Recon-ng basics: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
 
(33 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:
=show=
+
=Marketplace search=
*[recon-ng][default] > show
+
*[recon-ng][default] > marketplace search
  Shows various framework items
+
 
+
  +---------------------------------------------------------------------------------------------------+
Usage: show [banner|companies|contacts|credentials|dashboard|domains|hosts|keys|leaks|locations|modules|netblocks|options|ports|profiles|pushpins|repositories|schema|vulnerabilities|workspaces]
+
  |                        Path                        | Version |    Status    | Updated  | D | K |
==show dashboard==
+
  +---------------------------------------------------------------------------------------------------+
*[recon-ng][default] > show dashboard
+
  | discovery/info_disclosure/cache_snoop              | 1.1    | not installed | 2020-10-13 |  |  |
<pre>
+
  | discovery/info_disclosure/interesting_files        | 1.1    | not installed | 2020-01-13 |  |  |
 +
  | exploitation/injection/command_injector            | 1.0    | not installed | 2019-06-24 |  |  |
 +
  | exploitation/injection/xpath_bruter                | 1.2    | not installed | 2019-10-08 |  |  |
 +
  ...
 +
  ...
 +
  ...
 +
  | recon/domains-contacts/whois_pocs                  | 1.0    | not installed | 2019-06-24 |  |  |
 +
  ...
 +
  ...
 +
  ...
 +
  | reporting/json                                    | 1.0    | not installed | 2019-06-24 |   |   |
 +
  | reporting/list                                    | 1.0    | not installed | 2019-06-24 |   |   |
 +
  | reporting/proxifier                                | 1.0    | not installed | 2019-06-24 |  |  |
 +
  | reporting/pushpin                                  | 1.0    | not installed | 2019-06-24 |  | * |
 +
  | reporting/xlsx                                    | 1.0    | not installed | 2019-06-24 |  |  |
 +
  | reporting/xml                                      | 1.1    | not installed | 2019-06-24 |  |  |
 +
  +---------------------------------------------------------------------------------------------------+
  
   +--------------------------------------------------------+
+
   D = Has dependencies. See info for details.
   |                    Activity Summary                    |
+
   K = Requires keys. See info for details.
  +--------------------------------------------------------+
 
  |                      Module                    | Runs |
 
  +--------------------------------------------------------+
 
  | discovery/info_disclosure/interesting_files    | 4    |
 
  | recon/companies-contacts/jigsaw/search_contacts | 1    |
 
  | recon/domains-hosts/hackertarget                | 1    |
 
  | recon/netblocks-companies/whois_orgs            | 1    |
 
  | recon/netblocks-hosts/shodan_net                | 2    |
 
  +--------------------------------------------------------+
 
  
 +
=search=
 +
*marketplace search whois
 +
=install=
 +
*marketplace install  recon/domains-contacts/whois_pocs
  
  +----------------------------+
+
=load=
  |      Results Summary      |
+
*modules load  recon/domains-contacts/whois_pocs
  +----------------------------+
+
=info=
  |    Category    | Quantity |
+
*[recon-ng][default][whois_pocs] > info
  +----------------------------+
 
  | Domains        | 1        |
 
  | Companies      | 1        |
 
  | Netblocks      | 0        |
 
  | Locations      | 0        |
 
  | Vulnerabilities | 0        |
 
  | Ports          | 0        |
 
  | Hosts          | 31      |
 
  | Contacts        | 0        |
 
  | Credentials    | 0        |
 
  | Leaks          | 0        |
 
  | Pushpins        | 0        |
 
  | Profiles        | 0        |
 
  | Repositories    | 0        |
 
  +----------------------------+
 
</pre>
 
=use=
 
==use module==
 
*[recon-ng][default] > use recon/domains-hosts/hackertarget
 
*[recon-ng][default][hackertarget] > show info
 
 
<pre>
 
<pre>
 +
      Name: Whois POC Harvester
 +
    Author: Tim Tomes (@lanmaster53)
 +
  Version: 1.0
  
      Name: HackerTarget Lookup
+
Description:
      Path: modules/recon/domains-hosts/hackertarget.py
+
  Uses the ARIN Whois RWS to harvest POC data from whois queries for the given domain. Updates the
    Author: Michael Henriksen (@michenriksen)
+
  'contacts' table with the results.
  
