Recon-ng

<p>Recon-ng</p> <p>n|u Bangalore MeetRecon-ng</p> <p>Who am i?</p> <p>Nutan Kumar Panda@theosintguyAn Infosec ProfessionalAn Osint EnthusiastGame Of Thrones Fan </p> <p>Disclaimer</p> <p>I tried my level best not to offend anyone 3Agenda</p> <p>OSINTRecon-ngModulesTest casesDemo</p> <p>4</p> <p>Open-source intelligence (OSINT) is intelligence collected from publicly available sources.Define: Osint</p> <p>We use it in our day to day pentest or bug bountyGoogle site:Github dorkBing ip2hostTest creditcardsFake addressesEmail id harvest5Why Osint?</p> <p>Freely available dataOpen dataPart of passive reconnaissancePowerful as dragonWay to hidden treasure</p> <p>Maltego harvester</p> <p>6You may get almost everything</p> <p>Default credentialsAdmin consoles pathsMany payloads7Share less and Search more</p> <p>Its better to know the enemy and it helps us to win over8Keep calm and use OSINT</p> <p>Our demo ll prove it9Recon-ng</p> <p>This is an open source tool written in python majorly by Tim Tomes(@Lanmaster53). This project was one of its kind in terms of complete OSINT framework.Using this you can do wonders.The tool : https://bitbucket.org/LaNMaSteR53/recon-ngThe user guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20GuideThe development guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Development%20Guide</p> <p>InteractiveQuite same as MSFModularScriptable Well documented and well maintained10</p> <p>1. Discovery2. Exploitation3. Import4. Recon5. ReportingModules</p> <p>Discovery (Active recon with sending packet)Exploitation (Using payload)Import (to add list or prev projs)Recon (passive recon)Report (xml or html)11Test Case</p> <p>Gather email idFind whether email is hacked or notPhysical trackingVulnerability huntPort scanningExploitation</p> <p>12Brace yourself for the Demo</p> <p>https://www.youtube.com/watch?v=vkmNTNl6urwDerbyCon Look Ma No Exploits The Recon Ng Framework Tim Lanmaster53 TomeshelpWorkspacesWorkspaces list to get the listsWorkspaces add osintKeys list to see which keys has been addedhttps://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide#!acquiring-api-keysAdd bing key fVGoRoqI5ZHSle5ZM0B3o0LSAsINFZ+l9AkA2gFiF4sShow Modules (Take a domain and dig deeper)recon/domains-hosts/bing_domain_api(to get whole bunch of hosts from domain)Show infoset SOURCE fbi.govRunrecon/domains-hosts/bing_domain_webuse recon/domains-hosts/netcraft (to get more hosts) http://toolbar.netcraft.com/site_reportShow dashboard to see what we did so farShow hostshost tableLets fill the table with ips firstuse recon/hosts-hosts/resolveuse recon/hosts-hosts/bing_ipLets look for some technology information bug bounty $$$Use recon/domains-hosts/builtwithto get technology idearecon/domains-vulnerabilities/punkspider to get free bugsShow in site http://punkspider.hyperiongray.com/ race360Lets get some contact detailsUse recon/domains-contacts/whois_pocsShow contactsuse recon/domains-contacts/pgp_searchHarvest info from a perticular place about our targetUse recon/profiles-profiles/namechk makash :PGet credentialsuse recon/contacts-credentials/hibp_pastefor google@gmail.comCheck for the downloaded files for more info :PWill get password and hashesNow save projuse reporting/html</p> <p>13Special Mention</p> <p>Greets to @lanmaster53</p> <p>Last night also he did some update14Rally the realm and spread the wordGreets to Sudhanshu Chauhan</p> <p>Shameless promotions 1may labor day release15Last Words???</p> <p>Any queries???16Until The Next Meet: valar dohaeris</p> <p>tada17</p>