Recon-ng

Recon-ngn|u Bangalore MeetRecon-ngWho am i?Nutan Kumar Panda@theosintguyAn Infosec ProfessionalAn Osint EnthusiastGame Of Thrones Fan Disclaimer I tried my level best not to offend anyone 3AgendaOSINTRecon-ngModulesTest casesDemo4Open-source intelligence (OSINT) is intelligence collected from publicly available sources.Define: OsintWe use it in our day to day pentest or bug bountyGoogle site:Github dorkBing ip2hostTest creditcardsFake addressesEmail id harvest5Why Osint?Freely available dataOpen dataPart of passive reconnaissancePowerful as dragonWay to hidden treasureMaltego harvester6You may get almost everythingDefault credentialsAdmin consoles pathsMany payloads7Share less and Search moreIts better to know the enemy and it helps us to win over8Keep calm and use OSINTOur demo ll prove it9Recon-ngThis is an open source tool written in python majorly by Tim Tomes(@Lanmaster53). This project was one of its kind in terms of complete OSINT framework.Using this you can do wonders.The tool : https://bitbucket.org/LaNMaSteR53/recon-ngThe user guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20GuideThe development guide: https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Development%20GuideInteractiveQuite same as MSFModularScriptable Well documented and well maintained101. Discovery2. Exploitation3. Import4. Recon5. ReportingModulesDiscovery (Active recon with sending packet)Exploitation (Using payload)Import (to add list or prev projs)Recon (passive recon)Report (xml or html)11Test CaseGather email idFind whether email is hacked or notPhysical trackingVulnerability huntPort scanningExploitation12Brace yourself for the Demohttps://www.youtube.com/watch?v=vkmNTNl6urwDerbyCon Look Ma No Exploits The Recon Ng Framework Tim Lanmaster53 TomeshelpWorkspacesWorkspaces list to get the listsWorkspaces add osintKeys list to see which keys has been addedhttps://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide#!acquiring-api-keysAdd bing key fVGoRoqI5ZHSle5ZM0B3o0LSAsINFZ+l9AkA2gFiF4sShow Modules (Take a domain and dig deeper)recon/domains-hosts/bing_domain_api(to get whole bunch of hosts from domain)Show infoset SOURCE fbi.govRunrecon/domains-hosts/bing_domain_webuse recon/domains-hosts/netcraft (to get more hosts) http://toolbar.netcraft.com/site_reportShow dashboard to see what we did so farShow hostshost tableLets fill the table with ips firstuse recon/hosts-hosts/resolveuse recon/hosts-hosts/bing_ipLets look for some technology information bug bounty $$$Use recon/domains-hosts/builtwithto get technology idearecon/domains-vulnerabilities/punkspider to get free bugsShow in site http://punkspider.hyperiongray.com/ race360Lets get some contact detailsUse recon/domains-contacts/whois_pocsShow contactsuse recon/domains-contacts/pgp_searchHarvest info from a perticular place about our targetUse recon/profiles-profiles/namechk makash :PGet credentialsuse recon/contacts-credentials/hibp_pastefor google@gmail.comCheck for the downloaded files for more info :PWill get password and hashesNow save projuse reporting/html13Special MentionGreets to @lanmaster53Last night also he did some update14Rally the realm and spread the wordGreets to Sudhanshu ChauhanShameless promotions 1may labor day release15Last Words???Any queries???16Until The Next Meet: valar dohaeristada17