Zum Inhalt

Recon-ng Web Reconnaissance Rahmen Cheat Blatt

generieren

Überblick

Recon-ng ist ein vollwertiges Web-Rekonaissance-Rahmen geschrieben in Python. Es bietet eine leistungsfähige Umgebung für die Durchführung von webbasierten Open Source-Erklärungen schnell und gründlich. Das Framework verfügt über unabhängige Module, Datenbank-Interaktion, integrierte Komfortfunktionen, interaktive Hilfe und Befehlsabwicklung. Es ist modular aufgebaut, so dass Benutzer einfach benutzerdefinierte Module hinzufügen und Funktionalität erweitern.

ZEIT Legal Hinweis: Verwenden Sie Recon-ng nur auf Ziele, die Sie besitzen oder haben ausdrückliche Erlaubnis zu testen. Unberechtigte Aufklärung kann die Nutzungsbedingungen und die lokalen Gesetze verletzen.

Installation

Kali Linux Installation

```bash

Recon-ng is pre-installed on Kali Linux

recon-ng --help

Update to latest version

sudo apt update sudo apt install recon-ng

Alternative: Install from GitHub

git clone https://github.com/lanmaster53/recon-ng.git cd recon-ng pip3 install -r REQUIREMENTS ```_

Ubuntu/Debian Installation

```bash

Install dependencies

sudo apt update sudo apt install python3 python3-pip git

Clone repository

git clone https://github.com/lanmaster53/recon-ng.git cd recon-ng

Install Python dependencies

pip3 install -r REQUIREMENTS

Make executable

chmod +x recon-ng

Create symlink for global access

sudo ln -s $(pwd)/recon-ng /usr/local/bin/recon-ng ```_

Docker Installation

```bash

Pull official Docker image

docker pull lanmaster53/recon-ng

Run with Docker

docker run -it --rm lanmaster53/recon-ng

Build from source

git clone https://github.com/lanmaster53/recon-ng.git cd recon-ng docker build -t recon-ng .

Run custom build with volume mount

docker run -it --rm -v $(pwd)/data:/recon-ng/data recon-ng ```_

Python Virtuelle Umgebung

```bash

Create virtual environment

python3 -m venv recon-ng-env source recon-ng-env/bin/activate

Clone and install

git clone https://github.com/lanmaster53/recon-ng.git cd recon-ng pip install -r REQUIREMENTS

Run Recon-ng

python3 recon-ng ```_

Basisnutzung

Starting Recon-ng

```bash

Start interactive mode

recon-ng

Start with specific workspace

recon-ng -w workspace_name

Run specific module

recon-ng -m recon/domains-hosts/hackertarget

Execute commands from file

recon-ng -r commands.txt

Show version and exit

recon-ng --version ```_

Kernkommandos

```bash

Help system

help help modules help

Workspace management

workspaces list workspaces create workspaces select workspaces delete

Module management

modules search modules search modules load modules reload

Database operations

db schema db query db insert

db delete
```_

Workspace Management

Workspaces erstellen und verwalten

```bash

List available workspaces

[recon-ng][default] > workspaces list

Create new workspace

[recon-ng][default] > workspaces create example_com

Select workspace

[recon-ng][default] > workspaces select example_com

Show current workspace

[recon-ng][example_com] > workspaces list

Delete workspace

[recon-ng][example_com] > workspaces delete old_workspace ```_

Datenbankschema

```bash

View database schema

[recon-ng][example_com] > db schema

Common tables:

- domains: Target domains

- hosts: Discovered hosts/IPs

- contacts: Email addresses and contacts

- credentials: Found credentials

- leaks: Data breach information

- locations: Geographic information

- netblocks: IP ranges

- ports: Open ports

- profiles: Social media profiles

- repositories: Code repositories

- vulnerabilities: Security vulnerabilities

