Tools - recon-ng
来源:互联网 发布:耳鸣 知乎 编辑:程序博客网 时间:2024/05/16 19:46
Description
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to social engineer, use the Social-Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information.
Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the “module” class. The “module” class is a customized “cmd” interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys. Therefore, all the hard work has been done. Building modules is simple and takes little more than a few minutes. See the Development Guide for more information.
Download
git clone https://bitbucket.org/LaNMaSteR53/recon-ng/
Requirements
sudo pip2 install -r REQUIREMENTS
Requirements Packages:
dicttoxml==1.6.6dnspython==1.12.0jsonrpclib==0.1.3lxml==3.4.4mechanize==0.2.5slowaes==0.1a1XlsxWriter==0.7.3
Usage
root:~ /# recon-ng _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ +---------------------------------------------------------------------------+ | _ ___ _ __ | | |_)| _ _|_ |_|.|| _ | _ |_ _ _ _ _ _|_o _ _ (_ _ _ _o_|_ | | |_)|(_|(_|\ | ||||_\ _|_| || (_)| |||(_| | |(_)| | __)(/_(_|_|| | | \/ | | / | | Consulting | Research | Development | Training | | http://www.blackhillsinfosec.com | +---------------------------------------------------------------------------+ [recon-ng v4.5.1, Tim Tomes (@LaNMaSteR53)] [66] Recon modules[7] Reporting modules[2] Import modules[2] Exploitation modules[2] Discovery modules[recon-ng][default] > helpCommands (type [help|?] <topic>):---------------------------------add Adds records to the databaseback Exits the current contextdel Deletes records from the databaseexit Exits the frameworkhelp Displays this menukeys Manages framework API keysload Loads specified modulepdb Starts a Python Debugger sessionquery Queries the databaserecord Records commands to a resource fileresource Executes commands from a resource filesearch Searches available modulesset Sets module optionsshell Executes shell commandsshow Shows various framework itemssnapshots Manages workspace snapshotsspool Spools output to a fileunset Unsets module optionsuse Loads specified moduleworkspaces Manages workspaces
Modules
[recon-ng][default] > show modules Discovery --------- discovery/info_disclosure/cache_snoop discovery/info_disclosure/interesting_files Exploitation ------------ exploitation/injection/command_injector exploitation/injection/xpath_bruter Import ------ import/csv_file import/list Recon ----- recon/companies-contacts/facebook recon/companies-contacts/jigsaw recon/companies-contacts/jigsaw/point_usage recon/companies-contacts/jigsaw/purchase_contact recon/companies-contacts/jigsaw/search_contacts recon/companies-contacts/linkedin_auth recon/companies-contacts/linkedin_crawl recon/companies-multi/whois_miner recon/contacts-contacts/mailtester recon/contacts-contacts/mangle recon/contacts-credentials/breachalarm recon/contacts-credentials/hibp_breach recon/contacts-credentials/hibp_paste recon/contacts-credentials/pwnedlist recon/contacts-domains/migrate_contacts recon/contacts-social/dev_diver recon/contacts-social/twitter recon/credentials-credentials/adobe recon/credentials-credentials/bozocrack recon/credentials-credentials/hashes_org recon/credentials-credentials/leakdb recon/domains-contacts/pgp_search recon/domains-contacts/whois_pocs recon/domains-credentials/pwnedlist/account_creds recon/domains-credentials/pwnedlist/api_usage recon/domains-credentials/pwnedlist/domain_creds recon/domains-credentials/pwnedlist/domain_ispwned recon/domains-credentials/pwnedlist/leak_lookup recon/domains-credentials/pwnedlist/leaks_dump recon/domains-domains/brute_suffix recon/domains-hosts/baidu_site recon/domains-hosts/bing_domain_api recon/domains-hosts/bing_domain_web recon/domains-hosts/brute_hosts recon/domains-hosts/builtwith recon/domains-hosts/google_site_api recon/domains-hosts/google_site_web recon/domains-hosts/netcraft recon/domains-hosts/shodan_hostname recon/domains-hosts/ssl_san recon/domains-hosts/vpnhunter recon/domains-hosts/yahoo_domain recon/domains-vulnerabilities/punkspider recon/domains-vulnerabilities/xssed recon/domains-vulnerabilities/xssposed recon/hosts-domains/migrate_hosts recon/hosts-hosts/bing_ip recon/hosts-hosts/ip_neighbor recon/hosts-hosts/ipinfodb recon/hosts-hosts/resolve recon/hosts-hosts/reverse_resolve recon/locations-locations/geocode recon/locations-locations/reverse_geocode recon/locations-pushpins/flickr recon/locations-pushpins/instagram recon/locations-pushpins/picasa recon/locations-pushpins/shodan recon/locations-pushpins/twitter recon/locations-pushpins/youtube recon/netblocks-companies/whois_orgs recon/netblocks-hosts/reverse_resolve recon/netblocks-hosts/shodan_net recon/netblocks-ports/census_2012 recon/ports-hosts/migrate_ports recon/profiles-profiles/namechk recon/profiles-profiles/profiler Reporting --------- reporting/csv reporting/html reporting/json reporting/list reporting/pushpin reporting/xlsx reporting/xml
