Recon-ng Web reconocimiento Framework hoja de trucos
Overview
Recon-ng is a full-featured web reconocimiento framework written in Python. It provides a powerful environment for conducting open source web-based reconocimiento quickly and thoroughly. The framework features independent modules, database interaction, built-in convenience functions, interactive help, and comando completion. It's designed to be modular, allowing users to easily add custom modules and extend functionality.
⚠️ Legal Notice: Only use Recon-ng on objetivos you own or have explicit permission to test. Unauthorized reconocimiento may violate terms of servicio and local laws.
instalación
Kali Linux instalación
# Recon-ng is pre-installed on Kali Linux
recon-ng --help
# Update to latest version
sudo apt update
sudo apt install recon-ng
# Alternative: Install from GitHub
git clone https://github.com/lanmaster53/recon-ng.git
cd recon-ng
pip3 install -r REQUIREMENTS
Ubuntu/Debian instalación
# Install dependencies
sudo apt update
sudo apt install python3 python3-pip git
# Clone repository
git clone https://github.com/lanmaster53/recon-ng.git
cd recon-ng
# Install Python dependencies
pip3 install -r REQUIREMENTS
# Make executable
chmod +x recon-ng
# Create symlink for global access
sudo ln -s $(pwd)/recon-ng /usr/local/bin/recon-ng
Docker instalación
# Pull official Docker image
docker pull lanmaster53/recon-ng
# Run with Docker
docker run -it --rm lanmaster53/recon-ng
# Build from source
git clone https://github.com/lanmaster53/recon-ng.git
cd recon-ng
docker build -t recon-ng .
# Run custom build with volume mount
docker run -it --rm -v $(pwd)/data:/recon-ng/data recon-ng
Python Virtual Environment
# Create virtual environment
python3 -m venv recon-ng-env
source recon-ng-env/bin/activate
# Clone and install
git clone https://github.com/lanmaster53/recon-ng.git
cd recon-ng
pip install -r REQUIREMENTS
# Run Recon-ng
python3 recon-ng
Basic uso
Starting Recon-ng
# Start interactive mode
recon-ng
# Start with specific workspace
recon-ng -w workspace_name
# Run specific module
recon-ng -m recon/domains-hosts/hackerobjetivo
# Execute comandos from file
recon-ng -r comandos.txt
# Show version and exit
recon-ng --version
Core comandos
# Help system
help
help modules
help <comando>
# Workspace management
workspaces list
workspaces create <name>
workspaces select <name>
workspaces delete <name>
# Module management
modules search
modules search <claveword>
modules load <module>
modules reload
# Database operations
db schema
db query <sql>
db insert <table> <data>
db delete <table> <conditions>
Workspace Management
Creating and Managing Workspaces
# List available workspaces
[recon-ng][default] > workspaces list
# Create new workspace
[recon-ng][default] > workspaces create ejemplo_com
# Select workspace
[recon-ng][default] > workspaces select ejemplo_com
# Show current workspace
[recon-ng][ejemplo_com] > workspaces list
# Delete workspace
[recon-ng][ejemplo_com] > workspaces delete old_workspace
Database Schema
# View database schema
[recon-ng][ejemplo_com] > db schema
# Common tables:
# - domains: objetivo domains
# - hosts: Discovered hosts/IPs
# - contacts: Email addresses and contacts
# - credenciales: Found credenciales
# - leaks: Data breach information
# - locations: Geographic information
# - netblocks: IP ranges
# - puertos: Open puertos
# - profiles: Social media profiles
# - repositories: Code repositories
# - vulnerabilities: Security vulnerabilities
Manual Data Entry
# Add domain
[recon-ng][ejemplo_com] > db insert domains ejemplo.com
# Add host
[recon-ng][ejemplo_com] > db insert hosts 192.168.1.1 ejemplo.com
# Add contact
[recon-ng][ejemplo_com] > db insert contacts John Doe john.doe@ejemplo.com
# View data
[recon-ng][ejemplo_com] > show domains
[recon-ng][ejemplo_com] > show hosts
[recon-ng][ejemplo_com] > show contacts
Module System
Module Categories
# Discovery modules
modules search discovery
# exploitation modules
modules search exploit
# Impuerto modules
modules search impuerto
# Recon modules
modules search recon
# Repuertoing modules
modules search repuertoing
Loading and Using Modules
