Recon-ng is a reconnaissance framework for open source web-based reconnaissance quickly and thoroughly.
Get started with a target by creating a workspace for it:
recon-ng workspaces add <target>
Add the domain names and company names to the recon-ng database tables for use in further commands:
add domains target.com add domains www.target.com add domains othertarget.com add domains www.othertarget.com add companies Target Name~A whatever company add companies Target Subsidiary~A subsidiary company add companies Product Target ~A whatever company product line
To view the domains and company tables:
show companies show domains
Collect the points of contact from Whois databases:
use recon/domains-contacts/whois_pocs run
Discover other domain names and hosts on the Internet related to the target by using a Bing search and a Google search:
use recon/domains-hosts/bing_domain_web run use recon/domains-hosts/google_site_web run
Load the reporting module and specify the creator of the report, the customer, and the report filename to generate:
use reporting/html set CREATOR 'Pentester name' set CUSTOMER 'Target Name' set FILENAME /root/Desktop/target_recon.html run
If we had used other modules to collect additional information, that information would have been included in the report. As shown in the help menu the Marketplace: Interfaces with the module marketplace to pick and choose modules you want.
marketplace marketplace install modulename modules load modulename [modulename] > show options [modulename] > options set option [modulename] > info [modulename] > input [modulename] > run