recon-ng是功能齐全的recon-ng框架,其目的是提供一个强大的环境,以快速,彻底地进行基于Web的开源侦查。recon-ng的使用方法和 Metasploit Framewor非常的相似。
由于此工具,很多的用法以及帮助文件不像其它工具那样一目了然,因此需要换个方法来教大家;
一、列出帮助文件
- [recon-ng][default] > help
- Commands (type [help|?] <topic>):
add 添加记录到数据库
back 返回退出当前上下文
delete 从数据库中删除记录
exit 退出框架
help 显示此帮助菜单
keys 键管理框架API键
load 负载指定模块
pdb 启动Python Debugger会话
query 查询数据库
record 将命令记录到资源文件
reload 重新加载所有模块
resource 从资源文件执行命令
search 搜索可用的模块
set 设置模块选项
shell 执行shell命令
show 显示各种框架项目
snapshots 管理工作区快照
spool 输出到文件
unset 模块选项
use 使用指定模块
workspaces 管理工作区
二、列出所有的模块
- [recon-ng][default] > show modules
所有模块如下:
- Discovery
- ---------
- discovery/info_disclosure/cache_snoop
- discovery/info_disclosure/interesting_files
- Exploitation
- ------------
- exploitation/injection/command_injector
- exploitation/injection/xpath_bruter
- Import
- ------
- import/csv_file
- import/list
- Recon
- -----
- recon/companies-contacts/bing_linkedin_cache
- recon/companies-contacts/jigsaw/point_usage
- recon/companies-contacts/jigsaw/purchase_contact
- recon/companies-contacts/jigsaw/search_contacts
- recon/companies-contacts/linkedin_auth
- recon/companies-multi/github_miner
- recon/companies-multi/whois_miner
- recon/contacts-contacts/mailtester
- recon/contacts-contacts/mangle
- recon/contacts-contacts/unmangle
- recon/contacts-credentials/hibp_breach
- recon/contacts-credentials/hibp_paste
- recon/contacts-domains/migrate_contacts
- recon/contacts-profiles/fullcontact
- recon/credentials-credentials/adobe
- recon/credentials-credentials/bozocrack
- recon/credentials-credentials/hashes_org
- recon/domains-contacts/metacrawler
- recon/domains-contacts/pgp_search
- recon/domains-contacts/whois_pocs
- recon/domains-credentials/pwnedlist/account_creds
- recon/domains-credentials/pwnedlist/api_usage
- recon/domains-credentials/pwnedlist/domain_creds
- recon/domains-credentials/pwnedlist/domain_ispwned
- recon/domains-credentials/pwnedlist/leak_lookup
- recon/domains-credentials/pwnedlist/leaks_dump
- recon/domains-domains/brute_suffix
- recon/domains-hosts/bing_domain_api
- recon/domains-hosts/bing_domain_web
- recon/domains-hosts/brute_hosts
- recon/domains-hosts/builtwith
- recon/domains-hosts/certificate_transparency
- recon/domains-hosts/google_site_api
- recon/domains-hosts/google_site_web
- recon/domains-hosts/hackertarget
- recon/domains-hosts/mx_spf_ip
- recon/domains-hosts/netcraft
- recon/domains-hosts/shodan_hostname
- recon/domains-hosts/ssl_san
- recon/domains-hosts/threatcrowd
- recon/domains-vulnerabilities/ghdb
- recon/domains-vulnerabilities/punkspider
- recon/domains-vulnerabilities/xssed
- recon/domains-vulnerabilities/xssposed
- recon/hosts-domains/migrate_hosts
- recon/hosts-hosts/bing_ip
- recon/hosts-hosts/freegeoip
- recon/hosts-hosts/ipinfodb
- recon/hosts-hosts/resolve
- recon/hosts-hosts/reverse_resolve
- recon/hosts-hosts/ssltools
- recon/hosts-locations/migrate_hosts
- recon/hosts-ports/shodan_ip
- recon/locations-locations/geocode
- recon/locations-locations/reverse_geocode
- recon/locations-pushpins/flickr
- recon/locations-pushpins/instagram
- recon/locations-pushpins/picasa
- recon/locations-pushpins/shodan
- recon/locations-pushpins/twitter
- recon/locations-pushpins/youtube
- recon/netblocks-companies/whois_orgs
- recon/netblocks-hosts/reverse_resolve
- recon/netblocks-hosts/shodan_net
- recon/netblocks-ports/census_2012
- recon/netblocks-ports/censysio
- recon/ports-hosts/migrate_ports
- recon/profiles-contacts/dev_diver
- recon/profiles-contacts/github_users
- recon/profiles-profiles/namechk
- recon/profiles-profiles/profiler
- recon/profiles-profiles/twitter_mentioned
- recon/profiles-profiles/twitter_mentions
- recon/profiles-repositories/github_repos
- recon/repositories-profiles/github_commits
- recon/repositories-vulnerabilities/gists_search
- recon/repositories-vulnerabilities/github_dorks
- Reporting
- ---------
- reporting/csv
- reporting/html
- reporting/json
- reporting/list
- reporting/proxifier
- reporting/pushpin
- reporting/xlsx
- reporting/xml
三、选择模块
每个模块它的功能是不一样的,我现在随意选择一个模块:
- [recon-ng][default] > use recon/hosts-hosts/bing_ip
三、显示你刚选择模块的信息
- [recon-ng][default][bing_ip] > show info
四、设置源头
主要是指:你要收集哪个网站的信息?一般以域名或主机为主;
- SOURCE www.fujieace.com
注意,这一步可能会遇到“/bin/sh: 1: SOURCE: not found”,这个很正常的;这是因为你设置过已经存在的源头或模块本身的问题;
五、运行
- [recon-ng][default][bing_ip] >run
六、查看运行结果
不过,我想告诉大家的是,由于此工具很多的API都没有更新,因此很多的模块查询可以说几乎是没有什么效果的,以前用这个工具可以查出网站很多的信息,但是现在我只能呵呵了!之所以查不出来,也是由于互联网整体安全提升的原因吧!这未必就是坏事。
注意:
如果你刚打开此工具会出现如下提示:
- [!] 'shodan_api' key not set. shodan_net module will likely fail at runtime. See 'keys add'.
