Kali Linux 信息收集工具 recon-ng 使用教程

recon-ng是功能齐全的recon-ng框架,其目的是提供一个强大的环境,以快速,彻底地进行基于Web的开源侦查。recon-ng的使用方法和 Metasploit Framewor非常的相似。

 

由于此工具,很多的用法以及帮助文件不像其它工具那样一目了然,因此需要换个方法来教大家;

 

一、列出帮助文件

  1. [recon-ng][default] > help
  2. Commands (type [help|?] <topic>):

add 添加记录到数据库

back 返回退出当前上下文

delete 从数据库中删除记录

exit 退出框架

help 显示此帮助菜单

keys 键管理框架API键

load 负载指定模块

pdb 启动Python Debugger会话

query 查询数据库

record 将命令记录到资源文件

reload 重新加载所有模块

resource 从资源文件执行命令

search 搜索可用的模块

set 设置模块选项

shell 执行shell命令

show 显示各种框架项目

snapshots 管理工作区快照

spool 输出到文件

unset 模块选项

use 使用指定模块

workspaces 管理工作区

 

二、列出所有的模块

  1. [recon-ng][default] > show modules  

 

所有模块如下:

  1. Discovery
  2.   ---------
  3.     discovery/info_disclosure/cache_snoop
  4.     discovery/info_disclosure/interesting_files
  5.   Exploitation
  6.   ------------
  7.     exploitation/injection/command_injector
  8.     exploitation/injection/xpath_bruter
  9.   Import
  10.   ------
  11.     import/csv_file
  12.     import/list
  13.   Recon
  14.   -----
  15.     recon/companies-contacts/bing_linkedin_cache
  16.     recon/companies-contacts/jigsaw/point_usage
  17.     recon/companies-contacts/jigsaw/purchase_contact
  18.     recon/companies-contacts/jigsaw/search_contacts
  19.     recon/companies-contacts/linkedin_auth
  20.     recon/companies-multi/github_miner
  21.     recon/companies-multi/whois_miner
  22.     recon/contacts-contacts/mailtester
  23.     recon/contacts-contacts/mangle
  24.     recon/contacts-contacts/unmangle
  25.     recon/contacts-credentials/hibp_breach
  26.     recon/contacts-credentials/hibp_paste
  27.     recon/contacts-domains/migrate_contacts
  28.     recon/contacts-profiles/fullcontact
  29.     recon/credentials-credentials/adobe
  30.     recon/credentials-credentials/bozocrack
  31.     recon/credentials-credentials/hashes_org
  32.     recon/domains-contacts/metacrawler
  33.     recon/domains-contacts/pgp_search
  34.     recon/domains-contacts/whois_pocs
  35.     recon/domains-credentials/pwnedlist/account_creds
  36.     recon/domains-credentials/pwnedlist/api_usage
  37.     recon/domains-credentials/pwnedlist/domain_creds
  38.     recon/domains-credentials/pwnedlist/domain_ispwned
  39.     recon/domains-credentials/pwnedlist/leak_lookup
  40.     recon/domains-credentials/pwnedlist/leaks_dump
  41.     recon/domains-domains/brute_suffix
  42.     recon/domains-hosts/bing_domain_api
  43.     recon/domains-hosts/bing_domain_web
  44.     recon/domains-hosts/brute_hosts
  45.     recon/domains-hosts/builtwith
  46.     recon/domains-hosts/certificate_transparency
  47.     recon/domains-hosts/google_site_api
  48.     recon/domains-hosts/google_site_web
  49.     recon/domains-hosts/hackertarget
  50.     recon/domains-hosts/mx_spf_ip
  51.     recon/domains-hosts/netcraft
  52.     recon/domains-hosts/shodan_hostname
  53.     recon/domains-hosts/ssl_san
  54.     recon/domains-hosts/threatcrowd
  55.     recon/domains-vulnerabilities/ghdb
  56.     recon/domains-vulnerabilities/punkspider
  57.     recon/domains-vulnerabilities/xssed
  58.     recon/domains-vulnerabilities/xssposed
  59.     recon/hosts-domains/migrate_hosts
  60.     recon/hosts-hosts/bing_ip
  61.     recon/hosts-hosts/freegeoip
  62.     recon/hosts-hosts/ipinfodb
  63.     recon/hosts-hosts/resolve
  64.     recon/hosts-hosts/reverse_resolve
  65.     recon/hosts-hosts/ssltools
  66.     recon/hosts-locations/migrate_hosts
  67.     recon/hosts-ports/shodan_ip
  68.     recon/locations-locations/geocode
  69.     recon/locations-locations/reverse_geocode
  70.     recon/locations-pushpins/flickr
  71.     recon/locations-pushpins/instagram
  72.     recon/locations-pushpins/picasa
  73.     recon/locations-pushpins/shodan
  74.     recon/locations-pushpins/twitter
  75.     recon/locations-pushpins/youtube
  76.     recon/netblocks-companies/whois_orgs
  77.     recon/netblocks-hosts/reverse_resolve
  78.     recon/netblocks-hosts/shodan_net
  79.     recon/netblocks-ports/census_2012
  80.     recon/netblocks-ports/censysio
  81.     recon/ports-hosts/migrate_ports
  82.     recon/profiles-contacts/dev_diver
  83.     recon/profiles-contacts/github_users
  84.     recon/profiles-profiles/namechk
  85.     recon/profiles-profiles/profiler
  86.     recon/profiles-profiles/twitter_mentioned
  87.     recon/profiles-profiles/twitter_mentions
  88.     recon/profiles-repositories/github_repos
  89.     recon/repositories-profiles/github_commits
  90.     recon/repositories-vulnerabilities/gists_search
  91.     recon/repositories-vulnerabilities/github_dorks
  92.   Reporting
  93.   ---------
  94.     reporting/csv
  95.     reporting/html
  96.     reporting/json
  97.     reporting/list
  98.     reporting/proxifier
  99.     reporting/pushpin
  100.     reporting/xlsx
  101.     reporting/xml

