Recon-ng

Recon-ng is an exceptional open-source web reconnaissance framework built on Python, and it stands out as a vital tool for security professionals and researchers. Here’s a compelling overview of its key aspects:

Purpose:

• Recon-ng is expertly designed to automate the gathering of information from open sources (OSINT).
• It empowers security professionals and researchers to efficiently collect comprehensive data about target organizations or individuals

Functionality:

• With its modular structure, Recon-ng enables users to execute a wide array of reconnaissance tasks seamlessly.
• It boasts robust features, including:

- Domain enumeration.

- Host discovery.

- Contact information retrieval.

- And much more.

•  The framework adeptly stores gathered data in a centralized database, facilitating effortless management and analysis.

Key Features:

• Modular framework: Allows for easy expansion and customization.
• Database interaction: Centralizes collected data.
• Command-line interface: Provides a user-friendly experience.
• Marketplace: For installing and managing modules.

Use Cases:

• Penetration testing.
• Security assessments.
• Threat intelligence gathering.
• General OSINT investigations.

Relationship to other tools:

• It is often compared to the Metasploit Framework due to its similar interface but focuses specifically on reconnaissance.

Case Study:

Objective:

To find WHOIS information on a target domain name with Recon-ng.

WHOIS information can consist of location, registration and expire dates, contact information (email, phone numbers, etc.) and more about domain name. The main purpose of this study is to collect the WHOIS info.

Required Tool:

Kali Linux. Operating the Kali OS in a Virtual environment is a good choice.

Task Walkthrough:

Task 1:

• Open Kali Linux in VM and log in as root user. [ You may log in as a general user, but to perform the task, the user should be a sudo user.]
• Run the command 'recon-ng' from the terminal.

Task 2:

• To gather WHOIS info, first create an own workspace.

[Workspaces allow you to keep different reconnaissance projects separate. This is crucial for maintaining clarity and avoiding data conflicts when working on multiple targets. Each workspace has its dedicated database, ensuring that data collected for one target doesn't mix with data from another.]

• To create workspace run the following command in recon-ng terminal and press ENTER.

workspaces create myproject_whois_recon ; [ Can use any name regarding your case study]

Task 3:

Next task is to choose a domain from which we want to get WHOIS info. Since WHOIS information is available to anyone, it is ok to choose any domain. Here we set the Domain ( say, google.com) as our target.

Follow the following Steps:

• Search a Module for WHOIS from Marketplace using the following command and press ENTER.

marketplace search whois

and the output will show the available modules for WHOIS.

[ Modules are individual tools within the Recon-ng framework, each designed to perform a specific OSINT task and the Marketplace serves as a central repository for Recon-ng modules]

• Install the fourth option, which is “recon/domains-contacts/whois_pocs”. To do this, type:

marketplace install recon/domains-contacts/whois_pocs

• To load the module to use type:

modules load recon/domains-contacts/whois_pocs

• To Set the Source Domain as Target Type:

options set SOURCE

• To view the info of loaded Module and how it will be used, type info.

• We are now all set to search WHOIS for information regarding “google.com”. Simply type “run” and hit enter to begin the search. You'll see various contact and location details, which will be automatically saved to our workstation.

Similarly, you can choose any other module for WHOIS , install and load those to get the desired info.

NTP Solutions NTP Academia

Disclaimer:

The information and tools provided are for educational and authorized testing purposes only. Ethical hacking should only be conducted on systems and networks with explicit, written permission from the owner. Unauthorized access or use is illegal and unethical. You are solely responsible for ensuring your actions comply with all applicable laws and regulations. Misuse of this information or these tools is strictly prohibited. We do not endorse or encourage any illegal activity. Use responsibly and ethically.