In this lab, Subject Matter Expert Dean Pompilio provides an introduction to Recon-NG, which is an interesting framework similar to Metasploit. Recon-NG is used for gathering information that is accessed through the Kali Tools Web site. It is already built into Kali, so there is no need to worry about launching it. SME Pompilio demonstrates how to launch a command shell to use the tool. He shows how to create a workspace to keep data organized, and he demonstrates an Interesting feature of Recon-NG: the "no check" feature that turns off version checking to avoid flagging errors because of lack of updating. There are lots of options inside the tool. SME Pompilio discusses and demonstrates the following:
- creating and using a workspace -- you can create workspaces to organize your activities on a case-by-case basis, which increases the tool's functionality
- how to show modules by running the Show Command (he recommends that you try all of the modules separately to learn a great deal about your target)
- using the netcraft command
- using the run command
- using the load command
- using the resolve command
- using the add and delete commands to configure lists
Examples are given of using different modules to get information and to narrow it to reflect what you are looking for. You can look for sites that have interesting types of files -- such as a robots.txt file -- to narrow your list of targets for a Social Engineering audit. There is a discussion of the importance of having permission to use a tool like this and of knowing that some services are paid services. SME Pompilio looks at possible types of reports generated by using the available options and shows the various exporting options.
Social Engineering and Manipulation
In this online, self-paced Social Engineering and Manipulation training class, you will learn how some of the most elegant social engineering attacks take place. Learn to perform these scenarios and what is done during each step of the attack.