1.6 Scanning With Recon-NG

00:04

today we're continuing. Cyber is crafting the perfect email course with scanning with re kon en G. So again, this is another lab based section. So make sure you've got your lab built and we'll go ahead and hop right in.

00:18

So in this video, we're going to search for scanning modules and learn how to search for any other modules you may want to use. We're going to perform our first scan

00:30

and we're going to show those results and export them into a report that we can give to an executive team or just keep for your records. So without further ado, let's go ahead and hop right in.

00:45

So again, I got my Callie V. M here pulled up

00:48

or open up that terminal

00:51

and let's get re kon en g started.

00:54

And if you haven't been following along any time you do start recon in G with that re kon en G command, you will see

01:03

it's a pretty scary looking errors here. They're all in red, all assumes, letting you know that you haven't got any of those ap i ke set up.

01:10

So those modules will not function correctly

01:14

again. The first thing I like to do is hit clear.

01:17

Clear out my workspace. As you can see, we are currently in our default workspace. So sweat and show workspaces

01:27

Gotta make sure you do spell everything correctly. And we do have our lab one set up

01:34

anything

01:34

you haven't fallen along. You can watch that previous module that will go through setting up your initial work space

01:42

and setting up your domains and stuff so we can perform this skin. So let's go ahead and

01:49

which over to our a lab work space. By using the workspaces, select a lab command

01:57

again. You'll see those AP I heirs. Not a big deal.

02:00

Unclear that out. Let's go in and verify that we've got our domains and our company set up. So it's Theo show Cos yes. We've got our company set up and show domains that is still still set up. So

02:16

when you want to perform a phishing attack, you're gonna need a target to send that email to

02:22

one of the easiest ways to get e mails. Four. Ah, phishing attack is by running a who is scan.

02:29

So there's a ton of modules in recon. Angie, let's go and see if we can find a something to use who is

02:37

and you can use the search command to do that and type in anything that you want to search for In this case, that is who is.

02:46

So I found a couple of modules for us to use. Um, it's got the Who is minor, though, who is pointed contacts and who is org's.

02:53

We're gonna go ahead and use that who is pointed context and the when we do that is use.

03:01

And then who is underscoring P. O. C. S

03:06

squatting it? Enter as you can see now we are in that module. First thing I always like to do is do the show invoke command,

03:15

and that will tell you a little bit about this module, how to use it and what information that it needs. So by default, it is going to use that domain that we already set up.

03:25

But I always like to make sure,

03:28

and, as you can see here,

03:30

the source that current value is our default

03:34

and it is required. But I like to set it just in case. So we will set source

03:40

to google dot com.

03:44

You see, there are sources now sent to google dot com

03:46

and it's super simple to run. All we type in is run and hit. Enter,

03:53

and it will go through this and basically run this to see any contacts and then it confined. Using this module ghouls a pretty big companies, so it may find quite a bit we'll let it run for just a little bit longer. Here.

04:08

Cool. And it found it looks like 81 total 42 of those air new.

04:14

And now that modules run,

04:15

Swenton, type in show contact. We'll see what we've got.

04:20

Pops up a nice big table for us. So it looks like you've got a couple of the kind of regular default e mails, but we do have, um, a couple of people here

04:31

in their location as well.

04:35

So when you want to get out of a module, you just take from the back command

04:41

that will bring us right back to our regular workspace here. So now that we've got some contact information,

04:48

we're gonna want to export that out into a report.

04:53

So let's see what reporting modules we've got again. We're gonna use that search command.

04:59

Let's just search for reporting.

05:02

So these are all of the reporting modules available? Um, I like Thio personally, do HTML reports, Especially when I'm handing them over to executive teams just cause it's really easy for them to use. So let's go ahead and views

05:16

HTML

05:19

and you can see it did

05:21

Pappas right into our HTML report module.

05:26

Again, We're gonna start off by doing that show info.

05:29

All right, so we need looks like all the information is required. So the creator of the customer file name and sanitize it so sanitizing it will mark any sense of data in the report.

05:42

Let's go ahead and send our creator

05:45

tape in your name there

05:47

and customer,

05:49

you can type in anything you want, So we're gonna say it is just the customer

05:55

again. Really easy to do.

05:57

Type in, run

05:59

and hit. Enter.

06:00

You can see we've got a report generated and

06:02

that

06:04

this location here

06:06

So let's go and throw that on our desktops. If you just select that with your mouse

06:11

right click and copy,

06:14

we're gonna get out of recon and G. You can do that by typing exit.

06:17

Clear the screen So it's a little clean.

06:20

And let's go ahead in,

06:24

see if he which is copy

06:28

this file,

06:30

and we're gonna put this on our desktop. So put it on our desktop, give you a quick shortcut here. If you didn't know what that told us is actually your home profile,

06:39

and we're gonna want to put that on our desktop.

06:44

All right, So it should copy over to our desk how it's going to take a look at that report. Here we go.

06:53

You had a second open up.

06:55

And so this is just an example of report that we exported now, so you can see it gives me a nice breakdown of everything that was found. So we did just do the one domain one company and have found 42 contacts

07:09

again. You

07:11

pop all these open shows our domains and this is the one we really want is the contact. So this gives us first name, last name

07:18

and email addresses. This is a really great start

07:23

when we want to start sending our phishing emails.

07:27

That's all for this module. We're gonna end with just a quick quiz.

07:33

So let's go ahead

07:36

and switch back to our slide show

07:40

All right, so four,

07:45

our quiz. So how do you have a new workspace?

07:48

It's pretty simple. Workspaces ad and then your workspace name.

07:54

Definitely an important skill tohave. You want to keep your information organized so you can perform a better attack.

08:01

So I'm looking for a new re kon module. What command could I use to display a list of all of the recount modules?

08:13

And we kind of went over this a little bit. That is the search re kon command. So it's going hot back in our labral quick, and I'll show you that one.

08:22

Exit out of that report,

08:26

we will start recount Auntie again,

08:31

cleared out and let's go ahead and search

08:33

re come.

08:35

This lists all of the re kon modules that are available to use. And there's a bunch of different ones, depending on what kind of information you're looking for, whether it's email addresses, host names, domains, server information, if it could find it, all of that stuff

08:52

is right here within re Kon and G, and that's why it's really good to use for just general re kon everything like that.

09:01

So again, that was just the search re kon command.

09:07

So you finish your re kon and you'd like to export or a poor one of the steps and exporting in each team. L report.

09:13

And we did go over this in the lab.

09:16

It's pretty simple. Just use reporting. HTML

09:20

again set your creator in your customer name and then typing. Run.