 

三、选择模块

每个模块它的功能是不一样的,我现在随意选择一个模块:

  1. [recon-ng][default] > use recon/hosts-hosts/bing_ip  

 

三、显示你刚选择模块的信息

  1. [recon-ng][default][bing_ip] > show info

show info

 

 

四、设置源头

主要是指:你要收集哪个网站的信息?一般以域名或主机为主;

  1. SOURCE www.fujieace.com

SOURCE www.fujieace.com

注意,这一步可能会遇到“/bin/sh: 1: SOURCE: not found”,这个很正常的;这是因为你设置过已经存在的源头或模块本身的问题;

 

五、运行

  1. [recon-ng][default][bing_ip] >run  

 

六、查看运行结果

不过,我想告诉大家的是,由于此工具很多的API都没有更新,因此很多的模块查询可以说几乎是没有什么效果的,以前用这个工具可以查出网站很多的信息,但是现在我只能呵呵了!之所以查不出来,也是由于互联网整体安全提升的原因吧!这未必就是坏事。

 

注意:

如果你刚打开此工具会出现如下提示:

  1. [!] 'shodan_api' key not set. shodan_net module will likely fail at runtime. See 'keys add'.  
  2. [!] 'github_api' key not set. github_miner module will likely fail at runtime. See 'keys add'.  
  3. [!] 'github_api' key not set. github_commits module will likely fail at runtime. See 'keys add'.  
  4. [!] 'pwnedlist_api' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.  
  5. [!] 'pwnedlist_secret' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.  
  6. [!] 'pwnedlist_api' key not set. account_creds module will likely fail at runtime. See 'keys add'.  
  7. [!] 'pwnedlist_secret' key not set. account_creds module will likely fail at runtime. See 'keys add'.  
  8. [!] 'pwnedlist_iv' key not set. account_creds module will likely fail at runtime. See 'keys add'.  
  9. [!] 'pwnedlist_api' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.  
  10. [!] 'pwnedlist_secret' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.  
  11. [!] 'pwnedlist_api' key not set. domain_creds module will likely fail at runtime. See 'keys add'.  
  12. ......

 

出现这个问题是因为这些api找不到了;如果你有好的API地址你可以自己添加;

语法格式:

keys [list|add|delete]

keys add <name> <value>

keys list

 

在线视频地址:

优酷:http://v.youku.com/v_show/id_XMzAzNzk4MTYyNA==.html

腾讯: https://v.qq.com/x/page/u0553o5f6h5.html

爱奇艺:http://www.iqiyi.com/w_19rvc9c4g1.html

乐视:http://www.le.com/ptv/vplay/30898710.html

 

 

由于最近更新了一下Kali Linux,试了一下新版本的"recon-ng v5.0.0",会遇到以下这些情况:

 

1、刚启动的时候,会提示“No modules enabled/installed.(未启用/未安装任何模块。)”如下图:No modules enabled/installed.

