Network Reconnaissance with Recon-NG – Basic Usage

I am working on a major update for my first book, “Basic Security Testing with Kali Linux”. Since it was published, the Recon-NG tool has changed a bit. I figured I would post a series of articles on how to use the newer Recon-NG.

The Recon-NG Framework is a powerful tool that allows you to perform automated information gathering and network reconnaissance. Recon-NG automates a lot of the steps that are taken in the initial process of a penetration test. You can automatically hit numerous websites to gather passive information on your target and even actively probe the target itself for data. It has numerous features that allow you to collect user information for social engineering attacks, and network information for network mapping and much more.

Think of it as Metasploit for information collection. Anyone who is familiar with Metasploit will feel right at home as the interface was made to have the same look and feel. The command use and process flow are very similar. Basically you can use Recon-NG to gather info on your target, and then attack it with Metasploit.

Using Recon-NG

You can start Recon-NG by selecting it from the ‘Applications > Information Gathering’ menu, or from the command line:

  • Open a terminal window by clicking on the “Terminal” icon on the quick start bar
  • Type, “recon-ng”:

Basic Recon-ng 1

Type, “help” to bring up a list of commands:

Basic Recon-ng 2

Now type, “show modules” to display a list of available modules:

Basic Recon-ng 3

Modules are used to actually perform the recon process. As you can see there are several different ones available. Go ahead and read down through the module list. Some are passive; they never touch the target network, while some directly probe and can even attack the system you are interested in. If you are familiar with the older version of Recon-NG you will notice that the module names look slightly different. Kali 2 includes the latest version of Recon-NG, and the module name layout has changed from previous versions.

The basic layout is:

Basic Recon-ng 4

1. Module Type: Recon – This is a reconnaissance module.
2. Conversion Action: Domains-hosts – Converts data from “Domains” to “hostnames”.
3. Vehicle used to perform Action: Google _Site_Web – Google is used to perform the search.

So from this module name we can see that it is a recon module that uses Google’s web site search to convert Domain Names to individual Hosts attached to that domain.
When you have found a module that you would like to try the process is fairly straight forward.

  • Type, “use [Modulename]” to use the module
  • Type, “show info” to view information about the module
  • And then, “show options” to see what variables can be set
  • Set the option variables with “set [variable]”
  • Finally, type “run” to execute the module

Stay tuned for additional Recon-NG articles and my re-vamped Basic Kali book. Also, check out my latest book, “Intermediate Security Testing with Kali Linux 2” which contains almost 500 pages packed full of step-by-step tutorials using the latest penetration testing tools!

~ by D. Dieterle on January 25, 2016.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: