Click here to load reader

Post on 18-Jul-2015



Data & Analytics

4 download

Embed Size (px)



n|u Bangalore MeetRecon-ng

Who am i?

Nutan Kumar [email protected] Infosec ProfessionalAn Osint EnthusiastGame Of Thrones Fan


I tried my level best not to offend anyone 3Agenda

OSINTRecon-ngModulesTest casesDemo


Open-source intelligence (OSINT) is intelligence collected from publicly available sources.Define: Osint

We use it in our day to day pentest or bug bountyGoogle site:Github dorkBing ip2hostTest creditcardsFake addressesEmail id harvest5Why Osint?

Freely available dataOpen dataPart of passive reconnaissancePowerful as dragonWay to hidden treasure

Maltego harvester

6You may get almost everything

Default credentialsAdmin consoles pathsMany payloads7Share less and Search more

Its better to know the enemy and it helps us to win over8Keep calm and use OSINT

Our demo ll prove it9Recon-ng

This is an open source tool written in python majorly by Tim Tomes(@Lanmaster53). This project was one of its kind in terms of complete OSINT framework.Using this you can do wonders.The tool : user guide: development guide:

InteractiveQuite same as MSFModularScriptable Well documented and well maintained10

1. Discovery2. Exploitation3. Import4. Recon5. ReportingModules

Discovery (Active recon with sending packet)Exploitation (Using payload)Import (to add list or prev projs)Recon (passive recon)Report (xml or html)11Test Case

Gather email idFind whether email is hacked or notPhysical trackingVulnerability huntPort scanningExploitation

12Brace yourself for the Demo Look Ma No Exploits The Recon Ng Framework Tim Lanmaster53 TomeshelpWorkspacesWorkspaces list to get the listsWorkspaces add osintKeys list to see which keys has been added!acquiring-api-keysAdd bing key fVGoRoqI5ZHSle5ZM0B3o0LSAsINFZ+l9AkA2gFiF4sShow Modules (Take a domain and dig deeper)recon/domains-hosts/bing_domain_api(to get whole bunch of hosts from domain)Show infoset SOURCE fbi.govRunrecon/domains-hosts/bing_domain_webuse recon/domains-hosts/netcraft (to get more hosts) dashboard to see what we did so farShow hostshost tableLets fill the table with ips firstuse recon/hosts-hosts/resolveuse recon/hosts-hosts/bing_ipLets look for some technology information bug bounty $$$Use recon/domains-hosts/builtwithto get technology idearecon/domains-vulnerabilities/punkspider to get free bugsShow in site race360Lets get some contact detailsUse recon/domains-contacts/whois_pocsShow contactsuse recon/domains-contacts/pgp_searchHarvest info from a perticular place about our targetUse recon/profiles-profiles/namechk makash :PGet credentialsuse recon/contacts-credentials/hibp_pastefor [email protected] for the downloaded files for more info :PWill get password and hashesNow save projuse reporting/html

13Special Mention

Greets to @lanmaster53

Last night also he did some update14Rally the realm and spread the wordGreets to Sudhanshu Chauhan

Shameless promotions 1may labor day release15Last Words???

Any queries???16Until The Next Meet: valar dohaeris