Reconnaissance | Securium Solutions Pvt Ltd

RECONNAISSANCE WITH RECON-NG

 Greetings

 

Welcome you all for the series of blogs on reconnaissance how to find possible information of your target . Today we will look  one of the best tool recon-ng which helps us to find possible information including subdomain , services , leak data, interesting files of our target.

 

what is Reconnaissance ?

 

Reconnaissance  is a technique that collect possible information of our target  this covers Footprinting, Scanning & Enumeration  During reconnaissance, an ethical hacker attempts to gather as much information about a target system . It refer as active  Reconnaissance and passive  Reconnaissance .

 

What is Recon-ng ?

 

Recon-ng is a framework fully written in Python specially made for reconnaisance. Recon-ng is incorporated with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng comes with powerful environment where we can conduct open source web-based reconnaissance can be conducted quickly and thoroughly.

 

Recon-ng has a look and feels similar to the Metasploit Framework, which makes most of the users feel comfortable towards it.

 

 

Usage Of recon-ng :

 

Open Your Terminal And launch  recon-ng by typing command

 

→ recon-ng

 

 

As above image we have launch the application
Now, In order to save your work export data we need to setup custom workspace
here we will add workspace By typing command:
→ workspaces create yourname

 

 

 

As above picture we have created workspaces for our project
Now, We can delete workspaces  by typing command
→ workspaces delete youreoekspc

 

Now, check for all possible modules for our further attack to show all modules for our attack type command
→marketplace search

 

 

As above picture it list out all possible modules for our further attack
Now, we will install module for our attack we will install module call recon/domains-hosts/findsubdomains that help us to find subdomains of our target
To use specif module install by type command :
→ marketplace install recon/domains-hosts/findsubdomains

 

 

As above picture we have successfully install module inside our workspace
Now, We need to use load particular module to load a module we will use command
→ modules load recon/domains-hosts/findsubdomains

 

 

Now, we have setup everything now find subdomains of our target here I only use subdomain module you can different module which help your recon phase more easy.
Here we need to set our target as source here we will use command to set our target

 

→ options set SOURCE yoursite

 

 

As above picture we have set our target as source Now we can run this module by typing command

 

→ run

 

Now , how to exit from current module here we will use command

 

→ back

 

Now we will add module discovery/info_disclosure/interesting_files                                              
which help us to find interesting files of you target

 

Here install module by typing command

 

→ marketplace install discovery/info_disclosure/interesting_files

 

Now we need to load module by typing command

 

→ modules load discovery/info_disclosure/interesting_files 

 

 

As above picture we have load  newly installed module Now, Set target source by typing command :

 

→options set PORT 443

 

→ options set PROTOCOL https

 

→ options set SOURCE yoursite

 

→ run

 

 

As you see as above pic we gather some interesting files from our target so you can use different modules for different attacks that helps to gather possible information about your target .

 

Download Recon-ng → https://github.com/lanmaster53/recon-ng

 

Stick with our Blog series to learn more

 

For more interesting topics please visit https://securiumsolutions.com/blog/

 

Our You tube channel : https://www.youtube.com/channel/UC-PEkJHE66uWpFf9nEq1nRA

 

Author: Pallab Jyoti Borah

 

Thank you, See you again in another blog.

Leave a Comment

Your email address will not be published. Required fields are marked *