```_

Manuelle Datenerfassung

```bash

Add domain

[recon-ng][example_com] > db insert domains example.com

Add host

[recon-ng][example_com] > db insert hosts 192.168.1.1 example.com

Add contact

[recon-ng][example_com] > db insert contacts John Doe john.doe@example.com

View data

[recon-ng][example_com] > show domains [recon-ng][example_com] > show hosts [recon-ng][example_com] > show contacts ```_

Modulsystem

Modulkategorien

```bash

Discovery modules

modules search discovery

Exploitation modules

modules search exploit

Import modules

modules search import

Recon modules

modules search recon

Reporting modules

modules search reporting ```_

Laden und Verwenden von Modulen

```bash

Load a module

[recon-ng][example_com] > modules load recon/domains-hosts/hackertarget

Show module info

[recon-ng][example_com][hackertarget] > info

Show module options

[recon-ng][example_com][hackertarget] > options list

Set module options

[recon-ng][example_com][hackertarget] > options set SOURCE example.com

Run module

[recon-ng][example_com][hackertarget] > run

Go back to main menu

[recon-ng][example_com][hackertarget] > back ```_

Beliebte Reconnaissance Module

```bash

DNS enumeration

modules load recon/domains-hosts/hackertarget modules load recon/domains-hosts/threatcrowd modules load recon/domains-hosts/certificate_transparency

Subdomain discovery

modules load recon/domains-hosts/google_site_web modules load recon/domains-hosts/bing_domain_web modules load recon/domains-hosts/netcraft

Host enumeration

modules load recon/hosts-hosts/resolve modules load recon/hosts-ports/shodan_hostname modules load recon/netblocks-hosts/shodan_net

Contact harvesting

modules load recon/domains-contacts/whois_pocs modules load recon/domains-contacts/metacrawler modules load recon/contacts-contacts/fullcontact

Social media profiling

modules load recon/profiles-profiles/twitter modules load recon/contacts-profiles/fullcontact ```_

API Schlüsselverwaltung

API-Schlüssel einrichten

```bash

Show required API keys

[recon-ng][example_com] > keys list

Add API key

[recon-ng][example_com] > keys add shodan_api [recon-ng][example_com] > keys add google_api [recon-ng][example_com] > keys add bing_api

Remove API key

[recon-ng][example_com] > keys remove shodan_api

Show configured keys

[recon-ng][example_com] > keys list ```_

Gemeinsame API Services

```bash

Shodan (for host/port information)

keys add shodan_api

Google Custom Search (for web searches)

keys add google_api keys add google_cse

Bing Search API

keys add bing_api

FullContact (for contact information)

keys add fullcontact_api

Hunter.io (for email discovery)

keys add hunter_api

SecurityTrails (for DNS data)

keys add securitytrails_api

VirusTotal (for domain/IP reputation)

keys add virustotal_api ```_

Advanced Reconnaissance Workflows

Domain Reconnaissance Workflow

```bash

!/bin/bash

recon-ng-domain-workflow.sh

DOMAIN="$1" WORKSPACE="$2"

if [ $# -ne 2 ]; then echo "Usage: $0 " exit 1 fi

Create Recon-ng resource script

cat > domain_recon.rc << EOF workspaces create $WORKSPACE workspaces select $WORKSPACE db insert domains $DOMAIN

DNS enumeration

modules load recon/domains-hosts/hackertarget options set SOURCE $DOMAIN run

modules load recon/domains-hosts/threatcrowd options set SOURCE $DOMAIN run

modules load recon/domains-hosts/certificate_transparency options set SOURCE $DOMAIN run

Subdomain discovery

modules load recon/domains-hosts/google_site_web options set SOURCE $DOMAIN run

modules load recon/domains-hosts/bing_domain_web options set SOURCE $DOMAIN run

Contact harvesting

modules load recon/domains-contacts/whois_pocs options set SOURCE $DOMAIN run

modules load recon/domains-contacts/metacrawler options set SOURCE $DOMAIN run

Host resolution

modules load recon/hosts-hosts/resolve run

Port scanning (if Shodan API available)

modules load recon/hosts-ports/shodan_hostname run

Generate report

modules load reporting/html options set FILENAME $WORKSPACE_report.html run

show domains show hosts show contacts EOF

echo "Running Recon-ng domain reconnaissance for $DOMAIN" recon-ng -r domain_recon.rc ```_

Unternehmen Intelligenz Sammeln

