Recon-ng basics
Version vom 10. Oktober 2020, 17:27 Uhr von Thomas.will (Diskussion | Beiträge)
help
- [recon-ng][default] > help
Commands (type [help|?] <topic>): --------------------------------- back Exits the current context dashboard Displays a summary of activity db Interfaces with the workspace's database exit Exits the framework help Displays this menu index Creates a module index (dev only) keys Manages third party resource credentials marketplace Interfaces with the module marketplace modules Interfaces with installed modules options Manages the current context options pdb Starts a Python Debugger session (dev only) script Records and executes command scripts shell Executes shell commands show Shows various framework items snapshots Manages workspace snapshots spool Spools output to a file workspaces Manages workspaces
options list
- [recon-ng][default] > options list
Name Current Value Required Description ---------- ------------- -------- ----------- NAMESERVER 8.8.8.8 yes default nameserver for the resolver mixin PROXY no proxy server (address:port) THREADS 10 yes number of threads (where applicable) TIMEOUT 10 yes socket timeout (seconds) USER-AGENT Recon-ng/v5 yes user-agent string VERBOSITY 1 yes verbosity level (0 = minimal, 1 = verbose, 2 = debug)
market place
- [recon-ng][default] > marketplace refresh
[*] Marketplace index refreshed.
search hackertarge modul
- [*] Searching module index for 'hackertarget'...
+---------------------------------------------------------------------------------+ | Path | Version | Status | Updated | D | K | +---------------------------------------------------------------------------------+ | recon/domains-hosts/hackertarget | 1.0 | not installed | 2019-06-24 | | | +---------------------------------------------------------------------------------+
D = Has dependencies. See info for details. K = Requires keys. See info for details.
install hackertarge modul
- [recon-ng][default] > marketplace install recon/domains-hosts/hackertarget
[*] Module installed: recon/domains-hosts/hackertarget [*] Reloading modules...
load hackertarget modul
- [recon-ng][default] > modules load recon/domains-hosts/hackertarget
info hackertarget modul
- [recon-ng][default][hackertarget] > info
Name: HackerTarget Lookup Author: Michael Henriksen (@michenriksen) Version: 1.0
Description:
Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results.
Options:
Name Current Value Required Description ------ ------------- -------- ----------- SOURCE yes source of input (see 'show info' for details)
Source Options:
default SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL <string> string representing a single input <path> path to a file containing a list of inputs query <sql> database query returning one column of inputs
use module
- [recon-ng][default] > use recon/domains-hosts/hackertarget
- [recon-ng][default][hackertarget] > show info
Name: HackerTarget Lookup
Path: modules/recon/domains-hosts/hackertarget.py
Author: Michael Henriksen (@michenriksen)
Description:
Uses the HackerTarget.com API to find host names. Updates the 'hosts' table with the results.
Options:
Name Current Value Required Description
------ ------------- -------- -----------
SOURCE default yes source of input (see 'show info' for details)
Source Options:
default SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL
<string> string representing a single input
<path> path to a file containing a list of inputs
query <sql> database query returning one column of inputs
set
set source
[recon-ng][default][hackertarget] > set SOURCE suse.de
SOURCE => suse.de
run
- [recon-ng][default][hackertarget] > run
------- SUSE.DE ------- [*] [host] suse.de (130.57.5.70) [*] [host] cc-s390x-kvm1.suse.de (195.135.221.74) [*] [host] smtp1.suse.de (195.135.220.23) [*] [host] director1.suse.de (195.135.220.21) [*] [host] cloud-dev1.suse.de (195.135.221.78) [*] [host] mx1.suse.de (195.135.220.2) [*] [host] mail2.suse.de (195.135.221.8) [*] [host] cc-s390x-kvm2.suse.de (195.135.221.79) [*] [host] smtp2.suse.de (195.135.220.24) [*] [host] director2.suse.de (195.135.220.22) [*] [host] mx2.suse.de (195.135.220.15) [*] [host] cantor3.suse.de (195.135.220.16) [*] [host] mx3.suse.de (143.186.213.3) [*] [host] mx4.suse.de (143.186.213.4) [*] [host] hydra.suse.de (195.135.221.167) [*] [host] opentc.suse.de (195.135.221.137) [*] [host] freeipa-opensuse.suse.de (149.44.161.62) [*] [host] gate.suse.de (195.135.221.12) [*] [host] turing.suse.de (195.135.220.3) [*] [host] storage-ci.suse.de (158.69.69.166) [*] [host] practicum.suse.de (130.57.14.222) [*] [host] imap.suse.de (195.135.220.8) [*] [host] aruba-rap.suse.de (195.135.221.3) [*] [host] ftp.suse.de (195.135.221.132) [*] [host] skylla-router.suse.de (195.135.221.1) [*] [host] soliddriver.suse.de (149.44.170.31) [*] [host] director.suse.de (195.135.220.20) [*] [host] visit.suse.de (195.135.221.17) [*] [host] munin-ext.suse.de (195.135.221.11) [*] [host] charybdis-ext.suse.de (195.135.221.2) [*] [host] relay-ext.suse.de (195.135.221.8)
- [recon-ng][default][hackertarget] > show keys
+--------------------------+ | Name | Value | +--------------------------+ | bing_api | | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | google_cse | | | hashes_api | | | ipinfodb_api | | | jigsaw_api | | | jigsaw_password | | | jigsaw_username | | | pwnedlist_api | | | pwnedlist_iv | | | pwnedlist_secret | | | shodan_api | | | twitter_api | | | twitter_secret | | +--------------------------+
- [recon-ng][default][hackertarget] > keys add shodan_api xxxxxxxxxxxxxxxxxxxxx
- [recon-ng][default][hackertarget] > show keys
+-----------------------------------------------------+ | Name | Value | +-----------------------------------------------------+ | bing_api | | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | google_cse | | | hashes_api | | | ipinfodb_api | | | jigsaw_api | | | jigsaw_password | | | jigsaw_username | | | pwnedlist_api | | | pwnedlist_iv | | | pwnedlist_secret | | | shodan_api | xxxxxxxxxxxxxxxxxxxxx | | twitter_api | | | twitter_secret | | +-----------------------------------------------------+
Workspaces
- [recon-ng][default] > workspaces add xinux-workspace
- [recon-ng][xinux-workspace] >
- [recon-ng][xinux-workspace] > workspaces select default
- [recon-ng][default] > workspaces select xinux-workspace
- [recon-ng][xinux-workspace] >
add
- [recon-ng][xinux-workspace] > add + <TAB>
companies credentials hosts locations ports pushpins vulnerabilities contacts domains leaks netblocks profiles repositories
add domain
- [recon-ng][xinux-workspace] > add domains
domain (TEXT): xinux.de
add companies
- [recon-ng][xinux-workspace] > add companies
company (TEXT): xinux description (TEXT): e.K.
export
- [recon-ng][test] > search reporting results
Reporting
---------
reporting/csv
reporting/html
reporting/json
reporting/list
reporting/proxifier
reporting/pushpin
reporting/xlsx
reporting/xml
- [recon-ng][test] > use reporting/xml
- [recon-ng][test][xml] > show dashboard results
- [recon-ng][test][xml] > set <tablename>
- [recon-ng][test][xml] > show options
- [recon-ng][test][xml] > run