  Description:
+
Options:
  Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results.
+
  Name    Current Value  Required Description
 +
  ------  -------------  --------  -----------
 +
  SOURCE                yes      source of input (see 'info' for details)
  
Options:
+
Source Options:
  Name    Current Value  Required  Description
+
  default        SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL
  ------  -------------  --------  -----------
+
  <string>      string representing a single input
  SOURCE  default        yes      source of input (see 'show info' for details)
+
  <path>        path to a file containing a list of inputs
 
+
  query <sql>    database query returning one column of inputs
Source Options:
 
  default        SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL
 
  <string>      string representing a single input
 
  <path>        path to a file containing a list of inputs
 
  query <sql>    database query returning one column of inputs
 
 
</pre>
 
</pre>
  
 
=set=
 
=set=
==set source==
+
*options set SOURCE redhat.com
[recon-ng][default][hackertarget] > set SOURCE suse.de
 
SOURCE => tuxmen.de
 
  
 
=run=
 
=run=
*[recon-ng][default][hackertarget] > run
+
*run
<pre>
 
 
 
-------
 
SUSE.DE
 
-------
 
[*] [host] suse.de (130.57.5.70)
 
[*] [host] cc-s390x-kvm1.suse.de (195.135.221.74)
 
[*] [host] smtp1.suse.de (195.135.220.23)
 
[*] [host] director1.suse.de (195.135.220.21)
 
[*] [host] cloud-dev1.suse.de (195.135.221.78)
 
[*] [host] mx1.suse.de (195.135.220.2)
 
[*] [host] mail2.suse.de (195.135.221.8)
 
[*] [host] cc-s390x-kvm2.suse.de (195.135.221.79)
 
[*] [host] smtp2.suse.de (195.135.220.24)
 
[*] [host] director2.suse.de (195.135.220.22)
 
[*] [host] mx2.suse.de (195.135.220.15)
 
[*] [host] cantor3.suse.de (195.135.220.16)
 
[*] [host] mx3.suse.de (143.186.213.3)
 
[*] [host] mx4.suse.de (143.186.213.4)
 
[*] [host] hydra.suse.de (195.135.221.167)
 
[*] [host] opentc.suse.de (195.135.221.137)
 
[*] [host] freeipa-opensuse.suse.de (149.44.161.62)
 
[*] [host] gate.suse.de (195.135.221.12)
 
[*] [host] turing.suse.de (195.135.220.3)
 
[*] [host] storage-ci.suse.de (158.69.69.166)
 
[*] [host] practicum.suse.de (130.57.14.222)
 
[*] [host] imap.suse.de (195.135.220.8)
 
[*] [host] aruba-rap.suse.de (195.135.221.3)
 
[*] [host] ftp.suse.de (195.135.221.132)
 
[*] [host] skylla-router.suse.de (195.135.221.1)
 
[*] [host] soliddriver.suse.de (149.44.170.31)
 
[*] [host] director.suse.de (195.135.220.20)
 
[*] [host] visit.suse.de (195.135.221.17)
 
[*] [host] munin-ext.suse.de (195.135.221.11)
 
[*] [host] charybdis-ext.suse.de (195.135.221.2)
 
[*] [host] relay-ext.suse.de (195.135.221.8)
 
</pre>
 
 
 
*[recon-ng][default][hackertarget] > show keys
 
<pre>
 
  +--------------------------+
 
  |      Name      | Value |
 
  +--------------------------+
 
  | bing_api        |      |
 
  | builtwith_api    |      |
 
  | censysio_id      |      |
 
  | censysio_secret  |      |
 
  | flickr_api      |      |
 
  | fullcontact_api  |      |
 
  | github_api      |      |
 
  | google_api      |      |
 
  | google_cse      |      |
 
  | hashes_api      |      |
 
  | ipinfodb_api    |      |
 
  | jigsaw_api      |      |
 
  | jigsaw_password  |      |
 
  | jigsaw_username  |      |
 
  | pwnedlist_api    |      |
 
  | pwnedlist_iv    |      |
 
  | pwnedlist_secret |      |
 
  | shodan_api      |      |
 
  | twitter_api      |      |
 
  | twitter_secret  |      |
 
  +--------------------------+
 
</pre>
 
 
 
*[recon-ng][default][hackertarget] > keys add shodan_api xxxxxxxxxxxxxxxxxxxxx
 
 
 
