Kali 中 recon-ng 的简单使用
一、recon-ng简介
- Web信息搜索框架
- 命令格式与 msf 一致
- 基于python开发
- 使用方法:模块,数据库,报告
二、简用教程
1、recon-ng 帮助命令
root@kali:~# recon-ng -h usage: recon-ng [-h] [-w workspace] [-r filename] [--no-version] [--no-analytics] [--no-marketplace] [--stealth] [--version] [--analytics] recon-ng - Tim Tomes (@lanmaster53) optional arguments: -h, --help show this help message and exit -w workspace load/create a workspace -r filename load commands from a resource file --no-version disable version check. Already disabled by default in Debian --no-analytics disable analytics reporting. Already disabled by default in Debian --no-marketplace disable remote module management --stealth disable all passive requests (--no-*) --version displays the current version --analytics enable analytics reporting. Send analytics to google
2、创建一个test工作区,如下
root@kali:~# recon-ng -w test [!] Unable to synchronize module index. (ConnectionError). [*] Version check disabled. _/_/_/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/ _/ _/ _/ _/_/_/ _/ _/ _/ _/ _/ _/ _/ _/_/ _/ _/_/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/_/_/ _/ _/ _/ _/ _/_/_/ /\ / \\ /\ Sponsored by... /\ /\/ \\V \/\ / \\/ // \\\\\ \\ \/\ // // BLACK HILLS \/ \\ www.blackhillsinfosec.com ____ ____ ____ ____ _____ _ ____ ____ ____ |____] | ___/ |____| | | | |____ |____ | | | \_ | | |____ | | ____| |____ |____ www.practisec.com [recon-ng v5.0.0, Tim Tomes (@lanmaster53)] [*] No modules enabled/installed. [recon-ng][test] >
- 备注:红色报错是recon-ng更新导致的(新版本模块需要自己手动安装),暂时忽略,后面解决
3、模块安装(解决上述报错)
(1)单个模块的安装,以brute_hosts为例
[recon-ng][default] > marketplace refresh [*] Marketplace index refreshed. [recon-ng][default] > marketplace search brute_hosts [*] Searching module index for 'brute_hosts'... +--------------------------------------------------------------------------------+ | Path | Version | Status | Updated | D | K | +--------------------------------------------------------------------------------+ | recon/domains-hosts/brute_hosts | 1.0 | not installed | 2019-06-24 | | | +--------------------------------------------------------------------------------+ D = Has dependencies. See info for details. K = Requires keys. See info for details. [recon-ng][default] > marketplace install recon/domains-hosts/brute_hosts [*] Module installed: recon/domains-hosts/brute_hosts [*] Reloading modules... [recon-ng][default] > modules load reload search [recon-ng][default] > modules reload [*] Reloading modules... [recon-ng][default] > modules search brute [*] Searching installed modules for 'brute'... Recon ----- recon/domains-hosts/brute_hosts [recon-ng][default] > use recon/domains-hosts/brute_hosts [!] Invalid command: use recon/domains-hosts/brute_hosts. [recon-ng][default] > modules load recon/domains-hosts/brute_hosts [recon-ng][default][brute_hosts] >options list Name Current Value Required Description -------- ------------- -------- ----------- SOURCE default yes source of input (see 'show info' for details) WORDLIST /root/.recon-ng/data/hostnames.txt yes path to hostname wordlist [recon-ng][default][brute_hosts] > options list set unset [recon-ng][default][brute_hosts] > options set SOURCE ???.com SOURCE => ???.com [recon-ng][default][brute_hosts] > run --------- BAIDU.COM --------- [*] No Wildcard DNS entry found. [*] 1.???.com => No record found. ……………… [*] b2c.???.com => No record found. ------- SUMMARY ------- [*] 85 total (80 new) hosts found. [recon-ng][default][brute_hosts] > show companies domains locations profiles vulnerabilities contacts hosts netblocks pushpins credentials leaks ports repositories [recon-ng][default][brute_hosts] > show hosts +----------------------------------------------------------------------------------------------------------------------+ | rowid | host | ip_address | region | country | latitude | longitude | module | +----------------------------------------------------------------------------------------------------------------------+ | 1 | wwwyq.n.???.com | | | | | | brute_hosts | ……………… | 80 | b2b.???.com | xxx.xxx.212.101 | | | | | brute_hosts | +----------------------------------------------------------------------------------------------------------------------+ [*] 80 rows returned [recon-ng][default][brute_hosts] >
- 为避免给自己带来不必要的麻烦,部分信息使用“???”和“xxx”做了替换!