- [!] 'github_api' key not set. github_miner module will likely fail at runtime. See 'keys add'.
- [!] 'github_api' key not set. github_commits module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_api' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_secret' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_api' key not set. account_creds module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_secret' key not set. account_creds module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_iv' key not set. account_creds module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_api' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_secret' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.
- [!] 'pwnedlist_api' key not set. domain_creds module will likely fail at runtime. See 'keys add'.
- ......
出现这个问题是因为这些api找不到了;如果你有好的API地址你可以自己添加;
语法格式:
keys [list|add|delete]
keys add <name> <value>
在线视频地址:
优酷:http://v.youku.com/v_show/id_XMzAzNzk4MTYyNA==.html
腾讯: https://v.qq.com/x/page/u0553o5f6h5.html
爱奇艺:http://www.iqiyi.com/w_19rvc9c4g1.html
乐视:http://www.le.com/ptv/vplay/30898710.html
由于最近更新了一下Kali Linux,试了一下新版本的"recon-ng v5.0.0",会遇到以下这些情况:
1、刚启动的时候,会提示“No modules enabled/installed.(未启用/未安装任何模块。)”如下图:
在 marketplace 模块市场搜索的时候,会出现大量的 marketplacenotinstalled;如下图:
解决方法
官方给出的答案是,此框架本身默认不包含任何模块。必须从 marketplace 模块市场中安装模块。
可以用命令来安装所有的模块:
[recon-ng][default] > marketplace install all
安装后会报如下错误,绿色背景的是缺少模块,由于recon-ng是python开发的,可以直接用pip install PyPDF3来解决,缺少其它模块原理一样。
关于缺少api的问题,跟上面老版本的recon-ng操作一样。
[!] Module 'recon/domains-contacts/metacrawler' disabled. Dependency required: ''PyPDF3''.
[!] 'github_api' key not set. github_dorks module will likely fail at runtime. See 'keys add'.
[!] 'censysio_id' key not set. censysio module will likely fail at runtime. See 'keys add'.
[!] 'censysio_secret' key not set. censysio module will likely fail at runtime. See 'keys add'.
[!] 'twitter_api' key not set. twitter_mentions module will likely fail at runtime. See 'keys add'.
[!] 'twitter_secret' key not set. twitter_mentions module will likely fail at runtime. See 'keys add'.
[!] 'namechk_api' key not set. namechk module will likely fail at runtime. See 'keys add'.
[!] 'twitter_api' key not set. twitter_mentioned module will likely fail at runtime. See 'keys add'.
[!] 'twitter_secret' key not set. twitter_mentioned module will likely fail at runtime. See 'keys add'.
[!] 'fullcontact_api' key not set. fullcontact module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_commits module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_domain_api module will likely fail at runtime. See 'keys add'.
[!] 'binaryedge_api' key not set. binaryedge module will likely fail at runtime. See 'keys add'.
[!] 'builtwith_api' key not set. builtwith module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan_hostname module will likely fail at runtime. See 'keys add'.
[!] 'virustotal_api' key not set. virustotal module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan_net module will likely fail at runtime. See 'keys add'.
[!] 'hibp_api' key not set. hibp_paste module will likely fail at runtime. See 'keys add'.
[!] 'hibp_api' key not set. hibp_breach module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan_org module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_miner module will likely fail at runtime. See 'keys add'.
[!] 'twitter_api' key not set. twitter module will likely fail at runtime. See 'keys add'.
[!] 'twitter_secret' key not set. twitter module will likely fail at runtime. See 'keys add'.
[!] 'flickr_api' key not set. flickr module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. youtube module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. geocode module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. reverse_geocode module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_repos module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_linkedin_cache module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_users module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_linkedin_contacts module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_api' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_secret' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_api' key not set. api_usage module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_secret' key not set. api_usage module will likely fail at runtime. See 'keys add'.
[!] Module 'recon/domains-credentials/pwnedlist/domain_creds' disabled. Dependency required: ''pyaes''.
