Discover Contacts And Domains With Recon-ng

Automation is really important in penetration testing engagements because it can help the penetration tester to save time and to give more attention to other activities.For that reason many pen testers are putting effort to build tools to assist them with a variety of tasks.Such a tool is the recon-ng which can perform web-based reconnaissance and it can be used in social engineering engagements or for extracting information that exists on the web.In this article we will examine how we can use the Recon-Ng framework to discover different type of information.

We can type help in the framework in order to see a list with all the available commands.

recon-ng - commands — recon-ng – commands

We can see that there is a command named modules.We will type that command to check the existing modules that we can use.In the next image you can see a sample of the available modules.

recon-ng - sample of the available modules — recon-ng – sample of the available modules

There is a module called contacts_jigsaw.Jigsaw is a website similar to Linkedin that contains a large database of business contacts.So let’s say that we want to discover the contacts of a company that exists on jigsaw.We will load the module with the command load contacts_jigsaw and we will set the domain of our preference.

in the next image we can see a sample of the output:

Now that we have some contacts we can try to use the Google module to discover additional domains of the same company.

In the image below we can see a sample of the results that recon-ng has produced.

Discovering subdomain with recon-ng — Discovering subdomains with recon-ng

Recon-ng gives us also the ability to extract the results in CSV format or in an HTML file.

You can see in the next two images the output of the report:

recon-ng report 2 — recon-ng report contacts

Conclusion

Recon-ng is a great framework that can help in the information gathering stage of a penetration test.This tool is really simple to use and it holds every result in its database for later use.The report that generates is well formatted and if in the future additional modules will added on the framework then it will included in every penetration tester toolkit.

2 Comments

Thank you so much for sharing this !!!
After reading THIS BLOG i did search and found these 2 commands will help to get started with Recon-ng (source :https://bitbucket.org/)

Clone the Recon-ng repository to your local system with
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git
Change into the Recon-ng directory cd recon-ng
and launch recon-ng with ./recon-ng.py

It worked me on Backtrackr3

Pingback: InfoSec Institute Resources – The Recon-ng Framework : Automated Information Gathering

Yaopointcom says:

January 31, 2013 at 10:51 am

Thank you so much for sharing this !!!
After reading THIS BLOG i did search and found these 2 commands will help to get started with Recon-ng (source :https://bitbucket.org/)

Clone the Recon-ng repository to your local system with
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git
Change into the Recon-ng directory cd recon-ng
and launch recon-ng with ./recon-ng.py

It worked me on Backtrackr3

Pingback: InfoSec Institute Resources – The Recon-ng Framework : Automated Information Gathering

M	T	W	T	F	S	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Rate this:

Share this:

Related

2 Comments

Leave a comment Cancel reply