关闭

Tools - recon-ng

650人阅读 评论(0) 收藏 举报
分类:

Description

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to social engineer, use the Social-Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information.

Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the “module” class. The “module” class is a customized “cmd” interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys. Therefore, all the hard work has been done. Building modules is simple and takes little more than a few minutes. See the Development Guide for more information.

Download

git clone https://bitbucket.org/LaNMaSteR53/recon-ng/

Requirements

sudo pip2 install -r REQUIREMENTS

Requirements Packages:

dicttoxml==1.6.6
dnspython==1.12.0
jsonrpclib==0.1.3
lxml==3.4.4
mechanize==0.2.5
slowaes==0.1a1
XlsxWriter==0.7.3

Usage

root:~ /# recon-ng 

    _/_/_/    _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/
   _/    _/  _/        _/        _/      _/  _/_/    _/            _/_/    _/  _/       
  _/_/_/    _/_/_/    _/        _/      _/  _/  _/  _/  _/_/_/_/  _/  _/  _/  _/  _/_/_/
 _/    _/  _/        _/        _/      _/  _/    _/_/            _/    _/_/  _/      _/ 
_/    _/  _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/    

     +---------------------------------------------------------------------------+      
     |  _                     ___    _                        __                 |      
     | |_)| _  _|_  |_|.|| _   |  _ |_ _  _ _  _ _|_o _  _   (_  _  _    _o_|_   |      
     | |_)|(_|(_|\  | ||||_\  _|_| || (_)| |||(_| | |(_)| |  __)(/_(_|_|| | | \/ |      
     |                                                                        /  |      
     |              Consulting | Research | Development | Training               |      
     |                     http://www.blackhillsinfosec.com                      |      
     +---------------------------------------------------------------------------+      

                      [recon-ng v4.5.1, Tim Tomes (@LaNMaSteR53)]                       

[66] Recon modules
[7]  Reporting modules
[2]  Import modules
[2]  Exploitation modules
[2]  Discovery modules

[recon-ng][default] > help

Commands (type [help|?] <topic>):
---------------------------------
add             Adds records to the database
back            Exits the current context
del             Deletes records from the database
exit            Exits the framework
help            Displays this menu
keys            Manages framework API keys
load            Loads specified module
pdb             Starts a Python Debugger session
query           Queries the database
record          Records commands to a resource file
resource        Executes commands from a resource file
search          Searches available modules
set             Sets module options
shell           Executes shell commands
show            Shows various framework items
snapshots       Manages workspace snapshots
spool           Spools output to a file
unset           Unsets module options
use             Loads specified module
workspaces      Manages workspaces

Modules

[recon-ng][default] > show modules

  Discovery
  ---------
    discovery/info_disclosure/cache_snoop
    discovery/info_disclosure/interesting_files

  Exploitation
  ------------
    exploitation/injection/command_injector
    exploitation/injection/xpath_bruter

  Import
  ------
    import/csv_file
    import/list

  Recon
  -----
    recon/companies-contacts/facebook
    recon/companies-contacts/jigsaw
    recon/companies-contacts/jigsaw/point_usage
    recon/companies-contacts/jigsaw/purchase_contact
    recon/companies-contacts/jigsaw/search_contacts
    recon/companies-contacts/linkedin_auth
    recon/companies-contacts/linkedin_crawl
    recon/companies-multi/whois_miner
    recon/contacts-contacts/mailtester
    recon/contacts-contacts/mangle
    recon/contacts-credentials/breachalarm
    recon/contacts-credentials/hibp_breach
    recon/contacts-credentials/hibp_paste
    recon/contacts-credentials/pwnedlist
    recon/contacts-domains/migrate_contacts
    recon/contacts-social/dev_diver
    recon/contacts-social/twitter
    recon/credentials-credentials/adobe
    recon/credentials-credentials/bozocrack
    recon/credentials-credentials/hashes_org
    recon/credentials-credentials/leakdb
    recon/domains-contacts/pgp_search
    recon/domains-contacts/whois_pocs
    recon/domains-credentials/pwnedlist/account_creds
    recon/domains-credentials/pwnedlist/api_usage
    recon/domains-credentials/pwnedlist/domain_creds
    recon/domains-credentials/pwnedlist/domain_ispwned
    recon/domains-credentials/pwnedlist/leak_lookup
    recon/domains-credentials/pwnedlist/leaks_dump
    recon/domains-domains/brute_suffix
    recon/domains-hosts/baidu_site
    recon/domains-hosts/bing_domain_api
    recon/domains-hosts/bing_domain_web
    recon/domains-hosts/brute_hosts
    recon/domains-hosts/builtwith
    recon/domains-hosts/google_site_api
    recon/domains-hosts/google_site_web
    recon/domains-hosts/netcraft
    recon/domains-hosts/shodan_hostname
    recon/domains-hosts/ssl_san
    recon/domains-hosts/vpnhunter
    recon/domains-hosts/yahoo_domain
    recon/domains-vulnerabilities/punkspider
    recon/domains-vulnerabilities/xssed
    recon/domains-vulnerabilities/xssposed
    recon/hosts-domains/migrate_hosts
    recon/hosts-hosts/bing_ip
    recon/hosts-hosts/ip_neighbor
    recon/hosts-hosts/ipinfodb
    recon/hosts-hosts/resolve
    recon/hosts-hosts/reverse_resolve
    recon/locations-locations/geocode
    recon/locations-locations/reverse_geocode
    recon/locations-pushpins/flickr
    recon/locations-pushpins/instagram
    recon/locations-pushpins/picasa
    recon/locations-pushpins/shodan
    recon/locations-pushpins/twitter
    recon/locations-pushpins/youtube
    recon/netblocks-companies/whois_orgs
    recon/netblocks-hosts/reverse_resolve
    recon/netblocks-hosts/shodan_net
    recon/netblocks-ports/census_2012
    recon/ports-hosts/migrate_ports
    recon/profiles-profiles/namechk
    recon/profiles-profiles/profiler

