Saturday, August 12, 2017

econ-ng is a Open Source Reconnaissance framework written in Python. This SQLite database driven tool incorporates Python modules and API Keys to allows itself to be a conduit for many tools ranging from The Harvester to Metasploit. It is an awesome standalone reconnaissance tool in its own right. As a side note we all totally have a geeky nerd crush on LaNMaSterR53.

Getting Started
While most penetration testers will be running this out of Kali Linux the prerequisites (git and pip) may need to be installed before you start. Fortunately, this is easy on most linux flavors and requires just a few simple commands:
sudo apt-get update
sudo apt-get install git
sudo apt-get install python-pip python-dev build-essential
sudo pip install --upgrade pip
sudo pip install --upgrade virtualenv
Next clone Recon-ng from bitbucket (Figure 1). In this tutorial we clone to the Home directory but feel free to use whatever directory structure works for you.
git clone https://LaNMaSteR53@bitbucket.org/LaNMaSteR53/recon-ng.git
git install
Figure 1: git install
Next, change directory into the newly created recon-ng and list the contents (Figure 2).
cd recon-ng
ls
recon-ng contents
Figure 2: recon-ng contents
We will use the REQUIREMENTS file to finish installing the dependencies for recon-ng.
pip install -r REQUIREMENTS
At this point the installation is almost ready to use, we will go over a little bit of information now while you’re still paying attention and then get recon-ng running and the API keys loaded.
The installation of recon-ng also created a .recon-ng a hidden directory inside your home directory.  This directory is empty.  This is where your key.db and your workspaces will be created. After logging into recon-ng for the first time, a directory and the keys.db is entered in the hidden .recon-ng directory (Figure 3).
.recon-ng directory
Figure 3: .recon-ng directory
To run recon-ng, go to the folder where you ran the “git clone” command. This is where the magic happens.
cd recon-ng 
./recon-ng
Don’t worry if you get the “_api key not set error” (Figure 4).  We have not added any API keys yet.
Initial Start
Figure 4: Initial Start
From our screen, we can see that there are 76 Recon modules, 8 Reporting modules, 2 Import modules, 2 Exploitation modules, and 2 Discovery modules.  We are also using the “default” workspace. (Figure 5)
Recon-ng start screen
Figure 5: Recon-ng start screen
Close recon-ng and lets look at the modules and the underlying code. (Figure 6)
cd modules
cd recon
ls
Module Directory
Figure 6: Module Directory
If we go inside the module directory and inside a module, we can see the Python script that does all the magic. (Figure 7)
Module Content
Figure 7: Module Content
Adding API Keys
As I said in the introduction, this is a database driven tool.  Now it’s time to add information into the database.
The API keys are used by the modules to gather information for the SQLite database.  Some of the API keys are free but some can be expensive.  I will keep this tutorial to the free API keys that are available.
After going back into the recon-ng directory and typing “./recon-ng”, you will be inside the recon-ng console. (Figure 8)
keys list
Keys List
Figure 8: Keys List
The following command is an example of adding the shodan_api key. (Bottom of Figure 8, Look close it is there)
keys add shodan_api 
API Keys Signup URLs
Signing up for the API keys is the least fun and most time consuming part of the setup. Showing each signup would be lethally boring so here are the list of URLs. All links open in a new window because we are thoughtful like that.

No comments:

Man in the Rain