Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.
Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance.
Recon-ng installation
Recon-ng is pre-installed in Kali Linux. But if you want to use it in another Linux distribution, the installation process is quite easy.
The generic steps to install the latest Recon-ng on Ubuntu 19.04 are as follow:
- Update your system and install required software:
$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install git
$ sudo apt-get install python-pip python-dev build-essential
$ sudo pip install --upgrade pip
$ sudo pip install --upgrade virtualenv
- Next, clone Recon-ng from Github. In this tutorial we clone to the Home directory but feel free to use whatever directory structure works for you.
$ sudo git clone https://github.com/lanmaster53/recon-ng.git
- Change directory into the newly created recon-ng and use the REQUIREMENTS file to finish installing the dependencies for Recon-ng.
$ cd recon-ng
$ sudo pip install –r REQUIREMENTS
- At this point the installation is complete and the application can be started from the current recon-ng directory.
$ ./recon-ng
NOTE: If you are using Kali Linux you can start the application manually by typing recon-ng in your terminal or from the Information Gathering module which is present on the Applications tab.
At this stage, no modules are installed.
Recon-ng configuration
In order for the tool to work you have to install the required modules.
- From inside the application console, type:
[recon-ng][default] > marketplace install allThis command will install all the available modules and after that the application displays a number of “_api key not set” errors but that is perfectly normal.
- To see the installed modules, type
[recon-ng][default] > modules search
Now, you can start to configure some of the other application settings. In order to take full advantage of Recon-ng, it is highly advisable to use Application Programming Interface (API) keys for the modules that require them.
API key is the name given to some form of secret token which is submitted alongside web service (or similar) requests in order to identify the origin of the request. Different platforms may implement and use API keys in different ways.
- To see which modules require an API, type
[recon-ng][default] > marketplace search
- To see the installed (and missing) keys, type
[recon-ng][default] > keys list
Signing up for the API keys is the least fun and most time-consuming part of the setup. Here is a list of URLs where you can get some free API keys.
- Google: https://console.developers.google.com/apis/library
- Bing: https://msdn.microsoft.com/en-us/library/bing-ads-getting-started.aspx
- Shodan: https://developer.shodan.io/
- Twitter: https://apps.twitter.com/
As an example, lets’ add a fake Binary Edge API key
- Just type:
[recon-ng][default] > keys add binaryedge_api <paste key here>
You should take the time to get as many API keys as possible, specially the free ones. Optionally, you don’t really have to install any, although you’ll get much better results with API keys installed, and a few of the following examples will use functions that you won’t be allowed to use if you don’t have API keys installed.
If a few modules are disabled, then they require some dependencies to be installed. Let’s use the recon/domains-contacts/metacrawler as an example.
- To see which dependencies are missing, type:
[recon-ng][default] > marketplace info metacrawler
As you can see, the module requires three dependencies.
- To install the required files, exit the application and type:
$ sudo pip install olefile lxml pypdf3
Now, when you return to the application the metacrawler module will be installed and available for use.
3 comments:
Hello Everyone !
USA SSN Leads/Fullz available, along with Driving License/ID Number with good connectivity.
All SSN's are Tested & Verified.
**DETAILS IN LEADS/FULLZ**
->FULL NAME
->SSN
->DATE OF BIRTH
->DRIVING LICENSE NUMBER
->ADDRESS WITH ZIP
->PHONE NUMBER, EMAIL
->EMPLOYEE DETAILS
*Price for SSN lead $2
*You can ask for sample before any deal
*If you buy in bulk, will give you discount
*Sampling is just for serious buyers
->Hope for the long term business
->You can buy for your specific states too
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
TESTIMONY ON HOW I GOT MY LOAN AMOUNT FROM A RELIABLE AND TRUSTED LOAN COMPANY LAST WEEK. Email for immediate response drbenjaminfinance@gmail.com
Hello everyone, My name is Mrs. Carolin Glowski, I'm from Europe, am here to testify of how i got my loan from BENJAMIN LOAN FINANCE after i applied Two times from various loan lenders who claimed to be lenders right here this forum, i thought their lending where real and i applied but they never gave me loan until a friend of mine introduce me to {Dr. Benjamin Scarlet Owen} the C.E.O of BENJAMIN LOAN FINANCE who promised to help me with a loan of my desire and he really did as he promised without any form of delay, I never thought there are still reliable loan lenders until i met {Dr. Benjamin Scarlet Owen} who really helped me with my loan and changed my life for the better. I don't know if you are in need of an urgent loan also, So feel free to contact Dr. Benjamin Scarlet Owen on his email address drbenjaminfinance@gmail.com
THANKS
the sudo pip install olefile lxml pypdf3 command doesn't work. Linux doesn't recognize pip and says that pypdf3 is not a directory. Thanks.
Post a Comment