0:02 hey what's up today we're diving into
0:05 Recon NG an open- Source reconnaissance
0:07 tool if you're not familiar with Recon
0:10 NG think of it as your Swiss army knife
0:13 for ENT Gathering basically this thing
0:14 is a treasure Trove for people looking
0:17 to scrape data on websites businesses
0:19 and people online now this video won't
0:21 go too deep because trust me you could
0:23 fall into a rabbit hole with this tool
0:24 but I'll show you how to get started and
0:26 play around with some of its features
0:27 you'll be able to dig up some pretty
0:29 useful info by the end of it and don't
0:31 worry you'll get to mess around with it
0:33 yourself after this I'll just cover the
0:35 essentials for now before we dive in I
0:37 want to quickly mention something for
0:38 those of you really looking to level up
0:40 in ethical hacking if you've ever
0:42 struggled with finding structured
0:44 resources or knowing where to start with
0:46 hacking you're not alone it can be
0:48 overwhelming that's why I've put
0:50 together a full ethical hacking course
0:51 that covers everything from the basics
0:54 to Advanced Techniques you get detailed
0:56 lessons quizzes to test your knowledge
0:58 and best of all access to a private
1:00 Discord Community where you can ask me
1:02 directly about any questions you have
1:04 related to hacking and to make it easy
1:06 for you to decide I'm offering a 7-Day
1:09 free trial you can jump in explore the
1:11 content and see if it's the right fit no
1:14 strings attached this course is designed
1:15 to give you the skills you need to
1:17 actually apply what you've learned and
1:19 if you're on the fence we've got tons of
1:21 students already seeing results they're
1:23 sharing their success stories in the
1:25 Discord regularly so if you want to take
1:26 that next step the links down below
1:28 spots are filling up so now's the best
1:31 time to join all right the first step is
1:32 launching the tool if you've just
1:34 installed it you'll notice that Recon NG
1:36 throws a bunch of Errors right out of
1:38 the gate Don't Panic these aren't your
1:40 typical my computers on fire errors
1:42 they're more like hey I need some
1:45 credentials to get stuff done errors for
1:47 example you might see messages like
1:49 Hunter IO key not set that's basically
1:51 the tool reminding you it can't do
1:53 certain things unless you give it API
1:55 Keys we'll get to what those are in a
1:57 second now if you're using a fresh
1:59 install of parrot or Kaye Linux or
2:01 really any distro you'll get those
2:04 errors because Recon NG depends on
2:07 various apis to gather data apis for
2:08 those who don't know are kind of like
2:11 Messengers they let your tools request
2:13 information from other services like
2:15 Shodan or hunter.io by logging in with a
2:18 special key no key no info simple as
2:21 that all right once you've got Recon NG
2:22 up and running you'll see a bunch of
2:24 different modules these are basically
2:26 tools within the tool each module is
2:29 designed to do specific things like
2:31 Gathering contact information scanning
2:33 DNS records or searching for files on a
2:35 website if you type module search and
2:38 then something like Recon you'll see a
2:39 list of reconnaissance related modules
2:41 pop up this will include things like
2:43 scraping profile info from social media
2:46 platforms think LinkedIn or GitHub
2:48 pulling down public data from sites and
2:50 more one quick thing to note if you
2:52 don't have an API key set up for a
2:55 specific service Recon NG will still
2:56 show you the module but it'll throw
2:59 those errors I mentioned in some cases
3:01 that's fine you can still do some manual
3:03 work without the keys but if you want to
3:06 go full power it's a good idea to grab
3:07 those keys from the sites or Services
3:10 you want to scrape info from let me show
3:11 you how a couple of modules work and
3:14 then we'll dig into why this tool is so
3:16 awesome for pentesting or reconnaissance
3:18 in general first up say you want to find
3:20 some interesting files on a website
3:22 let's take a module called info
3:24 disclosure this is a quick and dirty way
3:27 to gather up things like robots.txt sitemap.xml
