ryan Hays (@_ryanhays)
 
  Version: 1.2
 
      Keys: shodan_api
 
  
Description:
+
=set=
  Harvests port information from the Shodan API by using the 'ip' search operator. Updates the 'ports'
+
*options set SOURCE redhat.com
  table with the results.
 
  
Options:
 
  Name    Current Value  Required  Description
 
  ------  -------------  --------  -----------
 
  LIMIT  1              yes      limit number of api requests per input source (0 = unlimited)
 
  SOURCE                yes      source of input (see 'info' for details)
 
 
Source Options:
 
  default        SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL
 
  <string>      string representing a single input
 
  <path>        path to a file containing a list of inputs
 
  query <sql>    database query returning one column of inputs
 
 
 
</pre>
 
=set  source=
 
*[recon-ng][xinux][shodan_ip] > options set SOURCE 176.9.81.219
 
 
=run=
 
=run=
*[recon-ng][xinux][shodan_ip] > run
+
*run

Aktuelle Version vom 14. Juli 2021, 14:38 Uhr

Marketplace search

  • [recon-ng][default] > marketplace search
 +---------------------------------------------------------------------------------------------------+
 |                        Path                        | Version |     Status    |  Updated   | D | K |
 +---------------------------------------------------------------------------------------------------+
 | discovery/info_disclosure/cache_snoop              | 1.1     | not installed | 2020-10-13 |   |   |
 | discovery/info_disclosure/interesting_files        | 1.1     | not installed | 2020-01-13 |   |   |
 | exploitation/injection/command_injector            | 1.0     | not installed | 2019-06-24 |   |   |
 | exploitation/injection/xpath_bruter                | 1.2     | not installed | 2019-10-08 |   |   |
  ...
  ...
  ...
 | recon/domains-contacts/whois_pocs                  | 1.0     | not installed | 2019-06-24 |   |   |
  ...
  ...
  ...
 | reporting/json                                     | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/list                                     | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/proxifier                                | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/pushpin                                  | 1.0     | not installed | 2019-06-24 |   | * |
 | reporting/xlsx                                     | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/xml                                      | 1.1     | not installed | 2019-06-24 |   |   |
 +---------------------------------------------------------------------------------------------------+
 D = Has dependencies. See info for details.
 K = Requires keys. See info for details.

search

  • marketplace search whois

install

  • marketplace install recon/domains-contacts/whois_pocs

load

  • modules load recon/domains-contacts/whois_pocs

info

  • [recon-ng][default][whois_pocs] > info
      Name: Whois POC Harvester
    Author: Tim Tomes (@lanmaster53)
   Version: 1.0

Description:
  Uses the ARIN Whois RWS to harvest POC data from whois queries for the given domain. Updates the
  'contacts' table with the results.

Options:
  Name    Current Value  Required  Description
  ------  -------------  --------  -----------
  SOURCE                 yes       source of input (see 'info' for details)

Source Options:
  default        SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL
  <string>       string representing a single input
  <path>         path to a file containing a list of inputs
  query <sql>    database query returning one column of inputs

set

  • options set SOURCE redhat.com

run

  • run