Skip to main content
ASM Cheatsheet

Recon-ng

Intermediate to Advanced

Full-featured reconnaissance framework

https://github.com/lanmaster53/recon-ng

Installation

# Clone repository
git clone https://github.com/lanmaster53/recon-ng.git
cd recon-ng
pip install -r REQUIREMENTS

# Or via package manager
sudo apt install recon-ng

Usage

Basic Workflow

# Start recon-ng
recon-ng

# Create workspace
workspaces create example_corp

# Add domains
db insert domains example.com
db insert domains subdomain.example.com

# Install modules
marketplace install all

# Load and run modules
modules load recon/domains-hosts/hackertarget
run

# View results
show hosts
show contacts

Advanced Module Usage

# Certificate transparency
modules load recon/domains-hosts/certificate_transparency
run

# Shodan integration
modules load recon/hosts-hosts/shodan_hostname
keys add shodan_api YOUR_API_KEY
run

# Google dorking
modules load recon/domains-hosts/google_site_web
run

# Export results
modules load reporting/html
set FILENAME /tmp/report.html
run