*[recon-ng][default][hackertarget] > show keys
 
<pre>
 
  +-----------------------------------------------------+
 
  |      Name      |              Value              |
 
  +-----------------------------------------------------+
 
  | bing_api        |                                  |
 
  | builtwith_api    |                                  |
 
  | censysio_id      |                                  |
 
  | censysio_secret  |                                  |
 
  | flickr_api      |                                  |
 
  | fullcontact_api  |                                  |
 
  | github_api      |                                  |
 
  | google_api      |                                  |
 
  | google_cse      |                                  |
 
  | hashes_api      |                                  |
 
  | ipinfodb_api    |                                  |
 
  | jigsaw_api      |                                  |
 
  | jigsaw_password  |                                  |
 
  | jigsaw_username  |                                  |
 
  | pwnedlist_api    |                                  |
 
  | pwnedlist_iv    |                                  |
 
  | pwnedlist_secret |                                  |
 
  | shodan_api      | xxxxxxxxxxxxxxxxxxxxx            |
 
  | twitter_api      |                                  |
 
  | twitter_secret  |                                  |
 
  +-----------------------------------------------------+
 
</pre>
 
 
 
=Workspaces=
 
*[recon-ng][default] > workspaces add xinux-workspace
 
*[recon-ng][xinux-workspace] >
 
*[recon-ng][xinux-workspace] > workspaces select default
 
*[recon-ng][default] > workspaces select xinux-workspace
 
*[recon-ng][xinux-workspace] >
 
 
 
=add=
 
*[recon-ng][xinux-workspace] > add + <TAB>
 
companies        credentials      hosts            locations        ports            pushpins        vulnerabilities 
 
contacts        domains          leaks            netblocks        profiles        repositories
 
==add domain==
 
*[recon-ng][xinux-workspace] > add domains
 
domain (TEXT): xinux.de
 
==add companies==
 
*[recon-ng][xinux-workspace] > add companies
 
company (TEXT): xinux
 
description (TEXT): e.K.
 
 
 
=export=
 
*[recon-ng][test] > search reporting results
 
<pre>
 
Reporting
 
---------
 
    reporting/csv
 
    reporting/html
 
    reporting/json
 
    reporting/list
 
    reporting/proxifier
 
    reporting/pushpin
 
    reporting/xlsx
 
    reporting/xml
 
</pre>
 
*[recon-ng][test] > use reporting/xml
 
*[recon-ng][test][xml] > show dashboard results
 
*[recon-ng][test][xml] > set <table>
 
*[recon-ng][test][xml] > show options
 
*[recon-ng][test][xml] > run
 

Aktuelle Version vom 14. Juli 2021, 14:38 Uhr

Marketplace search

  • [recon-ng][default] > marketplace search
 +---------------------------------------------------------------------------------------------------+
 |                        Path                        | Version |     Status    |  Updated   | D | K |
 +---------------------------------------------------------------------------------------------------+
 | discovery/info_disclosure/cache_snoop              | 1.1     | not installed | 2020-10-13 |   |   |
 | discovery/info_disclosure/interesting_files        | 1.1     | not installed | 2020-01-13 |   |   |
 | exploitation/injection/command_injector            | 1.0     | not installed | 2019-06-24 |   |   |
 | exploitation/injection/xpath_bruter                | 1.2     | not installed | 2019-10-08 |   |   |
  ...
  ...
  ...
 | recon/domains-contacts/whois_pocs                  | 1.0     | not installed | 2019-06-24 |   |   |
  ...
  ...
  ...
 | reporting/json                                     | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/list                                     | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/proxifier                                | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/pushpin                                  | 1.0     | not installed | 2019-06-24 |   | * |
 | reporting/xlsx                                     | 1.0     | not installed | 2019-06-24 |   |   |
 | reporting/xml                                      | 1.1     | not installed | 2019-06-24 |   |   |
 +---------------------------------------------------------------------------------------------------+

 D = Has dependencies. See info for details.
 K = Requires keys. See info for details.

search

  • marketplace search whois

install

  • marketplace install recon/domains-contacts/whois_pocs

load

  • modules load recon/domains-contacts/whois_pocs

info

  • [recon-ng][default][whois_pocs] > info
      Name: Whois POC Harvester
    Author: Tim Tomes (@lanmaster53)
   Version: 1.0

Description:
  Uses the ARIN Whois RWS to harvest POC data from whois queries for the given domain. Updates the
  'contacts' table with the results.

Options:
  Name    Current Value  Required  Description
  ------  -------------  --------  -----------
  SOURCE                 yes       source of input (see 'info' for details)

Source Options:
  default        SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL
  <string>       string representing a single input
  <path>         path to a file containing a list of inputs
  query <sql>    database query returning one column of inputs

set

  • options set SOURCE redhat.com

run

  • run
Abgerufen von „https://xinux.net/index.php?title=Recon-ng_basics&oldid=26009