Recon-ng basics
show
- [recon-ng][default] > show
Shows various framework items Usage: show [banner|companies|contacts|credentials|dashboard|domains|hosts|keys|leaks|locations|modules|netblocks|options|ports|profiles|pushpins|repositories|schema|vulnerabilities|workspaces]
show dashboard
- [recon-ng][default] > show dashboard
+--------------------------------------------------------+ | Activity Summary | +--------------------------------------------------------+ | Module | Runs | +--------------------------------------------------------+ | discovery/info_disclosure/interesting_files | 4 | | recon/companies-contacts/jigsaw/search_contacts | 1 | | recon/domains-hosts/hackertarget | 1 | | recon/netblocks-companies/whois_orgs | 1 | | recon/netblocks-hosts/shodan_net | 2 | +--------------------------------------------------------+ +----------------------------+ | Results Summary | +----------------------------+ | Category | Quantity | +----------------------------+ | Domains | 1 | | Companies | 1 | | Netblocks | 0 | | Locations | 0 | | Vulnerabilities | 0 | | Ports | 0 | | Hosts | 31 | | Contacts | 0 | | Credentials | 0 | | Leaks | 0 | | Pushpins | 0 | | Profiles | 0 | | Repositories | 0 | +----------------------------+
use
use module
- [recon-ng][default] > use recon/domains-hosts/hackertarget
- [recon-ng][default][hackertarget] > show info
Name: HackerTarget Lookup
Path: modules/recon/domains-hosts/hackertarget.py
Author: Michael Henriksen (@michenriksen)
Description:
Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results.
Options:
Name Current Value Required Description
------ ------------- -------- -----------
SOURCE default yes source of input (see 'show info' for details)
Source Options:
default SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL
<string> string representing a single input
<path> path to a file containing a list of inputs
query <sql> database query returning one column of inputs
set
set source
[recon-ng][default][hackertarget] > set SOURCE suse.de
SOURCE => tuxmen.de
run
- [recon-ng][default][hackertarget] > run
------- SUSE.DE ------- [*] [host] suse.de (130.57.5.70) [*] [host] cc-s390x-kvm1.suse.de (195.135.221.74) [*] [host] smtp1.suse.de (195.135.220.23) [*] [host] director1.suse.de (195.135.220.21) [*] [host] cloud-dev1.suse.de (195.135.221.78) [*] [host] mx1.suse.de (195.135.220.2) [*] [host] mail2.suse.de (195.135.221.8) [*] [host] cc-s390x-kvm2.suse.de (195.135.221.79) [*] [host] smtp2.suse.de (195.135.220.24) [*] [host] director2.suse.de (195.135.220.22) [*] [host] mx2.suse.de (195.135.220.15) [*] [host] cantor3.suse.de (195.135.220.16) [*] [host] mx3.suse.de (143.186.213.3) [*] [host] mx4.suse.de (143.186.213.4) [*] [host] hydra.suse.de (195.135.221.167) [*] [host] opentc.suse.de (195.135.221.137) [*] [host] freeipa-opensuse.suse.de (149.44.161.62) [*] [host] gate.suse.de (195.135.221.12) [*] [host] turing.suse.de (195.135.220.3) [*] [host] storage-ci.suse.de (158.69.69.166) [*] [host] practicum.suse.de (130.57.14.222) [*] [host] imap.suse.de (195.135.220.8) [*] [host] aruba-rap.suse.de (195.135.221.3) [*] [host] ftp.suse.de (195.135.221.132) [*] [host] skylla-router.suse.de (195.135.221.1) [*] [host] soliddriver.suse.de (149.44.170.31) [*] [host] director.suse.de (195.135.220.20) [*] [host] visit.suse.de (195.135.221.17) [*] [host] munin-ext.suse.de (195.135.221.11) [*] [host] charybdis-ext.suse.de (195.135.221.2) [*] [host] relay-ext.suse.de (195.135.221.8)
- [recon-ng][default][hackertarget] > show keys
+--------------------------+ | Name | Value | +--------------------------+ | bing_api | | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | google_cse | | | hashes_api | | | ipinfodb_api | | | jigsaw_api | | | jigsaw_password | | | jigsaw_username | | | pwnedlist_api | | | pwnedlist_iv | | | pwnedlist_secret | | | shodan_api | | | twitter_api | | | twitter_secret | | +--------------------------+
- [recon-ng][default][hackertarget] > keys add shodan_api xxxxxxxxxxxxxxxxxxxxx
- [recon-ng][default][hackertarget] > show keys
+-----------------------------------------------------+ | Name | Value | +-----------------------------------------------------+ | bing_api | | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | google_cse | | | hashes_api | | | ipinfodb_api | | | jigsaw_api | | | jigsaw_password | | | jigsaw_username | | | pwnedlist_api | | | pwnedlist_iv | | | pwnedlist_secret | | | shodan_api | xxxxxxxxxxxxxxxxxxxxx | | twitter_api | | | twitter_secret | | +-----------------------------------------------------+
Workspaces
- [recon-ng][default] > workspaces add xinux-workspace
- [recon-ng][xinux-workspace] >
- [recon-ng][xinux-workspace] > workspaces select default
- [recon-ng][default] > workspaces select xinux-workspace
- [recon-ng][xinux-workspace] >
add
- [recon-ng][xinux-workspace] > add + <TAB>
companies credentials hosts locations ports pushpins vulnerabilities contacts domains leaks netblocks profiles repositories
add domain
- [recon-ng][xinux-workspace] > add domains
domain (TEXT): xinux.de
add companies
- [recon-ng][xinux-workspace] > add companies
company (TEXT): xinux description (TEXT): e.K.
export
- [recon-ng][test] > search reporting results
Reporting
---------
reporting/csv
reporting/html
reporting/json
reporting/list
reporting/proxifier
reporting/pushpin
reporting/xlsx
reporting/xml
- [recon-ng][test] > use reporting/xml
- [recon-ng][test][xml] > show info
- [recon-ng][test][xml]> set table
- [recon-ng][test][xml] > show options
- [recon-ng][test][xml] > run