RECONNAISSANCE WITH RECON-NG
Greetings
Welcome you all for the series of blogs on reconnaissance how to find possible information of your target . Today we will look one of the best tool recon-ng which helps us to find possible information including subdomain , services , leak data, interesting files of our target.
what is Reconnaissance ?
Reconnaissance is a technique
that collect possible information of our target
this covers Footprinting, Scanning & Enumeration During reconnaissance, an ethical hacker
attempts to gather as much information about a target system . It refer as
active Reconnaissance and passive Reconnaissance .
What is Recon-ng ?
Recon-ng is a framework fully written in Python
specially made for reconnaisance. Recon-ng is incorporated with independent
modules, database interaction, built in convenience functions, interactive
help, and command completion, Recon-ng comes with powerful environment where we
can conduct open source web-based reconnaissance can be conducted quickly and
thoroughly.
Recon-ng has a look and feels similar to the Metasploit Framework, which makes most of the users feel comfortable towards it.
Usage Of recon-ng :
Open Your Terminal And launch recon-ng by typing command
→ recon-ng
As above image we have launch the applicationNow, In order to save your work export data we need to setup custom workspacehere we will add workspace By typing command:→ workspaces create yourname
As above picture we have created workspaces for our projectNow, We can delete workspaces by typing command→ workspaces delete youreoekspc
Now, check for all possible modules for our further attack to show all modules for our attack type command→marketplace search
As above picture it list out all possible modules for our further attackNow, we will install module for our attack we will install module call recon/domains-hosts/findsubdom ains that help us to find subdomains of our targetTo use specif module install by type command :→ marketplace install recon/domains-hosts/findsubdom ains
As above picture we have successfully install module inside our workspaceNow, We need to use load particular module to load a module we will use command→ modules load recon/domains-hosts/findsubdom ains
Now, we have setup everything now find subdomains of our target here I only use subdomain module you can different module which help your recon phase more easy.Here we need to set our target as source here we will use command to set our target
→ options set SOURCE yoursite
As above
picture we have set our target as source Now we can run this module by typing
command
→ run
Now , how to
exit from current module here we will use command
→ back
Now we will add module discovery/info_disclosure/inte resting_files & #160; &# 160;  60;  0;   ; & #160; &# 160; which help us to find interesting files of you target
Here install
module by typing command
→ marketplace
install discovery/info_disclosure/inte resting_files
Now we need to
load module by typing command
→ modules load discovery/info_disclosure/inte resting_files
As above
picture we have load newly installed
module Now, Set target source by typing command :
→options set
PORT 443
→ options set
PROTOCOL https
→ options set
SOURCE yoursite
→ run
As you see as above pic we gather some interesting files from our target so you can use different modules for different attacks that helps to gather possible information about your target .
Download Recon-ng
→ https://github.com/lanmaste…
Stick with our Blog series
to learn more
For more interesting topics please visit www.securiumsolutions.com/blog
Our You tube channel : https://www.youtube.com/cha…
Author: Pallab Jyoti Borah
Thank you, See you again in another blog.
