Recon-NG is a powerful, open-source reconnaissance framework that acts as a versatile tool for gathering extensive information about websites, businesses, and individuals online, streamlining the data collection process for ethical hacking and penetration testing.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
hey what's up today we're diving into
Recon NG an open- Source reconnaissance
tool if you're not familiar with Recon
NG think of it as your Swiss army knife
for ENT Gathering basically this thing
is a treasure Trove for people looking
to scrape data on websites businesses
and people online now this video won't
go too deep because trust me you could
fall into a rabbit hole with this tool
but I'll show you how to get started and
play around with some of its features
you'll be able to dig up some pretty
useful info by the end of it and don't
worry you'll get to mess around with it
yourself after this I'll just cover the
essentials for now before we dive in I
want to quickly mention something for
those of you really looking to level up
in ethical hacking if you've ever
struggled with finding structured
resources or knowing where to start with
hacking you're not alone it can be
overwhelming that's why I've put
together a full ethical hacking course
that covers everything from the basics
to Advanced Techniques you get detailed
lessons quizzes to test your knowledge
and best of all access to a private
Discord Community where you can ask me
directly about any questions you have
related to hacking and to make it easy
for you to decide I'm offering a 7-Day
free trial you can jump in explore the
content and see if it's the right fit no
strings attached this course is designed
to give you the skills you need to
actually apply what you've learned and
if you're on the fence we've got tons of
students already seeing results they're
sharing their success stories in the
Discord regularly so if you want to take
that next step the links down below
spots are filling up so now's the best
time to join all right the first step is
launching the tool if you've just
installed it you'll notice that Recon NG
throws a bunch of Errors right out of
the gate Don't Panic these aren't your
typical my computers on fire errors
they're more like hey I need some
credentials to get stuff done errors for
example you might see messages like
Hunter IO key not set that's basically
the tool reminding you it can't do
certain things unless you give it API
Keys we'll get to what those are in a
second now if you're using a fresh
install of parrot or Kaye Linux or
really any distro you'll get those
errors because Recon NG depends on
various apis to gather data apis for
those who don't know are kind of like
Messengers they let your tools request
information from other services like
Shodan or hunter.io by logging in with a
special key no key no info simple as
that all right once you've got Recon NG
up and running you'll see a bunch of
different modules these are basically
tools within the tool each module is
designed to do specific things like
Gathering contact information scanning
DNS records or searching for files on a
website if you type module search and
then something like Recon you'll see a
list of reconnaissance related modules
pop up this will include things like
scraping profile info from social media
platforms think LinkedIn or GitHub
pulling down public data from sites and
more one quick thing to note if you
don't have an API key set up for a
specific service Recon NG will still
show you the module but it'll throw
those errors I mentioned in some cases
that's fine you can still do some manual
work without the keys but if you want to
go full power it's a good idea to grab
those keys from the sites or Services
you want to scrape info from let me show
you how a couple of modules work and
then we'll dig into why this tool is so
awesome for pentesting or reconnaissance
in general first up say you want to find
some interesting files on a website
let's take a module called info
disclosure this is a quick and dirty way
to gather up things like robots.txt sitemap.xml
sitemap.xml
or even admin pages that haven't been
properly secured here's how you'd use it
start by loading the module modules load
in for disclosure interesting files set
your target called Source in Recon NG
set sourc track me.com run the module
you'll see the tool spit out some
information within seconds it can dig up
things like robots. text sitemap.xml
admin panels and other files that can be
useful for reconnaissance instead of
running a traditional WebCrawler like
deruster or gobster which can take ages
to go through a site Recon NG can give
you quick results right out of the gate
in a pentest scenario you want fast
actionable Intel and this is one way to
grab it now here's where things might
get a bit tricky some modules require
dependencies like specific python
libraries if you're running into errors
where a module won't work or shows as
disabled it's probably missing one of
those dependencies you can figure this
out by running Marketplace info followed
by the module name it'll will tell you
what you need for example if the module
metac crawler needs lxml and PDF minor
you can install them like this pseudo
pip install lxml PDF minor once the
dependencies are sorted the module will
work without a hitch this is one of
those things where yes it can be a
little Annoying at first but trust me
you'll get the hang of it pretty quickly
there are loads of modules in Recon ngng
some of my favorites include metac
crawler this one crawls websites and
pulls down files like PDF docs and xmls
super useful if you're trying to gather
as much info as possible quickly you can
also find sensitive files that might
have been left Exposed on public servers
who is lookup this is the classic who
owns this domain tool it's a must have
for any Recon giving you insight into
domain ownership regist our info and
sometimes even contact details MX record
lookup this one digs into the mail
servers of a domain which can be useful
for figuring out how a company handles
email in some cases you can even pull
the names of those servers and check if
they've been properly secured Recon NG
automates all of this instead of running
each task manually you can load a few
modules and boom you have a bunch of
useful data in a few minutes this is
where Recon NG shines as a timesaver
when you're running Recon over a long
period of time say you're doing a pen
test for a company you'll want to
organize your data Recon NG has a handy
feature called workspaces each workspace
is like a a folder that keeps all the
data you gather separate from other
projects let's say you're working on
company X you can create a workpace like
this Recon
n-w comp X now all your data modules
search results everything is stored
under that workspace this makes it easy
to jump back in later without losing
progress so that's a quick walkr of how
Recon NG works it's an incredibly
powerful tool for Gathering Intel and
while it's not the only tool you should
use for reconnaissance it's definitely
one of the more comprehensive ones out
there just a reminder though while Recon
NG pulls info from publicly available
sources so it's not illegal it's still
important to stay ethical don't go
scanning random websites unless you have
permission if you're working for a
company or on your own site go nuts but
if you're snooping around where you
shouldn't be yeah that's a no-go anyway
have fun exploring Recon NG and remember
the more you dig the more you'll find
just don't dig yourself into a whole you
can't get out
of no 20 hour course we keep it tight
straight to the point get your skills
right complete from a desire we go all
in with quizzes on De what sinking in
learn together Community Vibe ask me
anything I'm here on the side seven day
for trial no need to pay jumping out low
risk today [Music]
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
