1.6 Scanning With Recon-NG
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
today we're continuing. Cyber is crafting the perfect email course with scanning with re kon en G. So again, this is another lab based section. So make sure you've got your lab built and we'll go ahead and hop right in.
So in this video, we're going to search for scanning modules and learn how to search for any other modules you may want to use. We're going to perform our first scan
and we're going to show those results and export them into a report that we can give to an executive team or just keep for your records. So without further ado, let's go ahead and hop right in.
So again, I got my Callie V. M here pulled up
or open up that terminal
and let's get re kon en g started.
And if you haven't been following along any time you do start recon in G with that re kon en G command, you will see
it's a pretty scary looking errors here. They're all in red, all assumes, letting you know that you haven't got any of those ap i ke set up.
So those modules will not function correctly
again. The first thing I like to do is hit clear.
Clear out my workspace. As you can see, we are currently in our default workspace. So sweat and show workspaces
Gotta make sure you do spell everything correctly. And we do have our lab one set up
you haven't fallen along. You can watch that previous module that will go through setting up your initial work space
and setting up your domains and stuff so we can perform this skin. So let's go ahead and
which over to our a lab work space. By using the workspaces, select a lab command
again. You'll see those AP I heirs. Not a big deal.
Unclear that out. Let's go in and verify that we've got our domains and our company set up. So it's Theo show Cos yes. We've got our company set up and show domains that is still still set up. So
when you want to perform a phishing attack, you're gonna need a target to send that email to
one of the easiest ways to get e mails. Four. Ah, phishing attack is by running a who is scan.
So there's a ton of modules in recon. Angie, let's go and see if we can find a something to use who is
and you can use the search command to do that and type in anything that you want to search for In this case, that is who is.
So I found a couple of modules for us to use. Um, it's got the Who is minor, though, who is pointed contacts and who is org's.
We're gonna go ahead and use that who is pointed context and the when we do that is use.
And then who is underscoring P. O. C. S
squatting it? Enter as you can see now we are in that module. First thing I always like to do is do the show invoke command,
and that will tell you a little bit about this module, how to use it and what information that it needs. So by default, it is going to use that domain that we already set up.
But I always like to make sure,
and, as you can see here,
the source that current value is our default
and it is required. But I like to set it just in case. So we will set source
to google dot com.
You see, there are sources now sent to google dot com
and it's super simple to run. All we type in is run and hit. Enter,
and it will go through this and basically run this to see any contacts and then it confined. Using this module ghouls a pretty big companies, so it may find quite a bit we'll let it run for just a little bit longer. Here.
Cool. And it found it looks like 81 total 42 of those air new.
And now that modules run,
Swenton, type in show contact. We'll see what we've got.
Pops up a nice big table for us. So it looks like you've got a couple of the kind of regular default e mails, but we do have, um, a couple of people here
in their location as well.
So when you want to get out of a module, you just take from the back command
that will bring us right back to our regular workspace here. So now that we've got some contact information,
we're gonna want to export that out into a report.
So let's see what reporting modules we've got again. We're gonna use that search command.
Let's just search for reporting.
So these are all of the reporting modules available? Um, I like Thio personally, do HTML reports, Especially when I'm handing them over to executive teams just cause it's really easy for them to use. So let's go ahead and views
and you can see it did
Pappas right into our HTML report module.
Again, We're gonna start off by doing that show info.
All right, so we need looks like all the information is required. So the creator of the customer file name and sanitize it so sanitizing it will mark any sense of data in the report.
Let's go ahead and send our creator
tape in your name there
you can type in anything you want, So we're gonna say it is just the customer
again. Really easy to do.
Type in, run
and hit. Enter.
You can see we've got a report generated and
this location here
So let's go and throw that on our desktops. If you just select that with your mouse
right click and copy,
we're gonna get out of recon and G. You can do that by typing exit.
Clear the screen So it's a little clean.
And let's go ahead in,
see if he which is copy
and we're gonna put this on our desktop. So put it on our desktop, give you a quick shortcut here. If you didn't know what that told us is actually your home profile,
and we're gonna want to put that on our desktop.
All right, So it should copy over to our desk how it's going to take a look at that report. Here we go.
You had a second open up.
And so this is just an example of report that we exported now, so you can see it gives me a nice breakdown of everything that was found. So we did just do the one domain one company and have found 42 contacts
pop all these open shows our domains and this is the one we really want is the contact. So this gives us first name, last name
and email addresses. This is a really great start
when we want to start sending our phishing emails.
That's all for this module. We're gonna end with just a quick quiz.
So let's go ahead
and switch back to our slide show
All right, so four,
our quiz. So how do you have a new workspace?
It's pretty simple. Workspaces ad and then your workspace name.
Definitely an important skill tohave. You want to keep your information organized so you can perform a better attack.
So I'm looking for a new re kon module. What command could I use to display a list of all of the recount modules?
And we kind of went over this a little bit. That is the search re kon command. So it's going hot back in our labral quick, and I'll show you that one.
Exit out of that report,
we will start recount Auntie again,
cleared out and let's go ahead and search
This lists all of the re kon modules that are available to use. And there's a bunch of different ones, depending on what kind of information you're looking for, whether it's email addresses, host names, domains, server information, if it could find it, all of that stuff
is right here within re Kon and G, and that's why it's really good to use for just general re kon everything like that.
So again, that was just the search re kon command.
So you finish your re kon and you'd like to export or a poor one of the steps and exporting in each team. L report.
And we did go over this in the lab.
It's pretty simple. Just use reporting. HTML
again set your creator in your customer name and then typing. Run.
All right, So now we finished up some basic scans and gathered email addresses. It's timeto actually start writing some phishing emails. Stay tuned for our next module.