```bash

Create company intelligence script

cat > company_recon.rc << 'EOF' workspaces create company_intel workspaces select company_intel

Add company domain

db insert domains company.com

Employee enumeration

modules load recon/domains-contacts/whois_pocs options set SOURCE company.com run

modules load recon/domains-contacts/metacrawler options set SOURCE company.com run

Social media profiling

modules load recon/contacts-profiles/fullcontact run

modules load recon/profiles-profiles/twitter run

Technology stack identification

modules load recon/domains-hosts/hackertarget options set SOURCE company.com run

Infrastructure discovery

modules load recon/hosts-ports/shodan_hostname run

modules load recon/netblocks-hosts/shodan_net run

Generate comprehensive report

modules load reporting/html options set FILENAME company_intelligence.html run

show summary EOF ```_

Automatisierte Rekonnaissance Script

```python

!/usr/bin/env python3

automated-recon.py

import subprocess import json import time import os

class ReconNGAutomation: def init(self, workspace_name): self.workspace = workspace_name self.results = \\{\\}

def create_workspace(self):
    """Create and select workspace"""
    commands = [
        f"workspaces create \\\\{self.workspace\\\\}",
        f"workspaces select \\\\{self.workspace\\\\}"
    ]
    return commands

def add_domains(self, domains):
    """Add domains to workspace"""
    commands = []
    for domain in domains:
        commands.append(f"db insert domains \\\\{domain\\\\}")
    return commands

def run_reconnaissance_modules(self, target_type="domains"):
    """Run reconnaissance modules based on target type"""
    modules = \\\\{
        "domains": [
            "recon/domains-hosts/hackertarget",
            "recon/domains-hosts/threatcrowd",
            "recon/domains-hosts/certificate_transparency",
            "recon/domains-hosts/google_site_web",
            "recon/domains-contacts/whois_pocs"
        ],
        "hosts": [
            "recon/hosts-hosts/resolve",
            "recon/hosts-ports/shodan_hostname"
        ],
        "contacts": [
            "recon/contacts-profiles/fullcontact",
            "recon/contacts-contacts/fullcontact"
        ]
    \\\\}

    commands = []
    for module in modules.get(target_type, []):
        commands.extend([
            f"modules load \\\\{module\\\\}",
            "run",
            "back"
        ])

    return commands

def generate_reports(self):
    """Generate various reports"""
    commands = [
        "modules load reporting/html",
        f"options set FILENAME \\\\{self.workspace\\\\}_report.html",
        "run",
        "back",
        "modules load reporting/json",
        f"options set FILENAME \\\\{self.workspace\\\\}_data.json",
        "run",
        "back"
    ]
    return commands

def create_resource_script(self, domains, output_file="auto_recon.rc"):
    """Create complete resource script"""
    all_commands = []

    # Setup workspace
    all_commands.extend(self.create_workspace())

    # Add domains
    all_commands.extend(self.add_domains(domains))

    # Run reconnaissance
    all_commands.extend(self.run_reconnaissance_modules("domains"))
    all_commands.extend(self.run_reconnaissance_modules("hosts"))
    all_commands.extend(self.run_reconnaissance_modules("contacts"))

    # Generate reports
    all_commands.extend(self.generate_reports())

    # Add summary commands
    all_commands.extend([
        "show domains",
        "show hosts",
        "show contacts",
        "show profiles"
    ])

    # Write to file
    with open(output_file, 'w') as f:
        for command in all_commands:
            f.write(command + '\n')

    return output_file

def run_automation(self, domains):
    """Run complete automation"""
    script_file = self.create_resource_script(domains)

    print(f"Running automated reconnaissance for \\\\{len(domains)\\\\} domains")
    print(f"Workspace: \\\\{self.workspace\\\\}")
    print(f"Script: \\\\{script_file\\\\}")

    try:
        result = subprocess.run(
            ['recon-ng', '-r', script_file],
            capture_output=True,
            text=True,
            timeout=3600  # 1 hour timeout
        )

        if result.returncode == 0:
            print("Reconnaissance completed successfully")
            self.parse_results()
        else:
            print(f"Error: \\\\{result.stderr\\\\}")

    except subprocess.TimeoutExpired:
        print("Reconnaissance timed out")
    except Exception as e:
        print(f"Error running reconnaissance: \\\\{e\\\\}")

def parse_results(self):
    """Parse and summarize results"""
    json_file = f"\\\\{self.workspace\\\\}_data.json"

    if os.path.exists(json_file):
        try:
            with open(json_file, 'r') as f:
                data = json.load(f)

            print("\n=== Reconnaissance Summary ===")
            for table, records in data.items():
                if records:
                    print(f"\\\\{table.title()\\\\}: \\\\{len(records)\\\\} found")

                    # Show sample data
                    if len(records) > 0:
                        sample = records[0]
                        print(f"  Sample: \\\\{sample\\\\}")

        except Exception as e:
            print(f"Error parsing results: \\\\{e\\\\}")

def main(): import sys

if len(sys.argv) < 3:
    print("Usage: python3 automated-recon.py <workspace> <domain1> [domain2] ...")
    sys.exit(1)

workspace = sys.argv[1]
domains = sys.argv[2:]

automation = ReconNGAutomation(workspace)
automation.run_automation(domains)

if name == "main": main() ```_

Datenbanken

Erweiterte Abfragen

