cheatsheets/cheatsheets/security/pentesting/recon-ng.md

---

title: recon-ng date: 2021-01-13 categories: [cheatsheets]

tags: [security, pentesting]

recon-ng

1) Add Workspace

rng> workspaces add <name>

2) Adding Domains

rng> add domains abc-def.com
rng> add domains zz-ok.de
rng> show domains

3) Hosts

rng> show hosts

4) Modules

rng> show modules
rng> use <module_path>  // or
rng> load <module_path>
rng> show info          // Infos for one module
rng> run

Example Workflow

1) Adding the domains.

rng> add domains hs-albsig.de
rng> add domains fh-albsig.de

2) Finding the Hosts with DNS

rng> load netcraft
rng> run

3) Finding the Host with a search engine

rng> load recon/domain-hosts/bing_domain_web
rng> run

rng> show hosts

4) Bruteforce subdomains

rng> load recon/domains-hosts/brute-hosts
rng> run

5) DNS Resolves

rng> load recon/hosts-hosts/resolve
rng> run

rng> load recon/hosts-hosts/reverse_resolve
rng> run

6) Output all found hosts

rng> show hosts