Description
Recon-ng is a full-featured web reconnaissance framework written in Python. It provides a powerful environment for open source web-based reconnaissance with independent modules, database interaction, and report generation.
Installation
BASH
sudo apt install recon-ng
# Or
pip install recon-ngBasic Usage
BASH
# Launch
recon-ng
# Create workspace
workspaces create target_project
# Add target domain
db insert domains
# Enter: target.com
# Search for modules
marketplace search
marketplace search domains
marketplace install recon/domains-hosts/hackertarget
# Run module
modules load recon/domains-hosts/hackertarget
options set SOURCE target.com
runAdvanced Usage
BASH
# Install all free modules
marketplace install all
# API key management
keys add shodan_api YOUR_KEY
keys add virustotal_api YOUR_KEY
keys add github_api YOUR_KEY
# Useful module chains
modules load recon/domains-hosts/hackertarget && run
modules load recon/hosts-hosts/resolve && run
modules load recon/hosts-ports/shodan_ip && run
modules load discovery/info_disclosure/interesting_files && run
# Reporting
modules load reporting/html && run
modules load reporting/csv && runCommon Workflows
BASH
# Full domain recon
recon-ng
workspaces create client
db insert domains # target.com
modules load recon/domains-hosts/hackertarget && run
modules load recon/domains-hosts/certificate_transparency && run
modules load recon/hosts-hosts/resolve && run
modules load reporting/html && options set FILENAME report.html && run