```bash

Custom SQL queries

[recon-ng][example_com] > db query SELECT * FROM domains WHERE domain LIKE '%.example.com'

Count records

[recon-ng][example_com] > db query SELECT COUNT(*) FROM hosts

Join tables

[recon-ng][example_com] > db query SELECT d.domain, h.ip_address FROM domains d JOIN hosts h ON d.domain = h.host

Export data

[recon-ng][example_com] > db query SELECT * FROM contacts WHERE email LIKE '%@example.com' ```_

Datenimport/Export

```bash

Import from CSV

modules load import/csv_file options set FILENAME contacts.csv options set TABLE contacts run

Import from Nmap XML

modules load import/nmap options set FILENAME nmap_scan.xml run

Export to various formats

modules load reporting/csv options set FILENAME export.csv run

modules load reporting/json options set FILENAME export.json run

modules load reporting/xml options set FILENAME export.xml run ```_

Datenbanksicherung und Wiederherstellung

```bash

Backup workspace database

cp ~/.recon-ng/workspaces/example_com/data.db backup_example_com.db

Restore workspace database

cp backup_example_com.db ~/.recon-ng/workspaces/example_com/data.db

Export workspace data

[recon-ng][example_com] > modules load reporting/json [recon-ng][example_com][json] > options set FILENAME full_backup.json [recon-ng][example_com][json] > run ```_

Personalentwicklung

Modulvorlage

```python

!/usr/bin/env python3

custom_module.py

from recon.core.module import BaseModule

class Module(BaseModule):

meta = \\\\{
    'name': 'Custom Reconnaissance Module',
    'author': 'Your Name ``<your.email@example.com>``',
    'version': '1.0',
    'description': 'Description of what the module does',
    'required_keys': ['api_key'],
    'dependencies': ['requests'],
    'files': [],
    'options': (
        ('source', None, True, 'source of input (see \'show info\' for details)'),
        ('limit', 100, False, 'limit number of results'),
    ),
\\\\}

def module_run(self, sources):
    """Main module execution"""
    for source in sources:
        self.heading(f"Processing: \\\\{source\\\\}", level=0)

        # Your reconnaissance logic here
        results = self.custom_recon_function(source)

        # Process results
        for result in results:
            self.insert_hosts(
                host=result['host'],
                ip_address=result['ip'],
                region=result.get('region'),
                country=result.get('country')
            )

def custom_recon_function(self, target):
    """Custom reconnaissance function"""
    # Implement your reconnaissance logic
    # Return list of dictionaries with results
    results = []

    try:
        # Example API call or data processing
        response = self.request('GET', f'https://api.example.com/lookup/\\\\{target\\\\}')
        data = response.json()

        for item in data.get('results', []):
            results.append(\\\\{
                'host': item['hostname'],
                'ip': item['ip_address'],
                'region': item.get('region'),
                'country': item.get('country')
            \\\\})

    except Exception as e:
        self.error(f"Error processing \\\\{target\\\\}: \\\\{e\\\\}")

    return results

