Lead Image © Wayne Daniels, 123RF.com

Lead Image © Wayne Daniels, 123RF.com

Web-based reconnaissance

Recon

Article from ADMIN 30/2015
By
The recon-ng web reconnaissance framework is an important tool in penetration testing.

The Metasploit Framework Project and the Social Engineer Toolkit (SET) are two great frameworks used by penetration testers to automate exploitation of known vulnerabilities.

Recon-ng [1], an open source web reconnaissance (recon) framework coded in Python by Tim Tomes (LaNMaSterR53), is the third such framework to have been unleashed. Tomes and other programmers have written numerous modules for recon-ng, which comb social websites and domains to harvest names of users, contacts, companies, repositories, and much more.

In traditional reconnaissance, you gather information visually or through published material on people and places. Today, however, most people take pictures, tweet, and upload content to social websites from mobile devices, which embed time and geographical coordinates in each item (unless you've disabled location services), revealing where you eat, sleep, work, and play. Although this is a frightening thought, location services also help you navigate unfamiliar cities, find restaurants and shops, and discover whether you left your smartphone at home, work, or somewhere else in the hustle and bustle of a busy day.

In advanced recon, you can develop a storyline efficiently – instead of searching people down manually – enumerate server-side technologies, discover live vulnerabilities, and harvest full credentials. From the defense perspective, the goal is to see implemented technologies and configurations, search for vulnerable code snippets using GitHub dorks (specialized search syntax), and identify weaknesses in physical security. By using the recon-ng Pushpin module, you can conduct remote physical security analysis to identify YouTube videos, Twitter tweets, and Flickr photos in a defined geographical area.

Acquiring API keys are a requirement of this endeavor. For more information, you can check out the framework's wiki

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Photo by Charles on Unsplash
    Discover system vulnerabilities and exploits
    The Kali Linux pentesting and compliance distribution is an antidote to attacks and other online danger.
    more »
  • © Wojciech Kaczkowski, 123RF.com
    What tools do intruders use to
    Professional attackers have much more pointed at your site than just Nmap, and you should too if you want to test your network's security. We'll show you some tools intruders use to gather information.
    more »
  • PowerShell add-on security modules
    Numerous PowerShell add-on modules provide security and attack functions for penetration tests and forensic analyses, to help admins search for vulnerabilities in their networks.
    more »
  • Intruder Tools

    Professional attackers have much more pointed at your site than just Nmap, and you should too if you want to test your network’s security. We’ll show you some tools intruders use to gather information.

    more »
  • Photo by Ricardo Gomez Angel on Unsplash
    Find Entra ID vulnerabilities with AzureADRecon
    The AzureADRecon tool lets you analyze Entra ID environments, generate reports, and identify potential risks at an early stage by providing detailed insights into users, roles, and service principals. We show you how to set up, automate, and use the tool for security checks.
    more »
comments powered by Disqus