(2)安装所有模块
[recon-ng][default] > marketplace refresh [*] Marketplace index refreshed. [recon-ng][default] > marketplace install all [*] Module installed: discovery/info_disclosure/cache_snoop [*] Module installed: discovery/info_disclosure/interesting_files [*] Module installed: exploitation/injection/command_injector [*] Module installed: exploitation/injection/xpath_bruter [*] Module installed: import/csv_file [*] Module installed: import/list [*] Module installed: import/masscan [*] Module installed: import/nmap ………… [*] Module installed: reporting/proxifier [*] Module installed: reporting/pushpin [*] Module installed: reporting/xlsx [*] Module installed: reporting/xml
注意:
marketplace refresh 该指令输入后应该会报错,解决方法如下(参考自:https://www.hacksafe.net/tool/hacktool/4135.html)
(1)配置本地DNS服务器信息(即不使用本地DNS):
nameserver 114.114.114.114 nameserver 8.8.4.4
(2)将动态IP转换为静态IP
auto lo iface lo inet loopback auto eth0 iface eth0 inet static # static IP address #本机IP netmask 255.255.255.0 gateway #网关
4、使用 help 查看帮助信息
[recon-ng][test] > help Commands (type [help|?] <topic>): --------------------------------- back Exits the current context dashboard Displays a summary of activity db Interfaces with the workspace's database exit Exits the framework help Displays this menu index Creates a module index (dev only) keys Manages third party resource credentials marketplace Interfaces with the module marketplace modules Interfaces with installed modules options Manages the current context options pdb Starts a Python Debugger session (dev only) script Records and executes command scripts shell Executes shell commands show Shows various framework items snapshots Manages workspace snapshots spool Spools output to a file workspaces Manages workspaces [recon-ng][test] >
- 对于一个命令不知道有什么参数时,可先输入命令然后双击Tab查看可用参数/指令,如下
-
[recon-ng][default] > marketplace info install refresh remove search #可用指令
(1)keys命令
当想要在终端使用谷歌,bing,shodan,twitter等查询信息时,可通过keys添加相应的API即可,例如:
[recon-ng][test] > keys add list remove [recon-ng][test] > keys list +--------------------------+ | Name | Value | +--------------------------+ | binaryedge_api | | | bing_api | | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | hashes_api | | | hibp_api | | | hunter_io | | | ipinfodb_api | | | ipstack_api | | | namechk_api | | | pwnedlist_api | | | pwnedlist_secret | | | spyse_api | | | twitter_api | | | twitter_secret | | | virustotal_api | | | whoxy_api | | +--------------------------+ [recon-ng][test] > keys add bing_api 111w1w1w1w1w1w12w1sjjkas [*] Key 'bing_api' added. [recon-ng][test] > keys list +---------------------------------------------+ | Name | Value | +---------------------------------------------+ | binaryedge_api | | | bing_api | 111w1w1w1w1w1w12w1sjjkas | | builtwith_api | | | censysio_id | | | censysio_secret | | | flickr_api | | | fullcontact_api | | | github_api | | | google_api | | | hashes_api | | | hibp_api | | | hunter_io | | | ipinfodb_api | | | ipstack_api | | | namechk_api | | | pwnedlist_api | | | pwnedlist_secret | | | spyse_api | | | twitter_api | | | twitter_secret | | | virustotal_api | | | whoxy_api | | +---------------------------------------------+
- remove同理,移除某一API
(2)shell 命令
[recon-ng][test] > shell ls [*] Command: ls recon recon-cli recon-ng recon-web VERSION [recon-ng][test] > shell pwd [*] Command: pwd /usr/share/recon-ng
(3) snapshots (快照)命令
[recon-ng][test] > snapshots delete list load take [recon-ng][test] > snapshots take [*] Snapshot created: snapshot_20211117040109.db [recon-ng][test] > snapshots load snapshot_20211117040109.db [*] Snapshot loaded: snapshot_20211117040109.db [recon-ng][test] > snapshots delete snapshot_20211117040109.db [*] Snapshot removed: snapshot_20211117040109.db [recon-ng][test] >
(4)options 命令
[recon-ng][test] > options list set unset [recon-ng][test] > options list Name Current Value Required Description ---------- ------------- -------- ----------- NAMESERVER 8.8.8.8 yes default nameserver for the resolver mixin PROXY no proxy server (address:port) THREADS 10 yes number of threads (where applicable) TIMEOUT 10 yes socket timeout (seconds) USER-AGENT Recon-ng/v5 yes user-agent string VERBOSITY 1 yes verbosity level (0 = minimal, 1 = verbose, 2 = debug) [recon-ng][test] > options set PROXY 127.0.0.1:8889 PROXY => 127.0.0.1:8889 [recon-ng][test] > options unset NAMESERVER NAMESERVER => None [recon-ng][test] > options list Name Current Value Required Description ---------- ------------- -------- ----------- NAMESERVER yes default nameserver for the resolver mixin PROXY 127.0.0.1:8889 no proxy server (address:port) THREADS 10 yes number of threads (where applicable) TIMEOUT 10 yes socket timeout (seconds) USER-AGENT Recon-ng/v5 yes user-agent string VERBOSITY 1 yes verbosity level (0 = minimal, 1 = verbose, 2 = debug) [recon-ng][test] >
其它命令同理!
不忘初心,方得始终。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?