Welcome you all for the series of blogs on reconnaissance how to find possible information of your target . Today we will look  one of the best tool recon-ng which helps us to find possible information including subdomain , services , leak data, interesting files of our target.


what is Reconnaissance ?


Reconnaissance  is a technique that collect possible information of our target  this covers Footprinting, Scanning & Enumeration  During reconnaissance, an ethical hacker attempts to gather as much information about a target system . It refer as active  Reconnaissance and passive  Reconnaissance .


What is Recon-ng ?


Recon-ng is a framework fully written in Python specially made for reconnaisance. Recon-ng is incorporated with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng comes with powerful environment where we can conduct open source web-based reconnaissance can be conducted quickly and thoroughly.


Recon-ng has a look and feels similar to the Metasploit Framework, which makes most of the users feel comfortable towards it.



Usage Of recon-ng :


Open Your Terminal And launch  recon-ng by typing command


→ recon-ng



As above image we have launch the application
Now, In order to save your work export data we need to setup custom workspace
here we will add workspace By typing command:
→ workspaces create yourname




As above picture we have created workspaces for our project
Now, We can delete workspaces  by typing command
→ workspaces delete youreoekspc


Now, check for all possible modules for our further attack to show all modules for our attack type command
→marketplace search



As above picture it list out all possible modules for our further attack
Now, we will install module for our attack we will install module call recon/domains-hosts/findsubdomains that help us to find subdomains of our target
To use specif module install by type command :
→ marketplace install recon/domains-hosts/findsubdomains



As above picture we have successfully install module inside our workspace
Now, We need to use load particular module to load a module we will use command
→ modules load recon/domains-hosts/findsubdomains



Now, we have setup everything now find subdomains of our target here I only use subdomain module you can different module which help your recon phase more easy.
Here we need to set our target as source here we will use command to set our target


→ options set SOURCE yoursite



As above picture we have set our target as source Now we can run this module by typing command


→ run


Now , how to exit from current module here we will use command


→ back


Now we will add module discovery/info_disclosure/interesting_files                                              
which help us to find interesting files of you target


Here install module by typing command


→ marketplace install discovery/info_disclosure/interesting_files


Now we need to load module by typing command


→ modules load discovery/info_disclosure/interesting_files 



As above picture we have load  newly installed module Now, Set target source by typing command :


→options set PORT 443


→ options set PROTOCOL https


→ options set SOURCE yoursite


→ run



As you see as above pic we gather some interesting files from our target so you can use different modules for different attacks that helps to gather possible information about your target .


Download Recon-ng →


Stick with our Blog series to learn more


For more interesting topics please visit


Our You tube channel :


Author: Pallab Jyoti Borah


Thank you, See you again in another blog.

Leave A Comment