```_

Benutzerdefinierte Module installieren

```bash

Copy module to modules directory

cp custom_module.py ~/.recon-ng/modules/recon/domains-hosts/

Reload modules

[recon-ng][example_com] > modules reload

Load custom module

[recon-ng][example_com] > modules load recon/domains-hosts/custom_module

Use custom module

[recon-ng][example_com][custom_module] > options set SOURCE example.com [recon-ng][example_com][custom_module] > run ```_

Integration mit anderen Tools

Nmap Integration

```bash

!/bin/bash

recon-ng-nmap-integration.sh

WORKSPACE="$1" NMAP_OUTPUT="nmap_results.xml"

if [ $# -ne 1 ]; then echo "Usage: $0 " exit 1 fi

Export hosts from Recon-ng

cat > export_hosts.rc << EOF workspaces select $WORKSPACE db query SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL EOF

Get IP addresses

| recon-ng -r export_hosts.rc | grep -oE '([0-9]\\{1,3\\}.)\\{3\\}[0-9]\\{1,3\\}' | sort -u > ips.txt |

if [ -s ips.txt ]; then echo "Scanning $(wc -l < ips.txt) IP addresses with Nmap"

# Run Nmap scan
nmap -sS -sV -O -oX "$NMAP_OUTPUT" -iL ips.txt

# Import results back to Recon-ng
cat > import_nmap.rc << EOF

workspaces select $WORKSPACE modules load import/nmap options set FILENAME $NMAP_OUTPUT run EOF

recon-ng -r import_nmap.rc
echo "Nmap results imported to Recon-ng workspace: $WORKSPACE"

else echo "No IP addresses found in workspace" fi ```_

Metasploit Integration

```bash

!/bin/bash

recon-ng-metasploit-integration.sh

WORKSPACE="$1" MSF_WORKSPACE="$2"

if [ $# -ne 2 ]; then echo "Usage: $0 " exit 1 fi

Export data from Recon-ng

cat > export_data.rc << EOF workspaces select $WORKSPACE modules load reporting/json options set FILENAME recon_data.json run EOF

recon-ng -r export_data.rc

Create Metasploit resource script

python3 << 'PYTHON_SCRIPT' import json import sys

try: with open('recon_data.json', 'r') as f: data = json.load(f)

with open('metasploit_import.rc', 'w') as f:
    f.write(f"workspace -a \\\\{sys.argv[1]\\\\}\n")
    f.write(f"workspace \\\\{sys.argv[1]\\\\}\n\n")

    # Import hosts
    if 'hosts' in data:
        for host in data['hosts']:
            if host.get('ip_address'):
                f.write(f"hosts -a \\\\{host['ip_address']\\\\}")
                if host.get('host'):
                    f.write(f" -n \\\\{host['host']\\\\}")
                f.write("\n")

    # Import services/ports
    if 'ports' in data:
        for port in data['ports']:
            if port.get('ip_address') and port.get('port'):
                f.write(f"services -a -p \\\\{port['port']\\\\}")
                if port.get('protocol'):
                    f.write(f" -s \\\\{port['protocol']\\\\}")
                f.write(f" \\\\{port['ip_address']\\\\}\n")

    # Add notes for contacts
    if 'contacts' in data:
        for contact in data['contacts']:
            if contact.get('email'):
                f.write(f"notes -a -t email -d \"\\\\{contact['email']\\\\}\"")
                if contact.get('first_name') and contact.get('last_name'):
                    f.write(f" -n \"\\\\{contact['first_name']\\\\} \\\\{contact['last_name']\\\\}\"")
                f.write("\n")

    f.write("\nworkspace\nhosts\nservices\nnotes\n")

print("Metasploit resource script created: metasploit_import.rc")
print(f"Run with: msfconsole -r metasploit_import.rc")

except Exception as e: print(f"Error: \\{e\\}") PYTHON_SCRIPT "$MSF_WORKSPACE" ```_

OSINT Framework Integration

