recon-ng
Post on 18-Jul-2015
281 views
Embed Size (px)
TRANSCRIPT
Recon-ng
n|u Bangalore MeetRecon-ng
Who am i?
Nutan Kumar Panda@theosintguyAn Infosec ProfessionalAn Osint EnthusiastGame Of Thrones Fan
Disclaimer
I tried my level best not to offend anyone 3Agenda
OSINTRecon-ngModulesTest casesDemo
4
Open-source intelligence (OSINT) is intelligence collected from publicly available sources.Define: Osint
We use it in our day to day pentest or bug bountyGoogle site:Github dorkBing ip2hostTest creditcardsFake addressesEmail id harvest5Why Osint?
Freely available dataOpen dataPart of passive reconnaissancePowerful as dragonWay to hidden treasure
Maltego harvester
6You may get almost everything
Default credentialsAdmin consoles pathsMany payloads7Share less and Search more
Its better to know the enemy and it helps us to win over8Keep calm and use OSINT
Our demo ll prove it9Recon-ng
This is an open source tool written in python majorly by Tim Tomes(@Lanmaster53). This project was one of its kind in terms of complete OSINT framework.Using this you can do wonders.The tool : https://bitbucket.org/LaNMaSteR53/recon-ngThe user guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20GuideThe development guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Development%20Guide
InteractiveQuite same as MSFModularScriptable Well documented and well maintained10
1. Discovery2. Exploitation3. Import4. Recon5. ReportingModules
Discovery (Active recon with sending packet)Exploitation (Using payload)Import (to add list or prev projs)Recon (passive recon)Report (xml or html)11Test Case
Gather email idFind whether email is hacked or notPhysical trackingVulnerability huntPort scanningExploitation
12Brace yourself for the Demo
https://www.youtube.com/watch?v=vkmNTNl6urwDerbyCon Look Ma No Exploits The Recon Ng Framework Tim Lanmaster53 TomeshelpWorkspacesWorkspaces list to get the listsWorkspaces add osintKeys list to see which keys has been addedhttps://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide#!acquiring-api-keysAdd bing key fVGoRoqI5ZHSle5ZM0B3o0LSAsINFZ+l9AkA2gFiF4sShow Modules (Take a domain and dig deeper)recon/domains-hosts/bing_domain_api(to get whole bunch of hosts from domain)Show infoset SOURCE fbi.govRunrecon/domains-hosts/bing_domain_webuse recon/domains-hosts/netcraft (to get more hosts) http://toolbar.netcraft.com/site_reportShow dashboard to see what we did so farShow hostshost tableLets fill the table with ips firstuse recon/hosts-hosts/resolveuse recon/hosts-hosts/bing_ipLets look for some technology information bug bounty $$$Use recon/domains-hosts/builtwithto get technology idearecon/domains-vulnerabilities/punkspider to get free bugsShow in site http://punkspider.hyperiongray.com/ race360Lets get some contact detailsUse recon/domains-contacts/whois_pocsShow contactsuse recon/domains-contacts/pgp_searchHarvest info from a perticular place about our targetUse recon/profiles-profiles/namechk makash :PGet credentialsuse recon/contacts-credentials/hibp_pastefor google@gmail.comCheck for the downloaded files for more info :PWill get password and hashesNow save projuse reporting/html
13Special Mention
Greets to @lanmaster53
Last night also he did some update14Rally the realm and spread the wordGreets to Sudhanshu Chauhan
Shameless promotions 1may labor day release15Last Words???
Any queries???16Until The Next Meet: valar dohaeris
tada17