Kail Linux Penetration Test Training manual Chapter 3rd information collection

Source: Internet
Author: User

Kail Linux Penetration Test Training manual Chapter 3rd information collection

Information collection is one of the most important stages of cyber attack. To infiltrate an attack, you need to collect all kinds of information about the target. The more information gathered, the greater the probability of a successful attack. This chapter describes the tools for collecting information. This article is selected from the "Kail Linux penetration Test training manual"

3.1 Recon-ng Frame

Recon-ng is an open-source web reconnaissance (information gathering) framework written by Python. The RECON-NG framework is a powerful tool used to automatically collect information and network detection. The following describes the use of the Recon-ng Scout tool.

To start the Recon-ng framework, execute the command as follows: This article is selected from the Kail Linux penetration test training manual

  • [Email protected]:~# recon-ng
  • _/_/_/    _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/
  • _/    _/  _/        _/        _/      _/  _/_/    _/            _/_/    _/  _/
  • _/_/_/    _/_/_/    _/        _/      _/  _/  _/  _/  _/_/_/_/  _/  _/  _/  _/  _/_/_/
  • _/    _/  _/        _/        _/      _/  _/    _/_/            _/    _/_/  _/      _/
  • _/    _/  _/_/_/_/    _/_/_/    _/_/_/    _/      _/            _/      _/    _/_/_/
  • +---------------------------------------------------------------------------+
  • | _                     ___    _                        __                 |
  • | |_)| _  _|_  |_|.||  _   | _ |_ _ _ _ _ _ _|_o _ _ _ _ _ _ _o_|_ |
  • | |_)| (_| (_|\  | |||| _\  _|_| || (_)| ||| (_| | |  (_)| | __)(/_(_|_|| | | \/ |
  • | /  |
  • | Consulting | | Development | Training |
  • | http://www.blackhillsinfosec.com |
  • +---------------------------------------------------------------------------+
  • [Recon-ng v4.1.4, Tim tomes (@LaNMaSteR53)]
  • [Recon] Modules
  • [5] Reporting modules
  • [2] Exploitation modules
  • [2] Discovery modules
  • [1] Import modules
  • [Recon-ng] [Default] >
The above output information shows the basic information of the RECON-NG framework. For example, under the Recon-ng framework, there are 56 reconnaissance modules, 5 reporting modules, 2 penetration attack modules, 2 discovery modules, and one import module. See [Recon-ng][default] > Prompt for successful login to Recon-ng framework. You can now perform various operations commands at the end of the [Recon-ng][default] > prompt.This article is selected from the "Kail Linux penetration Test training manual"

Before you use the RECON-NG framework for the first time, you can use the Help command to view all executable commands. As shown below:

  • [Recon-ng] [Default] > Help
  • Commands (Type [help|?] <topic>):
  • ---------------------------------
  • Add Adds records to the database
  • Back Exits current prompt level
  • Del deletes records from the database
  • Exit Exits Current Prompt level
  • Help displays this menu
  • Keys manages framework API keys
  • Load Loads specified module
  • PDB starts a Python Debugger session
  • Query Queries the database
  • Record Records commands to a resource file
  • Reload reloads all modules
  • Resource executes commands from a resource file
  • Search searches available Modules
  • Set Sets module options
  • Shell executes shell commands
  • Show shows various framework items
  • Spool spools output to a file
  • unset unsets Module Options
  • Use Loads specified module
  • Workspaces manages workspaces

The above output information shows the commands that can be run in the Recon-ng framework. The framework is similar to the Metasploit framework and also supports many modules. At this point, you can use the show modules command to see a list of all valid modules. The execution commands are as follows: This article is selected from the Kail Linux penetration test training manual

  • [Recon-ng] [Default] > Show modules
  • Discovery
  • ---------
  • Discovery/info_disclosure/cache_snoop
  • Discovery/info_disclosure/interesting_files
  • Exploitation
  • ------------
  • Exploitation/injection/command_injector
  • Exploitation/injection/xpath_bruter
  • Import
  • ------
  • Import/csv_file
  • Recon
  • -----
  • Recon/companies-contacts/facebook
  • Recon/companies-contacts/jigsaw
  • Recon/companies-contacts/jigsaw/point_usage
  • Recon/companies-contacts/jigsaw/purchase_contact
  • Recon/companies-contacts/jigsaw/search_contacts
  • Recon/companies-contacts/linkedin_auth
  • Recon/contacts-contacts/mangle
  • Recon/contacts-contacts/namechk
  • Recon/contacts-contacts/rapportive
  • recon/contacts-creds/haveibeenpwned
  • ......
  • Recon/hosts-hosts/bing_ip
  • Recon/hosts-hosts/ip_neighbor
  • Recon/hosts-hosts/ipinfodb
  • Recon/hosts-hosts/resolve
  • Recon/hosts-hosts/reverse_resolve
  • Recon/locations-locations/geocode
  • Recon/locations-locations/reverse_geocode
  • Recon/locations-pushpins/flickr
  • Recon/locations-pushpins/picasa
  • Recon/locations-pushpins/shodan
  • Recon/locations-pushpins/twitter
  • Recon/locations-pushpins/youtube
  • Recon/netblocks-hosts/reverse_resolve
  • Recon/netblocks-hosts/shodan_net
  • recon/netblocks-ports/census_2012
  • Reporting
  • ---------
  • Reporting/csv
  • Reporting/html
  • Reporting/list
  • Reporting/pushpin
  • Reporting/xml
  • [Recon-ng] [Default] >

From the output information, you can see that five parts are displayed. The number of modules included in each section can be seen after starting the recon-ng frame. Users can use different modules for various kinds of information collection. This article is selected from the "Kail Linux penetration Test training manual"

Kail Linux Penetration Test Training manual Chapter 3rd information collection

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.