 

在 marketplace 模块市场搜索的时候,会出现大量的 marketplacenotinstalled;如下图:marketplace not installed

 

解决方法

官方给出的答案是,此框架本身默认不包含任何模块。必须从 marketplace 模块市场中安装模块。

可以用命令来安装所有的模块:

[recon-ng][default] > marketplace install all

 

安装后会报如下错误,绿色背景的是缺少模块,由于recon-ng是python开发的,可以直接用pip install PyPDF3来解决,缺少其它模块原理一样。

关于缺少api的问题,跟上面老版本的recon-ng操作一样。

[!] Module 'recon/domains-contacts/metacrawler' disabled. Dependency required: ''PyPDF3''.
[!] 'github_api' key not set. github_dorks module will likely fail at runtime. See 'keys add'.
[!] 'censysio_id' key not set. censysio module will likely fail at runtime. See 'keys add'.
[!] 'censysio_secret' key not set. censysio module will likely fail at runtime. See 'keys add'.
[!] 'twitter_api' key not set. twitter_mentions module will likely fail at runtime. See 'keys add'.
[!] 'twitter_secret' key not set. twitter_mentions module will likely fail at runtime. See 'keys add'.
[!] 'namechk_api' key not set. namechk module will likely fail at runtime. See 'keys add'.
[!] 'twitter_api' key not set. twitter_mentioned module will likely fail at runtime. See 'keys add'.
[!] 'twitter_secret' key not set. twitter_mentioned module will likely fail at runtime. See 'keys add'.
[!] 'fullcontact_api' key not set. fullcontact module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_commits module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_domain_api module will likely fail at runtime. See 'keys add'.
[!] 'binaryedge_api' key not set. binaryedge module will likely fail at runtime. See 'keys add'.
[!] 'builtwith_api' key not set. builtwith module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan_hostname module will likely fail at runtime. See 'keys add'.
[!] 'virustotal_api' key not set. virustotal module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan_net module will likely fail at runtime. See 'keys add'.
[!] 'hibp_api' key not set. hibp_paste module will likely fail at runtime. See 'keys add'.
[!] 'hibp_api' key not set. hibp_breach module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan_org module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_miner module will likely fail at runtime. See 'keys add'.
[!] 'twitter_api' key not set. twitter module will likely fail at runtime. See 'keys add'.
[!] 'twitter_secret' key not set. twitter module will likely fail at runtime. See 'keys add'.
[!] 'flickr_api' key not set. flickr module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. youtube module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. geocode module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. reverse_geocode module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_repos module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_linkedin_cache module will likely fail at runtime. See 'keys add'.
[!] 'github_api' key not set. github_users module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_linkedin_contacts module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_api' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_secret' key not set. leaks_dump module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_api' key not set. api_usage module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_secret' key not set. api_usage module will likely fail at runtime. See 'keys add'.
[!] Module 'recon/domains-credentials/pwnedlist/domain_creds' disabled. Dependency required: ''pyaes''.
[!] 'pwnedlist_api' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.
[!] 'pwnedlist_secret' key not set. domain_ispwned module will likely fail at runtime. See 'keys add'.
[!] Module 'recon/domains-credentials/pwnedlist/account_creds' disabled. Dependency required: ''pyaes''.
[!] 'shodan_api' key not set. shodan_ip module will likely fail at runtime. See 'keys add'.
[!] 'binaryedge_api' key not set. binaryedge module will likely fail at runtime. See 'keys add'.
[!] 'hashes_api' key not set. hashes_org module will likely fail at runtime. See 'keys add'.
[!] 'virustotal_api' key not set. virustotal module will likely fail at runtime. See 'keys add'.
[!] 'ipstack_api' key not set. ipstack module will likely fail at runtime. See 'keys add'.
[!] 'ipinfodb_api' key not set. ipinfodb module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_ip module will likely fail at runtime. See 'keys add'.
[!] 'google_api' key not set. pushpin module will likely fail at runtime. See 'keys add'.

 

2、新版本的recon-ng v5.0.0好多命令不能使用了,例如:use、 show modules......等等,我查看帮助 help 命令后,结果发现少了很多的命令,很尴尬。如下图:

因此建议大家,还是不要上来就直接用新版本的 recon-ng v5.0.0,经过我的测试,recon-ng 4.9.2 就不会出现这些问题。我就算重新去github下载安装,还是会出现命令不全的问题。因此,还是建议大家用老版本的recon-ng,毕竟老版本用习惯了。是不是我用了新版本就不能用recon-ng其它命令了吗?当然不是,请继续向下看:

 

解决方法

新版本的recon-ng V5.0.0只是有些命令用法会变了。新用法如下:

 