3:30 sitemap.xml
3:31 or even admin pages that haven't been
3:34 properly secured here's how you'd use it
3:37 start by loading the module modules load
3:39 in for disclosure interesting files set
3:42 your target called Source in Recon NG
3:46 set sourc track me.com run the module
3:47 you'll see the tool spit out some
3:50 information within seconds it can dig up
3:53 things like robots. text sitemap.xml
3:56 admin panels and other files that can be
3:58 useful for reconnaissance instead of
3:59 running a traditional WebCrawler like
4:02 deruster or gobster which can take ages
4:05 to go through a site Recon NG can give
4:07 you quick results right out of the gate
4:09 in a pentest scenario you want fast
4:11 actionable Intel and this is one way to
4:13 grab it now here's where things might
4:15 get a bit tricky some modules require
4:17 dependencies like specific python
4:19 libraries if you're running into errors
4:21 where a module won't work or shows as
4:23 disabled it's probably missing one of
4:25 those dependencies you can figure this
4:28 out by running Marketplace info followed
4:30 by the module name it'll will tell you
4:32 what you need for example if the module
4:35 metac crawler needs lxml and PDF minor
4:38 you can install them like this pseudo
4:41 pip install lxml PDF minor once the
4:43 dependencies are sorted the module will
4:45 work without a hitch this is one of
4:47 those things where yes it can be a
4:49 little Annoying at first but trust me
4:51 you'll get the hang of it pretty quickly
4:53 there are loads of modules in Recon ngng
4:55 some of my favorites include metac
4:58 crawler this one crawls websites and
5:01 pulls down files like PDF docs and xmls
5:03 super useful if you're trying to gather
5:06 as much info as possible quickly you can
5:07 also find sensitive files that might
5:10 have been left Exposed on public servers
5:12 who is lookup this is the classic who
5:15 owns this domain tool it's a must have
5:17 for any Recon giving you insight into
5:20 domain ownership regist our info and
5:22 sometimes even contact details MX record
5:24 lookup this one digs into the mail
5:27 servers of a domain which can be useful
5:28 for figuring out how a company handles
5:31 email in some cases you can even pull
5:33 the names of those servers and check if
5:35 they've been properly secured Recon NG
5:37 automates all of this instead of running
5:39 each task manually you can load a few
5:42 modules and boom you have a bunch of
5:44 useful data in a few minutes this is
5:47 where Recon NG shines as a timesaver
5:49 when you're running Recon over a long
5:51 period of time say you're doing a pen
5:53 test for a company you'll want to
5:56 organize your data Recon NG has a handy
5:59 feature called workspaces each workspace
6:01 is like a a folder that keeps all the
6:02 data you gather separate from other
6:05 projects let's say you're working on
6:08 company X you can create a workpace like
6:09 this Recon
6:14 n-w comp X now all your data modules
6:16 search results everything is stored
6:18 under that workspace this makes it easy
6:20 to jump back in later without losing
6:23 progress so that's a quick walkr of how
6:26 Recon NG works it's an incredibly
6:28 powerful tool for Gathering Intel and
6:30 while it's not the only tool you should
6:32 use for reconnaissance it's definitely
6:34 one of the more comprehensive ones out
6:37 there just a reminder though while Recon
6:39 NG pulls info from publicly available
6:41 sources so it's not illegal it's still
6:43 important to stay ethical don't go
6:45 scanning random websites unless you have
6:46 permission if you're working for a
6:49 company or on your own site go nuts but
6:50 if you're snooping around where you
6:53 shouldn't be yeah that's a no-go anyway
6:55 have fun exploring Recon NG and remember
6:57 the more you dig the more you'll find
6:59 just don't dig yourself into a whole you
7:01 can't get out
7:05 of no 20 hour course we keep it tight
7:08 straight to the point get your skills
7:11 right complete from a desire we go all
7:14 in with quizzes on De what sinking in
7:18 learn together Community Vibe ask me
7:22 anything I'm here on the side seven day
7:27 for trial no need to pay jumping out low
7:29 risk today [Music]
