Jump to content
Nytro

Recon-ng Framework A Quick Intro

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=3]Recon-ng Framework A Quick Intro [/h]Recon-ng is an open-source framework coded in python by Tim Tomes a.k.a LaNMaSteR53. Its interface is modeled after the look of the Metasploit Framework but it is not meant for exploitation or for spawning a meterpreter session or a shell, it is for web-based reconnaissance and information gathering. It comes with modules to support your web reconnaissance adventure and information gathering just like Metasploit's auxiliary and exploit modules. Modules are categorized into Discovery, Experimental, Recon and Reporting.

As of this writing here are the modules with its subcategories:

Discovery

---------

discovery/exploitable/http/dnn_fcklinkgallery

discovery/exploitable/http/generic_restaurantmenu

discovery/exploitable/http/webwiz_rte

discovery/info_disclosure/dns/cache_snoop

discovery/info_disclosure/http/backup_finder

discovery/info_disclosure/http/google_ids

discovery/info_disclosure/http/interesting_files

Experimental

------------

experimental/rce

Recon

-----

recon/contacts/enum/http/web/dev_diver

recon/contacts/enum/http/web/namechk

recon/contacts/enum/http/web/pwnedlist

recon/contacts/enum/http/web/should_change_password

recon/contacts/gather/http/api/jigsaw/point_usage

recon/contacts/gather/http/api/jigsaw/purchase_contact

recon/contacts/gather/http/api/jigsaw/search_contacts

recon/contacts/gather/http/api/linkedin_auth

recon/contacts/gather/http/api/twitter

recon/contacts/gather/http/api/whois_pocs

recon/contacts/gather/http/web/jigsaw

recon/contacts/gather/http/web/pgp_search

recon/contacts/support/add_contact

recon/contacts/support/mangle

recon/creds/enum/http/api/leakdb

recon/creds/enum/http/api/noisette

recon/creds/gather/http/api/pwnedlist/account_creds

recon/creds/gather/http/api/pwnedlist/api_usage

recon/creds/gather/http/api/pwnedlist/domain_creds

recon/creds/gather/http/api/pwnedlist/domain_ispwned

recon/creds/gather/http/api/pwnedlist/leak_lookup

recon/creds/gather/http/api/pwnedlist/leaks_dump

recon/hosts/enum/dns/resolve

recon/hosts/enum/http/api/builtwith

recon/hosts/enum/http/api/punkspider

recon/hosts/enum/http/api/wascompanyhacked

recon/hosts/enum/http/api/whatweb

recon/hosts/enum/http/api/whois_lookup

recon/hosts/enum/http/web/age_analyzer

recon/hosts/enum/http/web/asafaweb

recon/hosts/enum/http/web/gender_analyzer

recon/hosts/enum/http/web/ipvoid

recon/hosts/enum/http/web/malwaredomain

recon/hosts/enum/http/web/mywot

recon/hosts/enum/http/web/netbios

recon/hosts/enum/http/web/netcraft_history

recon/hosts/enum/http/web/open_resolvers

recon/hosts/enum/http/web/urlvoid

recon/hosts/enum/http/web/web_archive

recon/hosts/enum/http/web/xssed

recon/hosts/gather/dns/brute_force

recon/hosts/gather/http/api/bing_ip

recon/hosts/gather/http/api/google_site

recon/hosts/gather/http/api/shodan_hostname

recon/hosts/gather/http/web/baidu_site

recon/hosts/gather/http/web/bing_site

recon/hosts/gather/http/web/census_2012

recon/hosts/gather/http/web/google_site

recon/hosts/gather/http/web/ip_neighbor

recon/hosts/gather/http/web/mcafee/mcafee_affil

recon/hosts/gather/http/web/mcafee/mcafee_dns

recon/hosts/gather/http/web/mcafee/mcafee_mail

recon/hosts/gather/http/web/netcraft

recon/hosts/gather/http/web/yahoo_site

recon/hosts/geo/http/api/hostip

recon/hosts/geo/http/api/ipinfodb

recon/hosts/geo/http/api/maxmind

recon/hosts/geo/http/api/uniapple

recon/hosts/geo/http/web/wigle

recon/hosts/support/add_host

Reporting

---------

reporting/csv_file

reporting/html_report

reporting/list

I am also one of the contributors for this framework and has contributed mostly to the Discovery modules.

recon-ng.png

In this article I'm going to emphasize the Backup File Finder module which I authored together with Tim Tomes (the main developer of Recon-ng). This module can be used for checking specific hosts for exposed backup files. The default configuration searches for wp-config.php files which contain WordPress database configuration information.

As a side note, this module is inspired by cmsploit.

Basic Usage:

load discovery/info_disclosure/http/backup_finder (use the module)

show options (shows the options that can be set for the module)

set source target.com (the host you want to crawl)

set uri config_file (configuration file you want to check, ex. wp-config.php)

Here is the screenshot of the Backup File Finder's actual crawling.

finder.jpg

Now, here is what's inside in a typical configuration file:

define('DB_NAME', 'wordpress');

/** MySQL database username */

define('DB_USER', 'root');

/** MySQL database password */

define('DB_PASSWORD', 'passwd');

/** MySQL hostname */

define('DB_HOST', 'localhost');

/** Database Charset to use in creating database tables. */

define('DB_CHARSET', 'utf8');

/** The Database Collate type. Don't change this if in doubt. */

define('DB_COLLATE', '');

List of the various configuration files used by popular CMS' which can be set to the option uri:

wp-config.php >> WordPress

config.php >> phpBB, ExpressionEngine

configuration.php >> Joomla

LocalSettings.php >>MediaWiki

mt-config.cgi >> Movable Type

settings.php >> Drupal

About The Author

This article has been written by Jay Turla, he is a security researcher at Infosec, along with security research he also performs vulnerability research too.

Resources:

https://bitbucket.org/LaNMaSteR53/recon-ng

The Recon-ng Framework : Automated Information Gathering

1% of CMS-Powered Sites Expose Their Database Passwords

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...