更新模块市场列表命令:

[recon-ng][default] > marketplace refresh

 

搜索模块市场模块命令:

[recon-ng][default] > marketplace search hackertarget

 

搜索模块命令:

[recon-ng][default] > modules search hackertarget

 

模块市场安装指定模块命令:

[recon-ng][default] > marketplace install recon/domains-hosts/hackertarget

 

第一步:加载指定模块,也就是类似于老版本的 use 选择模块命令一样。

[recon-ng][default] > modules load recon/domains-hosts/hackertarget

 

第二步:加载指定模块后,我们可以用“info”命令显示有关加载的模块的详细信息;

[recon-ng][default][hackertarget] > info

 

第三步:然后还可以列出模块选项参数,可以用命令:

[recon-ng][default][hackertarget] > options list

 

第四步:设置模块选项参数,可以用命令:

[recon-ng][default][hackertarget] > options set SOURCE www.fujieace.com

 

第五步:运行加载的模块,命令还是跟以前一样:

[recon-ng][default][hackertarget] > run

 

 

最近新电脑安装了 Kali linux 2020.1b 版本,结果我发现 recon-ng版本已经是 recon-ng V5.1.1了,同样也提示了“No modules enabled/installed.(未启用/未安装任何模块。)”。(未启用/未安装任何模块。)

 

我依然学着上面再使用它的时候,好多命令根本不能使用,模块也安装不了,直接提示“[!] Invalid module path.(无效的模块路径。)”,如下图:

[!] Invalid module path.

 

我试着用“recon-web”命令,浏览器输入“127.0.0.1:5000”打开web界面看了一下,结果,果然一个模块都没有。

root@kali:/# recon-web

recon-web

 

解决方法

目前我还没有找到解决方法,哪怕我是卸载掉,源码再重装也没有解决。我去 https://github.com/lanmaster53/recon-ng/ 暂时也没有找到答案。

 

至少暂时唯一的解决方法估计也就是回退版本了吧!

 

我个人推测造成这个原因是因为 kali linux 更新源库可能未更新或者是recon-ng版本的问题。

 

因为我执行“marketplace refresh ”命令的时候,出现了“[!] Unable to synchronize module index. (ConnectionError).(无法同步模块索引。 (连接错误)。)”。

[recon-ng][default] > marketplace refresh

Unable to synchronize module index. (ConnectionError)

 

为什么要说是recon-ng版本的问题?

因为“[!] Unable to synchronize module index. (ConnectionError).”这个错误在以前的 recon-ng v5.0.0 版本也有群友出现过。都是升级版本或回退版本解决这个问题的。由于我们现在这里是最新版本,想升级也升级不了,想要解决这个问题就只能回退版本。又回到了原地踏步!

 

 

[!] Unable to synchronize module index. (ConnectionError) 解决方法

这里以 recon-ng V5.1.1 版本为例子,解决方案对我自己的情况适用, 一定对所有的情况适用。大家可以当一个参考吧!具体如下:

 

1、把动态ip改为静态ip

sudo vim /etc/network/interfaces.d/eth0

 

内容如下:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static # static IP 
address 192.168.1.8
netmask 255.255.255.0
gateway 192.168.1.1

 

2、把DNS的nameserver从192.168.1.1改为:

nameserver 114.114.114.114
nameserver 8.8.4.4

 

3、Set up proxy server for git (optional,可选)

git config --global http.proxy ‘socks5://127.0.0.1:1080‘
git config --global https.proxy ‘socks5://127.0.0.1:1080‘
付杰
数据库基础篇:SQLServer+MySQL+HeidiSQL
  • ¥ 189.0元
  • 市场价:269.0元
购买
详情
uni-app高级实战:视频点播app小程序开发
  • ¥ 198.0元
  • 市场价:498.0元
购买
详情
Vue2.x实战:点餐系统(axios路由/vuex)
  • ¥ 59.8元
  • 市场价:99.8元
购买
详情
PHP零基础入门到精通视频教程
  • ¥ 199.0元
  • 市场价:199.0元
购买
详情

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

目前评论:2   其中:访客  0   博主  0

  1. 头像 Deutsh 0
    回复 2020年08月13日 16:48:58  沙发

    已找到5.1.1版本解决方案,解决方案见:http://www.shangdixinxi.com/detail-1402482.html

  2. 头像 杨攀遥 2
    回复 2017年09月29日 23:54:07  板凳

    可惜很多API失效了,报“recon-ng key not set”这个解决不了,有点麻烦,我也找不着好的API地址啊,悲哀!