In this article by Ishan Girdhar, author of the book, Kali Linux Intrusion and Exploitation Cookbook, we will cover the following recipes:
- Setup API keys for the recon-ng framework
- Use recon-ng for reconnaissance
(For more resources related to this topic, see here.)
Setting up API keys for recon-ng framework
In this recipe, we will see how we need to set up API keys before we start using recon-ng. Recon-ng is one of the most powerful information gathering tools, if used appropriately, it can help pentesters locating good amount of information from public sources. With the latest version available, recon-ng provides the flexibility to set it up as your own app/client in various social networking websites.
Getting ready
For this recipe, you require an Internet connection and web browser.
How to do it...
- To set up recon-ng API keys, open the terminal and launch recon-ng and type the commands shown in the following screenshot:
- Next, type keys list as shown in the following screenshot:
- Let's start by adding twitter_API & twitter_secret. Log in to Twitter, go to https://apps.twitter.com/, and create a new application as shown in the following screenshot:
- Click on Create Application once the application is created, navigate to Keys & Access tokens tabs, and copy the secret key and API key as shown in the following screenshot:
- Copy the API key and reopen the terminal window again run the following command to add the key:
Keys add twitter_api <your-copied-api-key>
- Now, enter the following command to enter the twitter_secret name in recon-ng:
keys add twitter_secret <you_twitter_secret>
- Once you added the keys, you can see the keys added in the recon-ng tool by entering the following command:
keys list
How it works...
In this recipe, you learned how to add API keys to the recon-ng tool. To demonstrate the same, we have created a Twitter application and used Twitter_API and Twitter_Secret and added them to the recon-ng tool. The result is as shown in the following screenshot:
Similarly, you will need to include all the API keys here in the recon-ng if you want to gather information from these sources.
In next recipe, you will learn how to use recon-ng for information gathering.
Use recon-ng for reconnaissance
In this recipe, you will learn to use recon-ng for reconnaissance. Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built-in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime
Getting ready
To install Kali Linux, you will require an Internet connection.
How to do it...
- Open a terminal and start the recon-ng framework, as shown in the following screenshot:
- Recon-ng has the look and feel like that of Metasploit. To see all the available modules, enter the following command:
show modules
- Recon-ng will list all available modules, as shown in the following screenshot:
- Let's go ahead and use our first module for information gathering. Enter the following command:
use recon/domains-vulnerabilities/punkspider
- Now, enter the commands shown in the following screenshot:
- As you can see, there are some vulnerabilities discovered and are available publically.
- Let's use another module that fetches any known and reported vulnerabilities from xssed.com. The XSSed project was created in early February 2007 by KF and DP. It provides information on all things related to cross-site scripting vulnerabilities and is the largest online archive of XSS vulnerable websites. It's a good repository of XSS to gather information. To begin with, enter the following command:
Show module
use recon/domains-vulnerabilities/xssed
Show Options
Set source Microsoft.com
Show Options
RUN
You will see the following output:
- As you can see, recon-ng has aggregated the publically available vulnerabilities from XSSed, as shown in the following screenshot:
- Similarly, you can keep using the different modules until and unless you get your required information regarding your target.
Summary
In this article, you learned how to add API keys to the recon-ng tool. To demonstrate the same, we have created a Twitter application and used Twitter_API and Twitter_Secret and added them to the recon-ng tool. You also learned how to use recon-ng for reconnaissance.
Resources for Article:
Further resources on this subject: