Hack Like a Pro: Information Gathering with Recon-ng
Recon-ng is a powerful tool, which allows to collect Information and recognize the network automatically.
This Tool automates many steps taken in the initial process of a penetration test.
It can automatically include numerous websites to obtain passive information about the objective of evaluation, or even actively test data for the object itself.
Recon-ng has numerous functionalities, which allows collecting user information for social engineering attacks, and network information to map it, and much more.
You can think of Recon-ng as a simile to the Metasploit Framework to collect information. Anyone familiar with Metasploit Framework will feel comfortable with its interface.
Basically, you can use Recon-ng to collect information about an evaluation objective, and then attack it using the Metasploit Framework.
Recon-ng is executed from the console.
The “help” command provides a list of commands.
Similarly When you write “show modules” a list of available modules will be displayed.
The modules are used to carry out the recognition process. Several types of available modules can be displayed.
Some of these modules are passive; they will never touch the target network, while some will directly test and may even attack the systems.
These modules follow a defined nomenclature.
For example “recon / domains-hosts / google_site_web”. “Recon” indicates is a recognition module. “Domains-hosts” indicates convert data from “domains” to “hostnames”.
And “google_site_web” indicates the use of Google to perform the search.
That module is, therefore, a recognition module, which uses the Google website to convert domain names into individual hostnames added to a domain. Information Gathering
When the module is used, execute the “use” command.
The “show info” command allows you to view information about the module.
“Show options” allows visualizing the feasible variables to be configured.
The “set” command is used to adjust the variables and finally to execute the “run” command is used.
Annotation on the variable “SOURCE”. For a single objective, you should frequently only enter the target URL or an individual email address within the field of the variable “SOURCE”.
Above all you could also enter a file containing multiple variables or use a database query as input.
A BEGINNERS GUIDE TO CYBERSECURITY TRAINING, CERTIFICATION AND JOBS
Some More Interesting Pieces of Stuff For You
If that’s the case, feel free to visit these helpful links
♦ How to become a Hacker After 12th?
♦ How to Start your Career in Hacking?
♦ What is the future of Ethical Hacking & Cyber Security In India?
♦ What kinds of Job are there in Cyber Security?
♦ What are the jobs for an Ethical Hacker?
For More Visit us at School Of Hacker’s