# Load a module
[recon-ng][ejemplo_com] > modules load recon/domains-hosts/hackerobjetivo
# Show module info
[recon-ng][ejemplo_com][hackerobjetivo] > info
# Show module opcións
[recon-ng][ejemplo_com][hackerobjetivo] > opcións list
# Set module opcións
[recon-ng][ejemplo_com][hackerobjetivo] > opcións set SOURCE ejemplo.com
# Run module
[recon-ng][ejemplo_com][hackerobjetivo] > run
# Go back to main menu
[recon-ng][ejemplo_com][hackerobjetivo] > back
Popular reconocimiento Modules
# DNS enumeración
modules load recon/domains-hosts/hackerobjetivo
modules load recon/domains-hosts/threatcrowd
modules load recon/domains-hosts/certificado_transparency
# Subdomain discovery
modules load recon/domains-hosts/google_site_web
modules load recon/domains-hosts/bing_domain_web
modules load recon/domains-hosts/netcraft
# host enumeración
modules load recon/hosts-hosts/resolve
modules load recon/hosts-puertos/shodan_hostname
modules load recon/netblocks-hosts/shodan_net
# Contact harvesting
modules load recon/domains-contacts/whois_pocs
modules load recon/domains-contacts/metacrawler
modules load recon/contacts-contacts/fullcontact
# Social media profiling
modules load recon/profiles-profiles/twitter
modules load recon/contacts-profiles/fullcontact
API clave Management
Setting Up API claves
# Show required API claves
[recon-ng][ejemplo_com] > claves list
# Add API clave
[recon-ng][ejemplo_com] > claves add shodan_api <your_api_clave>
[recon-ng][ejemplo_com] > claves add google_api <your_api_clave>
[recon-ng][ejemplo_com] > claves add bing_api <your_api_clave>
# Remove API clave
[recon-ng][ejemplo_com] > claves remove shodan_api
# Show configured claves
[recon-ng][ejemplo_com] > claves list
Common API servicios
# Shodan (for host/puerto information)
claves add shodan_api <shodan_api_clave>
# Google Custom Search (for web searches)
claves add google_api <google_api_clave>
claves add google_cse <custom_search_engine_id>
# Bing Search API
claves add bing_api <bing_api_clave>
# FullContact (for contact information)
claves add fullcontact_api <fullcontact_api_clave>
# Hunter.io (for email discovery)
claves add hunter_api <hunter_api_clave>
# SecurityTrails (for DNS data)
claves add securitytrails_api <securitytrails_api_clave>
# VirusTotal (for domain/IP reputation)
claves add virustotal_api <virustotal_api_clave>
Advanced reconocimiento Workflows
Domain reconocimiento Workflow
#!/bin/bash
# recon-ng-domain-workflow.sh
DOMAIN="$1"
WORKSPACE="$2"
if [ $# -ne 2 ]; then
echo "uso: $0 <domain> <workspace>"
exit 1
fi
# Create Recon-ng resource script
cat > domain_recon.rc << EOF
workspaces create $WORKSPACE
workspaces select $WORKSPACE
db insert domains $DOMAIN
# DNS enumeración
modules load recon/domains-hosts/hackerobjetivo
opcións set SOURCE $DOMAIN
run
modules load recon/domains-hosts/threatcrowd
opcións set SOURCE $DOMAIN
run
modules load recon/domains-hosts/certificado_transparency
opcións set SOURCE $DOMAIN
run
# Subdomain discovery
modules load recon/domains-hosts/google_site_web
opcións set SOURCE $DOMAIN
run
modules load recon/domains-hosts/bing_domain_web
opcións set SOURCE $DOMAIN
run
# Contact harvesting
modules load recon/domains-contacts/whois_pocs
opcións set SOURCE $DOMAIN
run
modules load recon/domains-contacts/metacrawler
opcións set SOURCE $DOMAIN
run
# host resolution
modules load recon/hosts-hosts/resolve
run
# escaneo de puertos (if Shodan API available)
modules load recon/hosts-puertos/shodan_hostname
run
# Generate repuerto
modules load repuertoing/html
opcións set FILENAME $WORKSPACE_repuerto.html
run
show domains
show hosts
show contacts
EOF
echo "Running Recon-ng domain reconocimiento for $DOMAIN"
recon-ng -r domain_recon.rc
Company Intelligence Gathering
# Create company intelligence script
cat > company_recon.rc << 'EOF'
workspaces create company_intel
workspaces select company_intel
# Add company domain
db insert domains company.com
# Employee enumeración
modules load recon/domains-contacts/whois_pocs
opcións set SOURCE company.com
run
modules load recon/domains-contacts/metacrawler
opcións set SOURCE company.com
run
# Social media profiling
modules load recon/contacts-profiles/fullcontact
