Greetings
Welcome you all for the series of blogs on reconnaissance how to find possible information of your target. Today we will look one of the best tool recon-ng which helps us to find possible information including subdomain, services , leak data, and interesting files of our target.
What is Reconnaissance?
Reconnaissance is a technique that collect possible information of our target this covers Footprinting, Scanning & Enumeration During reconnaissance, an ethical hacker attempts to gather as much information about a target system . It refer as active Reconnaissance and passive Reconnaissance .
What is Recon-ng?
Recon-ng is a framework fully written in Python and specially made for reconnaissance. Recon-ng is incorporated with independent modules, database interaction, built-in convenience functions, interactive help, and command completion, Recon-ng comes with a powerful environment where we can conduct open-source web-based reconnaissance can be conducted quickly and thoroughly.
Recon-ng has a look and feels similar to the Metasploit Framework, which makes most of the users feel comfortable with it.
Usage Of recon-ng: Open Your Terminal And launch recon-ng by typing the command
→ recon-ng
We have launch the application
Now, In order to save your work export data we need to set up a custom workspace
here we will add a workspace By typing the command:
→ workspaces create your name
We have created workspaces for our project
Now, We can delete workspaces by typing the command
→ workspaces delete youreoekspc
Now, check for all possible modules for our further attack to show all modules for our attack-type command
→marketplace search
It lists out all possible modules for our further attack
Now, we will install a module for our attack we will install module call recon/domains-hosts/find subdomains that help us to find subdomains of our target
To use the specifc module install by type command :
→ marketplace install recon/domains-hosts/find subdomains.
We have successfully installed a module inside our workspace
Now, We need to use load particular module to load a module we will use the command
→ modules-load recon/domains-hosts/find subdomains
Now, we have set up everything now find the subdomains of our target here I only use the subdomain module you can different modules which help your recon phase more easy.
Here we need to set our target as source here we will use command to set our target
→ options set SOURCE yoursite
We have set our target as source Now we can run this module by typing command
→ run
Now , how to exit from current module here we will use command
→ back
Now we will add module discovery/info_disclosure/interesting_files
which help us to find interesting files of you target
Here install module by typing command
→ marketplace install discovery/info_disclosure/interesting_files
Now we need to load module by typing command
→ modules load discovery/info_disclosure/interesting_files
We have load newly installed module Now, Set target source by typing command :
→options set PORT 443
→ options set PROTOCOL https
→ options set SOURCE yoursite
→ run
As you see as above pic we gather some interesting files from our target so you can use different modules for different attacks that helps to gather possible information about your target .
Download Recon-ng → https://github.com/lanmaster53/recon-ng
Stick with our Blog series to learn more
For more interesting topics please visit: Click Here
Our Youtube channel. Click Here
Author
Pallab Jyoti Borah