```python

!/usr/bin/env python3

osint-framework-integration.py

import json import requests import subprocess from pathlib import Path

class OSINTFrameworkIntegration: def init(self, workspace): self.workspace = workspace self.results = \\{\\}

def export_recon_data(self):
    """Export data from Recon-ng workspace"""
    script_content = f"""

workspaces select \\{self.workspace\\} modules load reporting/json options set FILENAME osint_export.json run """

    with open('export_script.rc', 'w') as f:
        f.write(script_content)

    try:
        subprocess.run(['recon-ng', '-r', 'export_script.rc'], check=True)

        with open('osint_export.json', 'r') as f:
            self.results = json.load(f)

        return True
    except Exception as e:
        print(f"Error exporting data: \\\\{e\\\\}")
        return False

def run_additional_osint(self):
    """Run additional OSINT tools on discovered data"""
    if 'domains' in self.results:
        for domain_record in self.results['domains']:
            domain = domain_record.get('domain')
            if domain:
                print(f"Running additional OSINT for: \\\\{domain\\\\}")

                # Run theHarvester
                self.run_theharvester(domain)

                # Run Shodan lookup
                self.run_shodan_lookup(domain)

                # Run certificate transparency lookup
                self.run_crt_sh_lookup(domain)

def run_theharvester(self, domain):
    """Run theHarvester on domain"""
    try:
        cmd = ['theharvester', '-d', domain, '-l', '100', '-b', 'google,bing']
        result = subprocess.run(cmd, capture_output=True, text=True, timeout=300)

        if result.returncode == 0:
            # Parse theHarvester output
            output_file = f"theharvester_\\\\{domain.replace('.', '_')\\\\}.txt"
            with open(output_file, 'w') as f:
                f.write(result.stdout)
            print(f"theHarvester results saved: \\\\{output_file\\\\}")

    except Exception as e:
        print(f"Error running theHarvester for \\\\{domain\\\\}: \\\\{e\\\\}")

def run_shodan_lookup(self, domain):
    """Run Shodan lookup on domain"""
    try:
        # This would require Shodan API key
        # Placeholder for Shodan integration
        print(f"Shodan lookup for \\\\{domain\\\\} (requires API key)")
    except Exception as e:
        print(f"Error with Shodan lookup: \\\\{e\\\\}")

def run_crt_sh_lookup(self, domain):
    """Run certificate transparency lookup"""
    try:
        url = f"https://crt.sh/?q=\\\\{domain\\\\}&output;=json"
        response = requests.get(url, timeout=30)

        if response.status_code == 200:
            certs = response.json()
            output_file = f"crtsh_\\\\{domain.replace('.', '_')\\\\}.json"

            with open(output_file, 'w') as f:
                json.dump(certs, f, indent=2)

            print(f"Certificate transparency results saved: \\\\{output_file\\\\}")

    except Exception as e:
        print(f"Error with crt.sh lookup for \\\\{domain\\\\}: \\\\{e\\\\}")

def generate_comprehensive_report(self):
    """Generate comprehensive OSINT report"""
    report_file = f"comprehensive_osint_\\\\{self.workspace\\\\}.html"

    html_content = f"""
Comprehensive OSINT Report - \\\\{self.workspace\\\\}

Comprehensive OSINT Report

Workspace: \\\\{self.workspace\\\\}

Generated: \\\\{Path().cwd()\\\\}

Summary

  • Domains: \\\\{len(self.results.get('domains', []))\\\\}
  • Hosts: \\\\{len(self.results.get('hosts', []))\\\\}
  • Contacts: \\\\{len(self.results.get('contacts', []))\\\\}
  • Profiles: \\\\{len(self.results.get('profiles', []))\\\\}

