Jump to content
Nytro

Discover Contacts And Domains With Recon-ng

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Discover Contacts And Domains With Recon-ng

Automation is really important in penetration testing engagements because it can help the penetration tester to save time and to give more attention to other activities.For that reason many pen testers are putting effort to build tools to assist them with a variety of tasks.Such a tool is the recon-ng which can perform web-based reconnaissance and it can be used in social engineering engagements or for extracting information that exists on the web.In this article we will examine how we can use the Recon-Ng framework to discover different type of information.

We can type help in the framework in order to see a list with all the available commands.

recon.png?w=645

recon-ng – commands

We can see that there is a command named modules.We will type that command to check the existing modules that we can use.In the next image you can see a sample of the available modules.

recon2.png?w=645

recon-ng – sample of the available modules

There is a module called contacts_jigsaw.Jigsaw is a website similar to Linkedin that contains a large database of business contacts.So let’s say that we want to discover the contacts of a company that exists on jigsaw.We will load the module with the command load contacts_jigsaw and we will set the domain of our preference.

recon3.png?w=645&h=220

load jigsaw module

in the next image we can see a sample of the output:

recon4.png?w=645

recon-ng – Gathering Contacts

Now that we have some contacts we can try to use the Google module to discover additional domains of the same company.

recon5.png?w=645

discover hosts via google

In the image below we can see a sample of the results that recon-ng has produced.

screenshot-at-2013-01-30-233316.png?w=645

Discovering subdomains with recon-ng

Recon-ng gives us also the ability to extract the results in CSV format or in an HTML file.

recon6.png?w=645&h=228

Save the results in HTML file

You can see in the next two images the output of the report:

report.png?w=645

recon-ng – Report

report1.png?w=645&h=385

recon-ng report contacts

Conclusion

Recon-ng is a great framework that can help in the information gathering stage of a penetration test.This tool is really simple to use and it holds every result in its database for later use.The report that generates is well formatted and if in the future additional modules will added on the framework then it will included in every penetration tester toolkit.

Sursa: Discover Contacts And Domains With Recon-ng | Penetration Testing Lab

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...