Recon-ng
•Download as PPTX, PDF•
1 like•1,352 views
When we are mostly interested in our day to day job profile such as Pentesting or area of interest such as bug bounty, due to tight deadline or faster bug submission sometime we forget the important part of the process i.e reconnaissance. For lazy people like me who don't want to miss this step but also not interested in spending much time trying different tools, here is a framework recon-ng(https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide) by Lanmaster. In this presentation i will discuss about different modules of this framework, how it will automate almost everything for us and how to integrate it with other tool to complete pentesting process starting from information gathering to post exploitation. KeepCalmAndStartReconnaissance. This was presented at Null Bangalore Chapter (Saturday April 25 2015, 11:55 AM) You can watch the presentation https://www.youtube.com/watch?v=VrpMSEOtaYc 1:59:03 - 2:53:12
Recommended
More Related Content
More from Nutan Kumar Panda
Recently uploaded
Recently uploaded (20)
Recon-ng
- 2. Who am i? Nutan Kumar Panda @theosintguy An Infosec Professional An Osint Enthusiast Game Of Thrones Fan
- 3. Disclaimer इस डेमो का ि कसी भी साइट या संगठन को आहत करने का इरादा नह ं है। प्रस्तोता आपत्तिजनक सामग्री के ि कसी भी प्रकार के उपयोग ना करने के लिए अपने स्तर पर पूर कोलिि की है। अगर ि कसी को भी कु छ आक्रामक िगताहैतो हम लसर्फ संयोग के रूप में िेंगे।
- 4. Agenda • OSINT • Recon-ng • Modules • Test cases • Demo
- 5. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. Define: Osint
- 6. Why Osint? • Freely available data • Open data • Part of passive reconnaissance • Powerful as dragon • Way to hidden treasure
- 7. You may get almost everything
- 8. Share less and Search more
- 9. Keep calm and use OSINT
- 10. Recon-ng • This is an open source tool written in python majorly by Tim Tomes(@Lanmaster53). • This project was one of its kind in terms of complete OSINT framework. • Using this you can do wonders. The tool : https://bitbucket.org/LaNMaSteR53/recon-ng The user guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide The development guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Development%20Guide
- 11. 1. Discovery 2. Exploitation 3. Import 4. Recon 5. Reporting Modules
- 12. Test Case • Gather email id • Find whether email is hacked or not • Physical tracking • Vulnerability hunt • Port scanning • Exploitation
- 13. Brace yourself for the Demo https://www.youtube.com/watch?v=vkmNTNl6urw
- 14. Special Mention Greets to @lanmaster53
- 15. Rally the realm and spread the word Greets to Sudhanshu Chauhan
- 16. Last Words???
- 17. Until The Next Meet: valar dohaeris
Editor's Notes
- I tried my level best not to offend anyone
- We use it in our day to day pentest or bug bounty Google site: Github dork Bing ip2host Test creditcards Fake addresses Email id harvest
- Maltego harvester
- Default credentials Admin consoles paths Many payloads
- Its better to know the enemy and it helps us to win over
- Our demo ll prove it
- Interactive Quite same as MSF Modular Scriptable Well documented and well maintained
- Discovery (Active recon with sending packet) Exploitation (Using payload) Import (to add list or prev projs) Recon (passive recon) Report (xml or html)
- DerbyCon Look Ma No Exploits The Recon Ng Framework Tim Lanmaster53 Tomes help Workspaces Workspaces list to get the lists Workspaces add osint Keys list to see which keys has been added https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide#!acquiring-api-keys Add bing key fVGoRoqI5ZHSle5ZM0B3o0LSAsINFZ+l9AkA2gFiF4s Show Modules (Take a domain and dig deeper) recon/domains-hosts/bing_domain_api(to get whole bunch of hosts from domain) Show info set SOURCE fbi.gov Run recon/domains-hosts/bing_domain_web use recon/domains-hosts/netcraft (to get more hosts) http://toolbar.netcraft.com/site_report Show dashboard to see what we did so far Show hosts host table Lets fill the table with ips first use recon/hosts-hosts/resolve use recon/hosts-hosts/bing_ip Lets look for some technology information bug bounty $$$ Use recon/domains-hosts/builtwith to get technology idea recon/domains-vulnerabilities/punkspider to get free bugs Show in site http://punkspider.hyperiongray.com/ race360 Lets get some contact details Use recon/domains-contacts/whois_pocs Show contacts use recon/domains-contacts/pgp_search Harvest info from a perticular place about our target Use recon/profiles-profiles/namechk makash :P Get credentials use recon/contacts-credentials/hibp_paste for google@gmail.com Check for the downloaded files for more info :P Will get password and hashes Now save proj use reporting/html
- Last night also he did some update
- Shameless promotions 1may labor day release
- Any queries???
- tada