
To perform web applications reconnaissance you have to use the best tools to get extra information. With Recon-ng you can get many features just in one tools, even you can also perform social media reconnaissance. Recon-ng is personally the main tool that i use to digg a web information because in this tool you can use so many modules to run any reconnaissance method.
Overview
Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to Social Engineer, us the Social Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Usage Guide for more information.
Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. Each module is a subclass of the “module” class. The “module” class is a customized “cmd” interpreter equipped with built-in functionality that provides simple interfaces to common tasks such as standardizing output, interacting with the database, making web requests, and managing API keys. Therefore, all the hard work has been done. Building modules is simple and takes little more than a few minutes. See the Development Guide for more information.

Features
Below are a few helpful nuggets for getting started with the Recon-ng framework. While not all features are covered, the following notes will help make sense of a few of the frameworks more helpful and complex features.
Contents
- Interactive Help
- Command Completion
- Database Interaction
- Shell Commands
- Spooling Activity
- Recording Commands
- Configuration Persistence
- Global Options
- Workspaces
- Module Marketplace
- Module Searching
- Smart Loading
- Database Snapshots
- Restricted Context
- Module Details
- Data Sources
- Third Party Modules
- Methodology Driven
- Automation
- Analysis and Reporting
- Analytics
Installation
Prerequisites
Recon-ng requires Python 3.6+. The below installation instructions for source installation also uses the Python package manager, PiPI (pip
). I encourage those installing from source to use Virtualenv (virtualenv
) to create separate instances of the Python environment to prevent making a mess of the system installation.
Dependencies
All 3rd party dependencies must be installed prior to use. The following instructions only install dependencies for the framework core. Modules may have additional dependencies that must be met. Due to the open nature of the marketplace, module dependencies are not installed by the framework. While modules are reviewed prior to acceptance into the marketplace, users are responsible for anything that happens as a result of installing and using the modules and their dependencies. See the Module Marketplace section of the Features page for more information.
Installing on Kali Linux
Install Recon-ng
Note: Kali repositories may not be updated to the latest version.
Installing from Source
Clone the Recon-ng repository and install all requirements. Follow commands bellow :
git clone https://github.com/lanmaster53/recon-ng.git cd recon-ng pip install -r REQUIREMENTS ./recon-ng ./recon-ng -h
Read the Features page to familiarize yourself with the interface.
Usage
[email protected]:~# recon-ng _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ /\ / \\ /\ Sponsored by... /\ /\/ \\V \/\ / \\/ // \\\\\ \\ \/\ // // BLACK HILLS \/ \\ www.blackhillsinfosec.com [recon-ng v4.9.4, Tim Tomes (@LaNMaSteR53)] [76] Recon modules [8] Reporting modules [2] Import modules [2] Exploitation modules [2] Discovery modules [recon-ng][default] > use recon/domains-vulnerabilities/xssed [recon-ng][default][xssed] > set SOURCE cisco.com SOURCE => cisco.com [recon-ng][default][xssed] > run --------- CISCO.COM --------- [*] Category: Redirect [*] Example: http://www.cisco.com/survey/exit.html?http://xssed.com/ [*] Host: www.cisco.com [*] Publish_Date: 2012-02-16 00:00:00 [*] Reference: http://xssed.com/mirror/76478/ [*] Status: unfixed [*] -------------------------------------------------- [*] Category: XSS [*] Example: http://developer.cisco.com/web/webdialer/wikidocs?p_p_id=1_WAR_wikinavigationportlet_INSTANCE_veD7&p<br>_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&p_r_p_185834411_no<br>deId=803209&p_r_p_185834411_title=%22%3E%3Ch1%3ECross-Site%20Scripting%[email protected]%3C/h1%3E%3Cs<br>cript%3Ealert%28/xss/%29%3C/script%3E [*] Host: developer.cisco.com [*] Publish_Date: 2012-02-13 00:00:00 [*] Reference: http://xssed.com/mirror/76294/ [*] Status: unfixed ...
Videos
- Recon-ng v.5 intro – https://youtu.be/WVEv7peHerw
- Recon-ng course Playlist – https://www.youtube.com/playlist?list=PLBf0hzazHTGPP2Nbt9QwSgG8jLnQIxi42
- Track all activities with Recon-ng – https://youtu.be/0cm6q9EXXQ8