  Reporting
  ---------
    reporting/csv
    reporting/html
    reporting/json
    reporting/list
    reporting/pushpin
    reporting/xlsx
    reporting/xml

Query

[recon-ng][default] > help query
Queries the database

Usage: query <sql>

SQL examples:
  SELECT columns|* FROM table_name
  SELECT columns|* FROM table_name WHERE some_column=some_value
  DELETE FROM table_name WHERE some_column=some_value
  INSERT INTO table_name (column1, column2,...) VALUES (value1, value2,...)
  UPDATE table_name SET column1=value1, column2=value2,... WHERE some_column=some_value
[recon-ng][default] > query select * from Hosts limit 1,10

  +-------------------------------------------------------------------------------------------+
  |         host         | ip_address | region | country | latitude | longitude |    module   |
  +-------------------------------------------------------------------------------------------+
  | cisco.ag             |            |        |         |          |           | ip_neighbor |
  | cisco.com            |            |        |         |          |           | ip_neighbor |
  | cisco.com.akadns.net |            |        |         |          |           | ip_neighbor |
  | cisco.com.az         |            |        |         |          |           | ip_neighbor |
  | cisco.com.do         |            |        |         |          |           | ip_neighbor |
  | cisco.com.kz         |            |        |         |          |           | ip_neighbor |
  | cisco.hm             |            |        |         |          |           | ip_neighbor |
  | cisco.mn             |            |        |         |          |           | ip_neighbor |
  | cisco.net.lv         |            |        |         |          |           | ip_neighbor |
  | cisco.or.at          |            |        |         |          |           | ip_neighbor |
  +-------------------------------------------------------------------------------------------+

[*] 10 rows returned

Shell

[recon-ng][default] > !id
[*] Command: id
uid=0(root) gid=0(root) groups=0(root)
[recon-ng][default] > help search
Searches available modules

Usage: search <string>

[recon-ng][default] > search whois
[*] Searching for 'whois'...

  Recon
  -----
    recon/companies-multi/whois_miner
    recon/domains-contacts/whois_pocs
    recon/netblocks-companies/whois_orgs

Demo

[recon-ng][default] > search ip
[*] Searching for 'ip'...

  Recon
  -----
    recon/hosts-hosts/bing_ip
    recon/hosts-hosts/ip_neighbor
    recon/hosts-hosts/ipinfodb

[recon-ng][default] > use recon/hosts-hosts/ip_neighbor
[recon-ng][default][ip_neighbor] > set SOURCE cisco.com
SOURCE => cisco.com
[recon-ng][default][ip_neighbor] > run

---------
CISCO.COM
---------
[*] URL: http://www.my-ip-neighbors.com/?domain=cisco.com
[*] 72.163.4.161
[*] cisco.ag
[*] cisco.com
[*] cisco.com.akadns.net
[*] cisco.com.az
[*] cisco.com.do
[*] cisco.com.kz
[*] cisco.hm
[*] cisco.mn
[*] cisco.net.lv
[*] cisco.or.at
[*] cisco.org.lv
[*] cisco.rw
[*] cisco.sh
[*] cisco.vg
[*] cisco.ws
[*] ciscosystems.am
[*] ciscosystems.cd
[*] ciscosystems.cg
[*] ciscosystems.ch
[*] ciscosystems.co.ck
[*] ciscosystems.co.nz
[*] ciscosystems.com.pe
[*] ciscosystems.com.ro
[*] ciscosystems.fm
[*] ciscosystems.kg
[*] ciscosystems.li
[*] ciscosystems.lt
[*] ciscosystems.lv
[*] ciscosystems.md
[*] ciscosystems.net.mu
[*] ciscosystems.net.ph
[*] ciscosystems.or.at
[*] ciscosystems.org.ph
[*] ciscosystems.org.ro
[*] ciscosystems.ro
[*] ciscosystems.rw
[*] ciscosystems.sc
[*] ciscosystems.to
[*] ciscosystems.uz
[*] digitalcribs.com
[*] donthaveameltdown.com
[*] ipv6.cisco.com
[*] mamaisonnet.com
[*] origin-cisco.com
[*] www1.cisco.com

-------
SUMMARY
-------
[*] 46 total (0 new) hosts found.

References

https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Home

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    安全书籍