CEH_recon_ng - yenbohuang/techNotes GitHub Wiki
recon-ng: https://www.kali.org/tools/recon-ng/
Footprinting a Target using Recon-ng.
- Ignore all errors when running the following commands.
Initialize recon-ng
recon-ng
marketplace install all
General Commands
| Command | Note |
|---|---|
modules search |
Displays all the modules available in recon-ng. |
workspaces |
Displays the commands related to the workspaces. |
workspaces create CEH |
Create workspace. |
workspaces list |
Displays a list of workspaces. |
workspaces load CEH |
Use existing workspace. |
db insert domains |
Add target domain to DB. |
show domains |
Show added domains in DB. |
show hosts |
Displays all the hosts that are harvested. |
back |
Exit workspace and go back to the attributes terminal. |
info command |
View the options required to run this module. |
Run Modules
Harvest the hosts by brute force.
modules load brute
modules load recon/domains-hosts/brute_hosts
run
Resolve hosts using the Bing module:
modules load recon/domains-hosts/bing_domain_web
run
Perform a reverse lookup for each IP address
modules load reverse_resolve
modules load recon/hosts-hosts/reverse_resolve
run
Prepare a report containing all the hosts:
modules load reporting
modules load reporting/html
options set FILENAME /home/attacker/Desktop/results.html
options set CREATOR [your name]
options set CUSTOMER Certifiedhacker Networks
run
Uses the ARIN Whois RWS to harvest POC data from Whois queries for the given domain.
modules load recon/domains-contacts/whois_pocs
options set SOURCE facebook.com
run
To extract a list of subdomains and IP addresses associated with the target URL:
modules load recon/domains-hosts/hackertarget
options set SOURCE certifiedhacker.com
run