RECON-NG
启动
recon-ng
设置默认选项(默认工作区,创建其它工作区将会依据默认工作区创建配置):
options list
设置DNS服务器
options set NAMESERVER 114.114.114.114
设置代理:
options set PROXY 127.0.0.1:8889
设置User-Agent:
options set USER-AGENT Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36
更新下载所有模块
marketplace refresh
marketplace install all
创建一个工作区
workplace create baidu
# workplace list
# 查看工作区列表
# workplace load baidu
# 载入工作区
# workplace remove baidu
# 删除工作区
# recon-ng -w baidu
# 在terminal直接创建并启动一个工作区
Google查询子域名
modules search google
载入
modules load recon/domains-hosts/google_site_web
设置目标
options list
options set SOURCE baidu.com
开始查询
run
bing和shodan查询
modules load recon/domains-hosts/bing_domain_web
modules load recon/domains-hosts/shodan_hostname
使用域名爆破模块查询
modules search brute
modules load recon/domains-hosts/brute_hosts
options set SOURCE baidu.com
run
域名解析
modules search resolve
modules load recon/hosts-hosts/resolve
run
查看结果
直接查看
show hosts
用数据库语句查询,根据ip排序查看
db query select host,ip_address,module from hosts order by ip_address
去重域名:
db query select distinct host,ip_address,module from hosts order by ip_address
只查看ip并去重:
db query select distinct ip_address from hosts order by ip_address
生成报告
搜索报告模块
modules search report
选择一种格式载入模块
modules load reporting/list
查看并设置选项
options list
# options set ...
生成
run