Welcome you all for the series of blogs on reconnaissance how to find possible information of your target . Today we will look one of the best tool recon-ng which helps us to find possible information including subdomain , services , leak data, interesting files of our target.
what is Reconnaissance ?
Reconnaissance is a technique that collect possible information of our target this covers Footprinting, Scanning & Enumeration During reconnaissance, an ethical hacker attempts to gather as much information about a target system . It refer as active Reconnaissance and passive Reconnaissance .
What is Recon-ng ?
Recon-ng is a framework fully written in Python specially made for reconnaisance. Recon-ng is incorporated with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng comes with powerful environment where we can conduct open source web-based reconnaissance can be conducted quickly and thoroughly.
Recon-ng has a look and feels similar to the Metasploit Framework, which makes most of the users feel comfortable towards it.
Usage Of recon-ng :
Open Your Terminal And launch recon-ng by typing command
As above image we have launch the application
Now, In order to save your work export data we need to setup custom workspace
here we will add workspace By typing command:
→ workspaces create yourname
As above picture we have created workspaces for our project
Now, We can delete workspaces by typing command
→ workspaces delete youreoekspc
Now, check for all possible modules for our further attack to show all modules for our attack type command
As above picture it list out all possible modules for our further attack
Now, we will install module for our attack we will install module call recon/domains-hosts/findsubdomains that help us to find subdomains of our target
To use specif module install by type command :
→ marketplace install recon/domains-hosts/findsubdomains
As above picture we have successfully install module inside our workspace
Now, We need to use load particular module to load a module we will use command
→ modules load recon/domains-hosts/findsubdomains
Now, we have setup everything now find subdomains of our target here I only use subdomain module you can different module which help your recon phase more easy.
Here we need to set our target as source here we will use command to set our target
→ options set SOURCE yoursite
As above picture we have set our target as source Now we can run this module by typing command
Now , how to exit from current module here we will use command
Now we will add module discovery/info_disclosure/interesting_files
which help us to find interesting files of you target
Here install module by typing command
→ marketplace install discovery/info_disclosure/interesting_files
Now we need to load module by typing command
→ modules load discovery/info_disclosure/interesting_files
As above picture we have load newly installed module Now, Set target source by typing command :
→options set PORT 443
→ options set PROTOCOL https
→ options set SOURCE yoursite
As you see as above pic we gather some interesting files from our target so you can use different modules for different attacks that helps to gather possible information about your target .
Download Recon-ng → https://github.com/lanmaster53/recon-ng
Stick with our Blog series to learn more
For more interesting topics please visit https://securiumsolutions.com/blog/
Our You tube channel : https://www.youtube.com/channel/UC-PEkJHE66uWpFf9nEq1nRA
Author: Pallab Jyoti Borah
Thank you, See you again in another blog.