本文介绍了如何使用Recon-NG,一个基于Python的开源Web侦查框架,进行被动信息收集。内容包括Recon-NG的启动、帮助信息查看、数据库结构展示、工作区创建、模块使用(如bing_domain_web和brute_force)以查询和收集目标域名的主机与IP地址,最后将结果导出为报告。
Recon-NG框架
(1)Recon-NG框架简介
- Recon-NG是由python编写的一个开源的Web侦查(信息收集)框架,命令格式与msf一致;
- Recon-NG框架是一个全特性的工具,使用它可以自动的收集信息和网络侦查。可把查询结果结构化存储在其中,有报告模块,把结果导出为报告。下面将介绍使用Recon-NG侦查工具
(2)启动Recon-NG框架
2.1> 启动Recon-NG框架
root@root:~# recon-ng
root@root:~# recon-ng
_/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/
_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
_/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
/\
/ \\ /\
Sponsored by... /\ /\/ \\V \/\
/ \\/ // \\\\\ \\ \/\
// // BLACK HILLS \/ \\
www.blackhillsinfosec.com
[recon-ng v4.9.2, Tim Tomes (@LaNMaSteR53)]
[77] Recon modules #77个模块
[8] Reporting modules #8个报告模块
[2] Import modules #2个导入模块
[2] Exploitation modules #2个渗透攻击模块
[2] Discovery modules #2个发现模块
[recon-ng][default] > #证明框架启动成功2.2> 进入Recon-NG框架后,可以使用help查看所有可执行的操作;
[recon-ng][default] > help
[recon-ng][default] > help
Commands (type [help|?] <topic>):
---------------------------------
add Adds records to the database #将记录添加到数据库中
back Exits the current context #退出当前上下文
delete Deletes records from the database #一个从数据库中删除记录
exit Exits the framework #退出框架
help Displays this menu #显示帮助信息
keys Manages framework API keys #设置框架API
load Loads specified module #加载指定的模块
pdb Starts a Python Debugger session #启动Python调试器会话
query Queries the database #查询数据库
record Records commands to a resource file #将命令记录到资源文件中
reload Reloads all modules #重新加载所有模块
resource Executes commands from a resource file #从资源文件集中执行命令
search Searches available modules #寻找模块
set Sets module options #设置模块的选项
shell Executes shell commands #执行shell命令
show Shows various framework items #显示各种框架项
snapshots Manages workspace snapshots #管理工作区快照
spool Spools output to a file #输出到一个文件
unset Unsets module options #取消设置的模块选项
use Loads specified module #使用模块
workspaces Manages workspaces #管理工作区间2.3> Recon-NG框架的帮助信息;
[recon-ng][default] > recon-ng -h
[recon-ng][default] > recon-ng -h
[*] Command: recon-ng -h
usage: recon-ng [-h] [-v] [-w workspace] [-r filename] [--no-check]
[--no-analytics]
recon-ng - Tim Tomes (@LaNMaSteR53) tjt1980[at]gmail.com
optional arguments:
-h, --help show this help message and exit #显示帮助消息并退出
-v, --version show program's version number and exit #显示版本号并退出
-w workspace load/create a workspace #设置工作区
-r filename load commands from a resource file #从资源文件加载命令
--no-check disable version check #每次启动不去检查recon-ng版本检查
--no-analytics disable analytics reporting #每次启动不去检查工作报告
2.4>Recon-NG框架自身有数据库,可以将获取到的信息存放到数据库中;使用show schema可以显示Recon-NG框架中数据库的数据结构;(后面会用到hosts表)
[recon-ng][sina] > show schema
[recon-ng][sina] > show schema
+---------------+
| domains |
+---------------+
| domain | TEXT |
| module | TEXT |
+---------------+
......
+-------------------+
| hosts |
+-------------------+ #之后会用到数据库中的hosts表
| host | TEXT |
| ip_address | TEXT |
| region | TEXT |
| country | TEXT |
| latitude | TEXT |
| longitude | TEXT |
| module | TEXT |
+-------------------+
+--------------------+
| contacts |
+--------------------+
| first_name | TEXT |
| middle_name | TEXT |
| last_name | TEXT |
| email | TEXT |
| title | TEXT |
| region | TEXT |
| country | TEXT |
| module | TEXT |
+--------------------+
+-----------------+
| credentials |
+-----------------+
| username | TEXT |
| password | TEXT |
| hash | TEXT |
| type | TEXT |
| leak | TEXT |
| module | TEXT |
+-----------------+
+-----------------------------+
| leaks |
+-----------------------------+
| leak_id | TEXT |
| description | TEXT |
| source_refs | TEXT |
| leak_type | TEXT |
| title | TEXT |
| import_date | TEXT |
| leak_date | TEXT |
| attackers | TEXT |
| num_entries | TEXT |
| score | TEXT |
| num_domains_affected | TEXT |
| attack_method | TEXT |
| target_industries | TEXT |
| password_hash | TEXT |
| password_type | TEXT |
| targets | TEXT |
| media_refs | TEXT |
| module | TEXT |
+-----------------------------+
+---------------------+
| pushpins |
+---------------------+
| source | TEXT |
| screen_name | TEXT |
| profile_name | TEXT |
| profile_url | TEXT |
| media_url | TEXT |
| thumb_url | TEXT |
| message | TEXT |
| latitude | TEXT |
| longitude | TEXT |
| time | TEXT |
| module | TEXT |
+---------------------+
+-----------------+
| profiles |
+-----------------+
| username | TEXT |
| resource | TEXT |
| url | TEXT |
| category | TEXT |
| notes | TEXT |
| module | TEXT |
+-----------------+
+--------------------+
| repositories |
+--------------------+
| name | TEXT |
| owner | TEXT |
| descriptio
最低0.47元/天 解锁文章
扫一扫
575
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