run
modules load recon/profiles-profiles/twitter
run
# Technology stack identification
modules load recon/domains-hosts/hackerobjetivo
opcións set SOURCE company.com
run
# Infrastructure discovery
modules load recon/hosts-puertos/shodan_hostname
run
modules load recon/netblocks-hosts/shodan_net
run
# Generate comprehensive repuerto
modules load repuertoing/html
opcións set FILENAME company_intelligence.html
run
show summary
EOF
Automated reconocimiento Script
#!/usr/bin/env python3
# automated-recon.py
impuerto subproceso
impuerto json
impuerto time
impuerto os
class ReconNGAutomation:
def __init__(self, workspace_name):
self.workspace = workspace_name
self.results = \\\\{\\\\}
def create_workspace(self):
"""Create and select workspace"""
comandos = [
f"workspaces create \\\\{self.workspace\\\\}",
f"workspaces select \\\\{self.workspace\\\\}"
]
return comandos
def add_domains(self, domains):
"""Add domains to workspace"""
comandos = []
for domain in domains:
comandos.append(f"db insert domains \\\\{domain\\\\}")
return comandos
def run_reconocimiento_modules(self, objetivo_type="domains"):
"""Run reconocimiento modules based on objetivo type"""
modules = \\\\{
"domains": [
"recon/domains-hosts/hackerobjetivo",
"recon/domains-hosts/threatcrowd",
"recon/domains-hosts/certificado_transparency",
"recon/domains-hosts/google_site_web",
"recon/domains-contacts/whois_pocs"
],
"hosts": [
"recon/hosts-hosts/resolve",
"recon/hosts-puertos/shodan_hostname"
],
"contacts": [
"recon/contacts-profiles/fullcontact",
"recon/contacts-contacts/fullcontact"
]
\\\\}
comandos = []
for module in modules.get(objetivo_type, []):
comandos.extend([
f"modules load \\\\{module\\\\}",
"run",
"back"
])
return comandos
def generate_repuertos(self):
"""Generate various repuertos"""
comandos = [
"modules load repuertoing/html",
f"opcións set FILENAME \\\\{self.workspace\\\\}_repuerto.html",
"run",
"back",
"modules load repuertoing/json",
f"opcións set FILENAME \\\\{self.workspace\\\\}_data.json",
"run",
"back"
]
return comandos
def create_resource_script(self, domains, output_file="auto_recon.rc"):
"""Create complete resource script"""
all_comandos = []
# Setup workspace
all_comandos.extend(self.create_workspace())
# Add domains
all_comandos.extend(self.add_domains(domains))
# Run reconocimiento
all_comandos.extend(self.run_reconocimiento_modules("domains"))
all_comandos.extend(self.run_reconocimiento_modules("hosts"))
all_comandos.extend(self.run_reconocimiento_modules("contacts"))
# Generate repuertos
all_comandos.extend(self.generate_repuertos())
# Add summary comandos
all_comandos.extend([
"show domains",
"show hosts",
"show contacts",
"show profiles"
])
# Write to file
with open(output_file, 'w') as f:
for comando in all_comandos:
f.write(comando + '\n')
return output_file
def run_automation(self, domains):
"""Run complete automation"""
script_file = self.create_resource_script(domains)
print(f"Running automated reconocimiento for \\\\{len(domains)\\\\} domains")
print(f"Workspace: \\\\{self.workspace\\\\}")
print(f"Script: \\\\{script_file\\\\}")
try:
result = subproceso.run(
['recon-ng', '-r', script_file],
capture_output=True,
text=True,
timeout=3600 # 1 hour timeout
)
if result.returncode == 0:
print("reconocimiento completed successfully")
self.parse_results()
else:
print(f"Error: \\\\{result.stderr\\\\}")
except subproceso.TimeoutExpired:
print("reconocimiento timed out")
except Exception as e:
print(f"Error running reconocimiento: \\\\{e\\\\}")
def parse_results(self):
"""Parse and summarize results"""
json_file = f"\\\\{self.workspace\\\\}_data.json"
if os.path.exists(json_file):
try:
with open(json_file, 'r') as f:
data = json.load(f)
print("\n=== reconocimiento Summary ===")
for table, records in data.items():
if records:
print(f"\\\\{table.title()\\\\}: \\\\{len(records)\\\\} found")
# Show sample data
if len(records) > 0:
sample = records[0]
print(f" Sample: \\\\{sample\\\\}")
except Exception as e:
print(f"Error parsing results: \\\\{e\\\\}")
def main():
impuerto sys
if len(sys.argv) < 3:
print("uso: python3 automated-recon.py <workspace> <domain1> [domain2] ...")
