provocativo_
back to the arsenal
// arsenal·Recon & OSINTIntermediateFOSS

Recon-ng

Full-feature reconnaissance framework written in Python with a Metasploit-like interface.

Recon & OSINT

$ recon-ng --help

Recon-ng

// what it is

Description

Tim Tomes' modular recon framework — looks like msfconsole, but every module is an OSINT pull rather than an exploit. State is stored in a SQLite workspace, so you can run dozens of modules and pivot between results.

// use cases

What people use it for

  • Stateful, repeatable OSINT runs
  • Building a reconnaissance corpus before a phishing campaign
  • Pivoting between hosts/contacts/credentials across modules

// commands

The commands you'll type

Start a workspace

$ recon-ng -w target_project

Marketplace install module

$ marketplace install recon/domains-hosts/hackertarget

// facts

category
Recon & OSINT
platforms
LIN · MAC
license
FOSS
difficulty
Intermediate

// links

// related in Recon & OSINT

Recon & OSINTBeginner

Nmap/en-map/

The Network Mapper — Fyodor's port-scanner and host-discovery framework.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTIntermediate

Masscan

Internet-scale TCP port scanner — claims 10M packets/second on the right hardware.

FOSS
LIN·WIN·MAC
open entry →
Recon & OSINTBeginner

Shodan

Search engine for internet-connected devices — banners, certs, screenshots.

Freemium
WEB·LIN·WIN·MAC
open entry →