Recon-ng is a reconnaissance framework for open source web-based reconnaissance quickly and thoroughly.

Get started with a target by creating a workspace for it:

workspaces add <target>

Add the domain names and company names to the recon-ng database tables for use in further commands:

add domains
add domains
add domains
add domains

add companies Target Name~A whatever company
add companies Target Subsidiary~A subsidiary company
add companies Product Target ~A whatever company product line

To view the domains and company tables:

show companies
show domains

Collect the points of contact from Whois databases:

use recon/domains-contacts/whois_pocs

Discover other domain names and hosts on the Internet related to the target by using a Bing search and a Google search:

use recon/domains-hosts/bing_domain_web
use recon/domains-hosts/google_site_web

Load the reporting module and specify the creator of the report, the customer, and the report filename to generate:

use reporting/html
set CREATOR 'Pentester name'
set CUSTOMER 'Target Name'
set FILENAME /root/Desktop/target_recon.html

If we had used other modules to collect additional information, that information would have been included in the report. As shown in the help menu the Marketplace: Interfaces with the module marketplace to pick and choose modules you want.

marketplace install modulename
modules load modulename
[modulename] > show options
[modulename] > options set option
[modulename] > info
[modulename] > input
[modulename] > run