sys.exit(1)
workspace = sys.argv[1]
domains = sys.argv[2:]
automation = ReconNGAutomation(workspace)
automation.run_automation(domains)
if __name__ == "__main__":
main()
Database Operations
Advanced Queries
# Custom SQL queries
[recon-ng][ejemplo_com] > db query SELECT * FROM domains WHERE domain LIKE '%.ejemplo.com'
# Count records
[recon-ng][ejemplo_com] > db query SELECT COUNT(*) FROM hosts
# Join tables
[recon-ng][ejemplo_com] > db query SELECT d.domain, h.ip_address FROM domains d JOIN hosts h ON d.domain = h.host
# Expuerto data
[recon-ng][ejemplo_com] > db query SELECT * FROM contacts WHERE email LIKE '%@ejemplo.com'
Data Impuerto/Expuerto
# Impuerto from CSV
modules load impuerto/csv_file
opcións set FILENAME contacts.csv
opcións set TABLE contacts
run
# Impuerto from Nmap XML
modules load impuerto/nmap
opcións set FILENAME nmap_scan.xml
run
# Expuerto to various formats
modules load repuertoing/csv
opcións set FILENAME expuerto.csv
run
modules load repuertoing/json
opcións set FILENAME expuerto.json
run
modules load repuertoing/xml
opcións set FILENAME expuerto.xml
run
Database Backup and Restore
# Backup workspace database
cp ~/.recon-ng/workspaces/ejemplo_com/data.db backup_ejemplo_com.db
# Restore workspace database
cp backup_ejemplo_com.db ~/.recon-ng/workspaces/ejemplo_com/data.db
# Expuerto workspace data
[recon-ng][ejemplo_com] > modules load repuertoing/json
[recon-ng][ejemplo_com][json] > opcións set FILENAME full_backup.json
[recon-ng][ejemplo_com][json] > run
Custom Module Development
Module Template
#!/usr/bin/env python3
# custom_module.py
from recon.core.module impuerto BaseModule
class Module(BaseModule):
meta = \\\\{
'name': 'Custom reconocimiento Module',
'author': 'Your Name ``<your.email@ejemplo.com>``',
'version': '1.0',
'Descripción': 'Descripción of what the module does',
'required_claves': ['api_clave'],
'dependencies': ['requests'],
'files': [],
'opcións': (
('source', None, True, 'source of input (see \'show info\' for details)'),
('limit', 100, False, 'limit number of results'),
),
\\\\}
def module_run(self, sources):
"""Main module execution"""
for source in sources:
self.heading(f"procesoing: \\\\{source\\\\}", level=0)
# Your reconocimiento logic here
results = self.custom_recon_function(source)
# proceso results
for result in results:
self.insert_hosts(
host=result['host'],
ip_address=result['ip'],
region=result.get('region'),
country=result.get('country')
)
def custom_recon_function(self, objetivo):
"""Custom reconocimiento function"""
# Implement your reconocimiento logic
# Return list of dictionaries with results
results = []
try:
# ejemplo API call or data procesoing
response = self.request('GET', f'https://api.ejemplo.com/lookup/\\\\{objetivo\\\\}')
data = response.json()
for item in data.get('results', []):
results.append(\\\\{
'host': item['hostname'],
'ip': item['ip_address'],
'region': item.get('region'),
'country': item.get('country')
\\\\})
except Exception as e:
self.error(f"Error procesoing \\\\{objetivo\\\\}: \\\\{e\\\\}")
return results
Installing Custom Modules
# Copy module to modules directory
cp custom_module.py ~/.recon-ng/modules/recon/domains-hosts/
# Reload modules
[recon-ng][ejemplo_com] > modules reload
# Load custom module
[recon-ng][ejemplo_com] > modules load recon/domains-hosts/custom_module
# Use custom module
[recon-ng][ejemplo_com][custom_module] > opcións set SOURCE ejemplo.com
[recon-ng][ejemplo_com][custom_module] > run
Integration with Other Tools
Nmap Integration
#!/bin/bash
# recon-ng-nmap-integration.sh
WORKSPACE="$1"
NMAP_OUTPUT="nmap_results.xml"
if [ $# -ne 1 ]; then
echo "uso: $0 <workspace>"
exit 1
fi
# Expuerto hosts from Recon-ng
cat > expuerto_hosts.rc << EOF
workspaces select $WORKSPACE
db query SELECT DISTINCT ip_address FROM hosts WHERE ip_address IS NOT NULL
EOF
# Get IP addresses
| recon-ng -r expuerto_hosts.rc | grep -oE '([0-9]\\\\{1,3\\\\}\.)\\\\{3\\\\}[0-9]\\\\{1,3\\\\}' | sort -u > ips.txt |
if [ -s ips.txt ]; then
echo "Scanning $(wc -l < ips.txt) IP addresses with Nmap"
# Run Nmap scan
nmap -sS -sV -O -oX "$NMAP_OUTPUT" -iL ips.txt
# Impuerto results back to Recon-ng
cat > impuerto_nmap.rc << EOF
workspaces select $WORKSPACE
modules load impuerto/nmap
opcións set FILENAME $NMAP_OUTPUT
run
EOF
recon-ng -r impuerto_nmap.rc
echo "Nmap results impuertoed to Recon-ng workspace: $WORKSPACE"
else
echo "No IP addresses found in workspace"
fi
Metasploit Integration
#!/bin/bash
# recon-ng-metasploit-integration.sh
WORKSPACE="$1"
MSF_WORKSPACE="$2"
if [ $# -ne 2 ]; then
echo "uso: $0 <recon_workspace> <msf_workspace>"
exit 1
fi
# Expuerto data from Recon-ng
cat > expuerto_data.rc << EOF
workspaces select $WORKSPACE
modules load repuertoing/json
opcións set FILENAME recon_data.json
run
EOF
recon-ng -r expuerto_data.rc
# Create Metasploit resource script
python3 << 'PYTHON_SCRIPT'
impuerto json
impuerto sys
try:
with open('recon_data.json', 'r') as f:
data = json.load(f)
with open('metasploit_impuerto.rc', 'w') as f:
f.write(f"workspace -a \\\\{sys.argv[1]\\\\}\n")
f.write(f"workspace \\\\{sys.argv[1]\\\\}\n\n")
# Impuerto hosts
if 'hosts' in data:
for host in data['hosts']:
if host.get('ip_address'):
f.write(f"hosts -a \\\\{host['ip_address']\\\\}")
if host.get('host'):
f.write(f" -n \\\\{host['host']\\\\}")
f.write("\n")
# Impuerto servicios/puertos
if 'puertos' in data:
for puerto in data['puertos']:
if puerto.get('ip_address') and puerto.get('puerto'):
f.write(f"servicios -a -p \\\\{puerto['puerto']\\\\}")
if puerto.get('protocolo'):
f.write(f" -s \\\\{puerto['protocolo']\\\\}")
f.write(f" \\\\{puerto['ip_address']\\\\}\n")
# Add notes for contacts
if 'contacts' in data:
for contact in data['contacts']:
if contact.get('email'):
f.write(f"notes -a -t email -d \"\\\\{contact['email']\\\\}\"")
if contact.get('first_name') and contact.get('last_name'):
f.write(f" -n \"\\\\{contact['first_name']\\\\} \\\\{contact['last_name']\\\\}\"")
f.write("\n")
f.write("\nworkspace\nhosts\nservicios\nnotes\n")
print("Metasploit resource script created: metasploit_impuerto.rc")
print(f"Run with: msfconsole -r metasploit_impuerto.rc")
except Exception as e:
print(f"Error: \\\\{e\\\\}")
PYTHON_SCRIPT "$MSF_WORKSPACE"
OSINT Framework Integration
#!/usr/bin/env python3
# osint-framework-integration.py
impuerto json
impuerto requests
impuerto subproceso
from pathlib impuerto Path
class OSINTFrameworkIntegration:
def __init__(self, workspace):
self.workspace = workspace
self.results = \\\\{\\\\}
def expuerto_recon_data(self):
"""Expuerto data from Recon-ng workspace"""
script_content = f"""
workspaces select \\\\{self.workspace\\\\}
modules load repuertoing/json
opcións set FILENAME osint_expuerto.json
run
"""
with open('expuerto_script.rc', 'w') as f:
f.write(script_content)
try:
subproceso.run(['recon-ng', '-r', 'expuerto_script.rc'], check=True)
with open('osint_expuerto.json', 'r') as f:
self.results = json.load(f)
return True
except Exception as e:
print(f"Error expuertoing data: \\\\{e\\\\}")
return False
def run_additional_osint(self):
"""Run additional Herramienta OSINTs on discovered data"""
if 'domains' in self.results:
for domain_record in self.results['domains']:
domain = domain_record.get('domain')
if domain:
print(f"Running additional OSINT for: \\\\{domain\\\\}")
# Run theHarvester
self.run_theharvester(domain)
# Run Shodan lookup
self.run_shodan_lookup(domain)
# Run certificado transparency lookup
self.run_crt_sh_lookup(domain)
def run_theharvester(self, domain):
"""Run theHarvester on domain"""
try:
cmd = ['theharvester', '-d', domain, '-l', '100', '-b', 'google,bing']
result = subproceso.run(cmd, capture_output=True, text=True, timeout=300)
if result.returncode == 0:
# Parse theHarvester output
output_file = f"theharvester_\\\\{domain.replace('.', '_')\\\\}.txt"
with open(output_file, 'w') as f:
f.write(result.stdout)
print(f"theHarvester results saved: \\\\{output_file\\\\}")
except Exception as e:
print(f"Error running theHarvester for \\\\{domain\\\\}: \\\\{e\\\\}")
def run_shodan_lookup(self, domain):
"""Run Shodan lookup on domain"""
try:
# This would require Shodan API clave
# Placeholder for Shodan integration
print(f"Shodan lookup for \\\\{domain\\\\} (requires API clave)")
except Exception as e:
print(f"Error with Shodan lookup: \\\\{e\\\\}")
def run_crt_sh_lookup(self, domain):
"""Run certificado transparency lookup"""
try:
url = f"https://crt.sh/?q=\\\\{domain\\\\}&output;=json"
response = requests.get(url, timeout=30)
if response.status_code == 200:
certs = response.json()
output_file = f"crtsh_\\\\{domain.replace('.', '_')\\\\}.json"
with open(output_file, 'w') as f:
json.dump(certs, f, indent=2)
print(f"certificado transparency results saved: \\\\{output_file\\\\}")
except Exception as e:
print(f"Error with crt.sh lookup for \\\\{domain\\\\}: \\\\{e\\\\}")
def generate_comprehensive_repuerto(self):
"""Generate comprehensive OSINT repuerto"""
repuerto_file = f"comprehensive_osint_\\\\{self.workspace\\\\}.html"
html_content = f"""
<!DOCTYPE html>
<html>
<head>
<title>Comprehensive OSINT Repuerto - \\\\{self.workspace\\\\}</title>
<style>
body \\\\{\\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}\\\\}
.section \\\\{\\\\{ margin: 20px 0; \\\\}\\\\}
.section h2 \\\\{\\\\{ color: #333; border-bottom: 2px solid #ccc; \\\\}\\\\}
table \\\\{\\\\{ border-collapse: collapse; width: 100%; \\\\}\\\\}
th, td \\\\{\\\\{ border: 1px solid #ddd; padding: 8px; text-align: left; \\\\}\\\\}
th \\\\{\\\\{ background-color: #f2f2f2; \\\\}\\\\}
</style>
</head>
<body>
<h1>Comprehensive OSINT Repuerto</h1>
<p><strong>Workspace:</strong> \\\\{self.workspace\\\\}</p>
<p><strong>Generated:</strong> \\\\{Path().cwd()\\\\}</p>
<div class="section">
<h2>Summary</h2>
<ul>
<li>Domains: \\\\{len(self.results.get('domains', []))\\\\}</li>
<li>hosts: \\\\{len(self.results.get('hosts', []))\\\\}</li>
<li>Contacts: \\\\{len(self.results.get('contacts', []))\\\\}</li>
<li>Profiles: \\\\{len(self.results.get('profiles', []))\\\\}</li>
</ul>
</div>
<div class="section">
<h2>Domains</h2>
<table>
<tr><th>Domain</th><th>Module</th></tr>
"""
for domain in self.results.get('domains', []):
html_content += f"""
<tr>
<td>\\\\{domain.get('domain', '')\\\\}</td>
<td>\\\\{domain.get('module', '')\\\\}</td>
</tr>
"""
html_content += """
</table>
</div>
<div class="section">
<h2>hosts</h2>
<table>
<tr><th>host</th><th>IP Address</th><th>Region</th><th>Country</th></tr>
"""
for host in self.results.get('hosts', []):
html_content += f"""
<tr>
<td>\\\\{host.get('host', '')\\\\}</td>