Query
[recon-ng][default] > help queryQueries the databaseUsage: query <sql>SQL examples: SELECT columns|* FROM table_name SELECT columns|* FROM table_name WHERE some_column=some_value DELETE FROM table_name WHERE some_column=some_value INSERT INTO table_name (column1, column2,...) VALUES (value1, value2,...) UPDATE table_name SET column1=value1, column2=value2,... WHERE some_column=some_value
[recon-ng][default] > query select * from Hosts limit 1,10 +-------------------------------------------------------------------------------------------+ | host | ip_address | region | country | latitude | longitude | module | +-------------------------------------------------------------------------------------------+ | cisco.ag | | | | | | ip_neighbor | | cisco.com | | | | | | ip_neighbor | | cisco.com.akadns.net | | | | | | ip_neighbor | | cisco.com.az | | | | | | ip_neighbor | | cisco.com.do | | | | | | ip_neighbor | | cisco.com.kz | | | | | | ip_neighbor | | cisco.hm | | | | | | ip_neighbor | | cisco.mn | | | | | | ip_neighbor | | cisco.net.lv | | | | | | ip_neighbor | | cisco.or.at | | | | | | ip_neighbor | +-------------------------------------------------------------------------------------------+[*] 10 rows returned
Shell
[recon-ng][default] > !id[*] Command: iduid=0(root) gid=0(root) groups=0(root)
Search
[recon-ng][default] > help searchSearches available modulesUsage: search <string>[recon-ng][default] > search whois[*] Searching for 'whois'... Recon ----- recon/companies-multi/whois_miner recon/domains-contacts/whois_pocs recon/netblocks-companies/whois_orgs
Demo
[recon-ng][default] > search ip[*] Searching for 'ip'... Recon ----- recon/hosts-hosts/bing_ip recon/hosts-hosts/ip_neighbor recon/hosts-hosts/ipinfodb[recon-ng][default] > use recon/hosts-hosts/ip_neighbor[recon-ng][default][ip_neighbor] > set SOURCE cisco.comSOURCE => cisco.com[recon-ng][default][ip_neighbor] > run---------CISCO.COM---------[*] URL: http://www.my-ip-neighbors.com/?domain=cisco.com[*] 72.163.4.161[*] cisco.ag[*] cisco.com[*] cisco.com.akadns.net[*] cisco.com.az[*] cisco.com.do[*] cisco.com.kz[*] cisco.hm[*] cisco.mn[*] cisco.net.lv[*] cisco.or.at[*] cisco.org.lv[*] cisco.rw[*] cisco.sh[*] cisco.vg[*] cisco.ws[*] ciscosystems.am[*] ciscosystems.cd[*] ciscosystems.cg[*] ciscosystems.ch[*] ciscosystems.co.ck[*] ciscosystems.co.nz[*] ciscosystems.com.pe[*] ciscosystems.com.ro[*] ciscosystems.fm[*] ciscosystems.kg[*] ciscosystems.li[*] ciscosystems.lt[*] ciscosystems.lv[*] ciscosystems.md[*] ciscosystems.net.mu[*] ciscosystems.net.ph[*] ciscosystems.or.at[*] ciscosystems.org.ph[*] ciscosystems.org.ro[*] ciscosystems.ro[*] ciscosystems.rw[*] ciscosystems.sc[*] ciscosystems.to[*] ciscosystems.uz[*] digitalcribs.com[*] donthaveameltdown.com[*] ipv6.cisco.com[*] mamaisonnet.com[*] origin-cisco.com[*] www1.cisco.com-------SUMMARY-------[*] 46 total (0 new) hosts found.
References
https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Home
- Tools - recon-ng
- toolsmith: Recon-ng
- The Recon-ng Framework : Automated Information Gathering
- 被动信息收集之RECON-NG
- Recon
- Kail Linux渗透测试教程之Recon-NG框架
- 小白日记6:kali渗透测试之被动信息收集(五)-Recon-ng
- RECON 2006 - Conference Proceedings
- RECON使用札记
- ERLANG recon使用示例
- flume-ng version 报找不到org.apache.flume.tools.GetJavaProperty
- NG
- ng
- ng
- Getting Started with the Aircrack-Ng Suite of Wi-Fi Hacking Tools
- 使用HTML5和JS-Recon进行端口扫描
- Tools
- tools
- 落户这里了,放弃私人阵地了
- 黑马程序员_JAVA之多线程
- 【BZOJ】1012 最大数maxnumber
- 【bzoj1005】 明明的烦恼——树的prufer编码
- mysql批量导入导出数据
- Tools - recon-ng
- hdu 2551 竹青遍野
- Codeforces Round #229 (Div. 2)C. Inna and Candy Boxes
- GIT对VS工程中的无用文件过滤
- NYOJ 124 中位数(水题,nth_element()使用练习)
- LeetCode110 Blanced Binary Tree Java 题解
- C#课程设计:《猜猜看》游戏开发总结
- hdu 1710 Binary Tree Traversals 前序遍历和中序推后序
- Tomcat 启动 异常 java.lang.IllegalStateException: Unable to complete the scan for annotations...