KailLinux Penetration Testing Training Manual Chapter 3rd Information Collection

KailLinux Penetration Testing Training Manual Chapter 3rd Information Collection
Kail Linux Penetration Testing Training Manual Chapter 3rd Information Collection

Information collection is one of the most important stages of network attacks. To conduct penetration attacks, you need to collect various types of information about the target. The more information is collected, the higher the probability of successful attacks. This chapter describes information collection tools. This document is selected from the "Kail Linux Penetration Testing Training Manual".

3.1 Recon-NG framework

Recon-NG is an open-source Web reconnaissance (Information Collection) framework written by python. The Recon-ng framework is a powerful tool that can be used to automatically collect information and perform network detection. The following describes how to use the Recon-NG detection tool.

Start the Recon-NG framework and execute the following command: This document is selected from the Kail Linux penetration testing training manual.

Root @ kali :~ # Recon-ng _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _/+ rows + | _ ___ _ | _) | _ |. | _ o _ (_ o _ | _) | (_ | _ \ _ | (_) | __) (/_ (_ | \/| Consulting | Research | Development | Training | http://www.blackhillsinfosec.com | + metrics + [recon-ng v4.1.4, tim Tomes (@ LaNMaSteR53)] [56] Recon modules [5] Reporting modules [2] Exploitation modules [2] Discovery les [1] Import modules [recon-ng] [Default]> the above output information displays the basic information of the Recon-NG framework. For example, in the Recon-NG framework, 56 investigation modules, 5 Report modules, 2 penetration Attack Modules, 2 discovery modules, and 1 import module are included. The [recon-ng] [default]> prompt indicates that the Recon-NG framework is successfully logged on. Now, you can execute various operation commands at the end of the [recon-ng] [default]> prompt. This document is selected from the "Kail Linux Penetration Testing Training Manual".

Before using the Recon-NG framework for the first time, you can use the help command to view all executable commands. As follows:

[Recon-ng] [default]> helpCommands (type [help |?] <Topic> ): add Adds records to the specified Exits current prompt leveldel Deletes records from the databaseexit Exits current prompt levelhelp Displays this variable Manages framework API keysload Loads specified Starts a Python Debugger sessionquery Queries the specified Records commands to a resource ready Reloads all modulesresource Executes commands from a resource filesearch Searches available modulesset Sets module contains Executes shell commandsshow Shows varous framework extends Spools output to a fileunset Unsets module implements Loads specified manage es workspaces

The above output information shows the commands that can be run in the Recon-NG framework. This framework is similar to the Metasploit framework and also supports many modules. In this case, you can use the show modules command to view the list of all valid modules. Run the following command: This document is from the "Kail Linux penetration test training manual".

[Recon-ng] [default]> show modules Discovery ------- discovery/Discovery discovery/interesting_files Exploitation ------------ exploitation/injection/export exploitation/injection/Export Import ------ import/csv_file recon ----- recon/companies-contacts/facebook recon/companies-contacts/jigsaw/point_usage recon/comp Anies-contacts/docs recon/companies-contacts/docs recon/contacts-contacts/mangle recon/contacts-contacts/namechk recon/contacts -contacts/rapportive recon/contacts-creds/haveibeenpwned ...... Recon/hosts-hosts/bing_ip recon/hosts-hosts/ip_neighbor recon/hosts-hosts/ipinfodb recon/hosts-hosts/resolve recon/hosts-hosts/reverse_resolve recon/locations /geocode recon/locations-locations/reverse_geocode recon/locations-pushpins/flicker recon/locations-pushpins/picasa recon/locations-pushpins/shodan recon/locations-pushpins/twitter recon/locations -pushpins/youtube recon/netblocks-hosts/reverse_resolve recon/netblocks-hosts/shodan_net recon/netblocks-ports/census_2012 Reporting --------- reporting/csv reporting/html reporting/list reporting/pushpin reporting /xml [recon-ng] [default]>

The output information shows five parts. The number of modules in each part, which can be seen after the Recon-NG framework is started. Users can use different modules to collect various information. This document is selected from the "Kail Linux Penetration Testing Training Manual".