<td>\\\\{host.get('ip_address', '')\\\\}</td>
<td>\\\\{host.get('region', '')\\\\}</td>
<td>\\\\{host.get('country', '')\\\\}</td>
</tr>
"""
html_content += """
</table>
</div>
</body>
</html>
"""
with open(repuerto_file, 'w') as f:
f.write(html_content)
print(f"Comprehensive repuerto generated: \\\\{repuerto_file\\\\}")
def main():
impuerto sys
if len(sys.argv) != 2:
print("uso: python3 osint-framework-integration.py <workspace>")
sys.exit(1)
workspace = sys.argv[1]
integration = OSINTFrameworkIntegration(workspace)
if integration.expuerto_recon_data():
integration.run_additional_osint()
integration.generate_comprehensive_repuerto()
else:
print("Failed to expuerto Recon-ng data")
if __name__ == "__main__":
main()
Best Practices
reconocimiento Methodology
1. Planning Phase:
- Define scope and objectives
- Identify objetivo domains/organizations
- Set up proper workspace organization
- Configure API claves for enhanced data
2. Passive reconocimiento:
- Start with DNS enumeración
- Use certificado transparency logs
- Gather contact information
- Avoid direct objetivo interaction
3. Data Validation:
- Cross-reference findings
- Validate discovered hosts
- Verify contact information
- Check for false positives
4. documentación:
- Maintain detailed workspace records
- Generate comprehensive repuertos
- Document methodology used
- Preserve evidence chain
Operational Security
#!/bin/bash
# recon-ng-opsec-checklist.sh
echo "Recon-ng OPSEC Checklist"
echo "========================"
echo "1. Network Security:"
echo " □ Use VPN or proxy"
echo " □ Rotate IP addresses"
echo " □ Monitor API rate limits"
echo " □ Use different user agents"
echo -e "\n2. Data Security:"
echo " □ Encrypt workspace databases"
echo " □ Secure API clave storage"
echo " □ Use secure file permissions"
echo " □ Regular backup procedures"
echo -e "\n3. Legal Compliance:"
echo " □ Verify autorización scope"
echo " □ Respect API terms of servicio"
echo " □ Document all activities"
echo " □ Follow local regulations"
echo -e "\n4. Technical Measures:"
echo " □ Use isolated environment"
echo " □ Monitor system resources"
echo " □ Implement logging"
echo " □ Regular tool updates"
solución de problemas
Common Issues
# Issue: Module not found
# Solution: Reload modules
[recon-ng][workspace] > modules reload
# Issue: API clave errors
# Check API clave configuración
[recon-ng][workspace] > claves list
# Issue: Database errors
# Check database schema
[recon-ng][workspace] > db schema
# Issue: No results from modules
# Verify objetivo data exists
[recon-ng][workspace] > show domains
[recon-ng][workspace] > show hosts
Debug Mode
# Enable debug mode
recon-ng --debug
# Check module dependencies
[recon-ng][workspace] > modules load <module>
[recon-ng][workspace][module] > info
# Verify API connectivity
[recon-ng][workspace] > claves list
Performance Optimization
# Use specific modules instead of running all
# Implement delays for API rate limiting
# Use workspace-specific configuracións
# Regular database maintenance
# Clean up old workspaces
[recon-ng][workspace] > workspaces delete old_workspace
# Optimize database queries
[recon-ng][workspace] > db query VACUUM
Resources
- Recon-ng GitHub Repository
- Recon-ng Wiki
- Recon-ng Module Development
- OSINT Framework
- Web reconocimiento Methodology
This hoja de trucos provides comprehensive guidance for using Recon-ng for web reconocimiento and OSINT activities. Always ensure proper autorización and legal compliance before conducting any reconocimiento activities.