Kail Linux Penetration Test Training manual Chapter 3rd information collection
Information collection is one of the most important stages of cyber attack. To infiltrate an attack, you need to collect all kinds of information about the target. The more information gathered, the greater the probability of a successful attack. This chapter describes the tools for collecting information. This article is selected from the "Kail Linux penetration Test training manual"
3.1 Recon-ng Frame
Recon-ng is an open-source web reconnaissance (information gathering) framework written by Python. The RECON-NG framework is a powerful tool used to automatically collect information and network detection. The following describes the use of the Recon-ng Scout tool.
To start the Recon-ng framework, execute the command as follows: This article is selected from the Kail Linux penetration test training manual
- [Email protected]:~# recon-ng
- _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
- _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
- _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/
- _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/
- _/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/
- +---------------------------------------------------------------------------+
- | _ ___ _ __ |
- | |_)| _ _|_ |_|.|| _ | _ |_ _ _ _ _ _ _|_o _ _ _ _ _ _ _o_|_ |
- | |_)| (_| (_|\ | |||| _\ _|_| || (_)| ||| (_| | | (_)| | __)(/_(_|_|| | | \/ |
- | / |
- | Consulting | | Development | Training |
- | http://www.blackhillsinfosec.com |
- +---------------------------------------------------------------------------+
- [Recon-ng v4.1.4, Tim tomes (@LaNMaSteR53)]
- [Recon] Modules
- [5] Reporting modules
- [2] Exploitation modules
- [2] Discovery modules
- [1] Import modules
- [Recon-ng] [Default] >
The above output information shows the basic information of the RECON-NG framework. For example, under the Recon-ng framework, there are 56 reconnaissance modules, 5 reporting modules, 2 penetration attack modules, 2 discovery modules, and one import module. See [Recon-ng][default] > Prompt for successful login to Recon-ng framework. You can now perform various operations commands at the end of the [Recon-ng][default] > prompt.This article is selected from the "Kail Linux penetration Test training manual"
Before you use the RECON-NG framework for the first time, you can use the Help command to view all executable commands. As shown below:
- [Recon-ng] [Default] > Help
- Commands (Type [help|?] <topic>):
- ---------------------------------
- Add Adds records to the database
- Back Exits current prompt level
- Del deletes records from the database
- Exit Exits Current Prompt level
- Help displays this menu
- Keys manages framework API keys
- Load Loads specified module
- PDB starts a Python Debugger session
- Query Queries the database
- Record Records commands to a resource file
- Reload reloads all modules
- Resource executes commands from a resource file
- Search searches available Modules
- Set Sets module options
- Shell executes shell commands
- Show shows various framework items
- Spool spools output to a file
- unset unsets Module Options
- Use Loads specified module
- Workspaces manages workspaces
The above output information shows the commands that can be run in the Recon-ng framework. The framework is similar to the Metasploit framework and also supports many modules. At this point, you can use the show modules command to see a list of all valid modules. The execution commands are as follows: This article is selected from the Kail Linux penetration test training manual
- [Recon-ng] [Default] > Show modules
- Discovery
- ---------
- Discovery/info_disclosure/cache_snoop
- Discovery/info_disclosure/interesting_files
- Exploitation
- ------------
- Exploitation/injection/command_injector
- Exploitation/injection/xpath_bruter
- Import
- ------
- Import/csv_file
- Recon
- -----
- Recon/companies-contacts/facebook
- Recon/companies-contacts/jigsaw
- Recon/companies-contacts/jigsaw/point_usage
- Recon/companies-contacts/jigsaw/purchase_contact
- Recon/companies-contacts/jigsaw/search_contacts
- Recon/companies-contacts/linkedin_auth
- Recon/contacts-contacts/mangle
- Recon/contacts-contacts/namechk
- Recon/contacts-contacts/rapportive
- recon/contacts-creds/haveibeenpwned
- ......
- Recon/hosts-hosts/bing_ip
- Recon/hosts-hosts/ip_neighbor
- Recon/hosts-hosts/ipinfodb
- Recon/hosts-hosts/resolve
- Recon/hosts-hosts/reverse_resolve
- Recon/locations-locations/geocode
- Recon/locations-locations/reverse_geocode
- Recon/locations-pushpins/flickr
- Recon/locations-pushpins/picasa
- Recon/locations-pushpins/shodan
- Recon/locations-pushpins/twitter
- Recon/locations-pushpins/youtube
- Recon/netblocks-hosts/reverse_resolve
- Recon/netblocks-hosts/shodan_net
- recon/netblocks-ports/census_2012
- Reporting
- ---------
- Reporting/csv
- Reporting/html
- Reporting/list
- Reporting/pushpin
- Reporting/xml
- [Recon-ng] [Default] >
From the output information, you can see that five parts are displayed. The number of modules included in each section can be seen after starting the recon-ng frame. Users can use different modules for various kinds of information collection. This article is selected from the "Kail Linux penetration Test training manual"
Kail Linux Penetration Test Training manual Chapter 3rd information collection