[!] 'pwnedlist_api' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_secret' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.
[!] Module 'recon/domains-credentials/pwnedlist/account_creds' disabled. Dependency required: ''pyaes''.
[!] 'shodan_api' key not set. shodan_ip module will likely fail at runtime. See 'keys add'.
[!] 'binaryedge_api' key not set. binaryedge module will likely fail at runtime. See 'keys add'.
[!] 'hashes_api' key not set. hashes_org module will likely fail at runtime. See 'keys add'.
[!] 'virustotal_api' key not set. virustotal module will likely fail at runtime. See 'keys add'.
[!] 'ipstack_api' key not set. ipstack module will likely fail at runtime. See 'keys add'.
[!] 'ipinfodb_api' key not set. ipinfodb module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_ip module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. pushpin module will likely fail at runtime. See 'keys add'.
2、新版本的recon-ng v5.0.0好多命令不能使用了,例如:use、 show modules......等等,我查看帮助 help 命令后,结果发现少了很多的命令,很尴尬。如下图:
因此建议大家,还是不要上来就直接用新版本的 recon-ng v5.0.0,经过我的测试,recon-ng 4.9.2 就不会出现这些问题。我就算重新去github下载安装,还是会出现命令不全的问题。因此,还是建议大家用老版本的recon-ng,毕竟老版本用习惯了。是不是我用了新版本就不能用recon-ng其它命令了吗?当然不是,请继续向下看:
解决方法
新版本的recon-ng V5.0.0只是有些命令用法会变了。新用法如下:
更新模块市场列表命令:
[recon-ng][default] > marketplace refresh
搜索模块市场模块命令:
[recon-ng][default] > marketplace search hackertarget
搜索模块命令:
[recon-ng][default] > modules search hackertarget
模块市场安装指定模块命令:
[recon-ng][default] > marketplace install recon/domains-hosts/hackertarget
第一步:加载指定模块,也就是类似于老版本的 use 选择模块命令一样。
[recon-ng][default] > modules load recon/domains-hosts/hackertarget
第二步:加载指定模块后,我们可以用“info”命令显示有关加载的模块的详细信息;
[recon-ng][default][hackertarget] > info
第三步:然后还可以列出模块选项参数,可以用命令:
[recon-ng][default][hackertarget] > options list
第四步:设置模块选项参数,可以用命令:
[recon-ng][default][hackertarget] > options set SOURCE www.fujieace.com
第五步:运行加载的模块,命令还是跟以前一样:
[recon-ng][default][hackertarget] > run
最近新电脑安装了 Kali linux 2020.1b 版本,结果我发现 recon-ng版本已经是 recon-ng V5.1.1了,同样也提示了“No modules enabled/installed.(未启用/未安装任何模块。)”。
我依然学着上面再使用它的时候,好多命令根本不能使用,模块也安装不了,直接提示“[!] Invalid module path.(无效的模块路径。)”,如下图:
我试着用“recon-web”命令,浏览器输入“127.0.0.1:5000”打开web界面看了一下,结果,果然一个模块都没有。
root@kali:/# recon-web
解决方法
目前我还没有找到解决方法,哪怕我是卸载掉,源码再重装也没有解决。我去 https://github.com/lanmaster53/recon-ng/ 暂时也没有找到答案。
至少暂时唯一的解决方法估计也就是回退版本了吧!
我个人推测造成这个原因是因为 kali linux 更新源库可能未更新或者是recon-ng版本的问题。
因为我执行“marketplace refresh ”命令的时候,出现了“[!] Unable to synchronize module index. (ConnectionError).(无法同步模块索引。 (连接错误)。)”。
[recon-ng][default] > marketplace refresh
为什么要说是recon-ng版本的问题?
因为“[!] Unable to synchronize module index. (ConnectionError).”这个错误在以前的 recon-ng v5.0.0 版本也有群友出现过。都是升级版本或回退版本解决这个问题的。由于我们现在这里是最新版本,想升级也升级不了,想要解决这个问题就只能回退版本。又回到了原地踏步!
[!] Unable to synchronize module index. (ConnectionError) 解决方法
这里以 recon-ng V5.1.1 版本为例子,解决方案对我自己的情况适用,不 一定对所有的情况适用。大家可以当一个参考吧!具体如下:
1、把动态ip改为静态ip
sudo vim /etc/network/interfaces.d/eth0
内容如下:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static # static IP
address 192.168.1.8
netmask 255.255.255.0
gateway 192.168.1.1
2、把DNS的nameserver从192.168.1.1改为:
nameserver 114.114.114.114
nameserver 8.8.4.4
3、Set up proxy server for git (optional,可选)
git config --global http.proxy ‘socks5://127.0.0.1:1080‘
git config --global https.proxy ‘socks5://127.0.0.1:1080‘
2020年08月13日 16:48:58 沙发
已找到5.1.1版本解决方案,解决方案见:http://www.shangdixinxi.com/detail-1402482.html
2017年09月29日 23:54:07 板凳
可惜很多API失效了,报“recon-ng key not set”这个解决不了,有点麻烦,我也找不着好的API地址啊,悲哀!