Recon-ng is a tool used by security testers for reconnaissance. This tutorial will give a brief introduction of commands used in Recon-ng.
Starting recon-ng
Open command prompt and go to recon-ng installed directory by using the command cd recon-ng
Then start recon-ng using command ./recon-ng
This will open a screen like below
Enter help to see the commands in recon-ng
Enter show modules to see the modules in recon-ng
Using recon-ng
Example 1: As an example we can see how to use one of the modules in recon-ng. Here I am using recon-ng to find some contact details associated to a domain. If an hacker gets some contact details associated with a website and if the website has a week password policy, then the attacker can hack this account. Here I am using the module recon/domains-contacts/pgp_search to find the contact details. Load this module by using the command use recon/domains-contacts/pgp_search. Then add your test domain by using the command set source domain.com. Then start the process by using the command run.
Used commands:
use recon/domains-contacts/pgp_search
set source domain.com
run
Thus I found some contact details associated with this domain.
Example 2: In this example I will show how to find out the domains associated with our domain. For finding the associated domains, I am using the module bing_domain_web. While running this module it will search for the related domains in Bing. Similarly we can use Google also for this type searching. Here I am showing how to search related domains in bing. Use the command load bing_domain_web. Then set your test domain by using the command set source domain.com. Then start the search by using the command run.
Used commands:
load bing_domain_web
set source domain.com
run