Domains

""" for domain in self.results.get('domains', []): html_content += f""" """ html_content += """
DomainModule
\\\\{domain.get('domain', '')\\\\} \\\\{domain.get('module', '')\\\\}

Hosts

""" for host in self.results.get('hosts', []): html_content += f""" """ html_content += """
HostIP AddressRegionCountry
\\\\{host.get('host', '')\\\\} \\\\{host.get('ip_address', '')\\\\} \\\\{host.get('region', '')\\\\} \\\\{host.get('country', '')\\\\}

"""

    with open(report_file, 'w') as f:
        f.write(html_content)

    print(f"Comprehensive report generated: \\\\{report_file\\\\}")

def main(): import sys

if len(sys.argv) != 2:
    print("Usage: python3 osint-framework-integration.py <workspace>")
    sys.exit(1)

workspace = sys.argv[1]

integration = OSINTFrameworkIntegration(workspace)

if integration.export_recon_data():
    integration.run_additional_osint()
    integration.generate_comprehensive_report()
else:
    print("Failed to export Recon-ng data")

if name == "main": main() ```_

Best Practices

Methoden der Aufklärung

```text 1. Planning Phase: - Define scope and objectives - Identify target domains/organizations - Set up proper workspace organization - Configure API keys for enhanced data

  1. Passive Reconnaissance:

    • Start with DNS enumeration
    • Use certificate transparency logs
    • Gather contact information
    • Avoid direct target interaction

  2. Data Validation:

    • Cross-reference findings
    • Validate discovered hosts
    • Verify contact information
    • Check for false positives

  3. Documentation:

    • Maintain detailed workspace records
    • Generate comprehensive reports
    • Document methodology used
    • Preserve evidence chain ```_

Operationelle Sicherheit

```bash

!/bin/bash

recon-ng-opsec-checklist.sh

echo "Recon-ng OPSEC Checklist" echo "========================"

echo "1. Network Security:" echo " □ Use VPN or proxy" echo " □ Rotate IP addresses" echo " □ Monitor API rate limits" echo " □ Use different user agents"

echo -e "\n2. Data Security:" echo " □ Encrypt workspace databases" echo " □ Secure API key storage" echo " □ Use secure file permissions" echo " □ Regular backup procedures"

echo -e "\n3. Legal Compliance:" echo " □ Verify authorization scope" echo " □ Respect API terms of service" echo " □ Document all activities" echo " □ Follow local regulations"

echo -e "\n4. Technical Measures:" echo " □ Use isolated environment" echo " □ Monitor system resources" echo " □ Implement logging" echo " □ Regular tool updates" ```_

Fehlerbehebung

Gemeinsame Themen

```bash

Issue: Module not found

Solution: Reload modules

[recon-ng][workspace] > modules reload

Issue: API key errors

Check API key configuration

[recon-ng][workspace] > keys list

Issue: Database errors

Check database schema

[recon-ng][workspace] > db schema

Issue: No results from modules

Verify target data exists

[recon-ng][workspace] > show domains [recon-ng][workspace] > show hosts ```_

Debug Mode

```bash

Enable debug mode

recon-ng --debug

Check module dependencies

[recon-ng][workspace] > modules load [recon-ng][workspace][module] > info

Verify API connectivity

[recon-ng][workspace] > keys list ```_

Leistungsoptimierung

```bash

Use specific modules instead of running all

Implement delays for API rate limiting

Use workspace-specific configurations

Regular database maintenance

Clean up old workspaces

[recon-ng][workspace] > workspaces delete old_workspace

Optimize database queries

[recon-ng][workspace] > db query VACUUM ```_

Ressourcen

--

*Dieses Betrugsblatt bietet umfassende Anleitung für die Verwendung von Recon-ng für Web-Rekonaissance und OSINT-Aktivitäten. Stellen Sie immer eine ordnungsgemäße Genehmigung und rechtliche Einhaltung vor der Durchführung von Aufklärungsaktivitäten sicher. *