Reconnaissance Frameworks

Recon-ng is a full-featured Web Reconnaissance framework written in Python. It has a similar interface to Metasploit, making it intuitive to those familiar with the Metasploit framework. Recon-ng is modular and has a variety of modules that can perform a multitude of reconnaissance tasks. It’s great for gathering data from open-source resources and integrates with various third-party services and APIs.

Key Features:

• Extensive module library for different reconnaissance tasks.

• Interactive shell for running and chaining modules.

• Ability to export findings in various formats.

Resources:

• GitHub Link to Recon-NG.

• Recon-ng: An Open Source Reconnaissance Tool

• Recon-NG Tutorial

• Check out the playlist below for a deep dive (it's free)

Maltego is an interactive data mining tool that renders directed graphs for link analysis. It's an incredibly powerful tool for exploring relationships and networks between information and entities on the internet, such as people, companies, organizations, websites, domains, network infrastructure, and social network connections.

Key Features:

• Visual link analysis and interactive graphs.

• Integration with a wide range of data sources.

• Transformations for automating the mining and display of information.

Resource:

• Maltego Main Site

• Maltego | Kali Linux Tools

• How to Use Maltego: A Beginner’s Guide to OSINT Analysis

SpiderFoot is an open-source intelligence automation tool (OSINT). It automates the process of gathering intelligence on a given target, whether that target is a domain name, hostname, IP address, or network subnet. SpiderFoot can query over 100 different public data sources and is available both as a web-based service and as a standalone scriptable Python-based software.

Key Features:

• Extensive data source integration for thorough reconnaissance.

• Automation of OSINT collection on multiple targets.

• Results can be exported in various formats and visualized graphically.

Resources:

• SpiderFoot – A Automate OSINT Framework in Kali Linux

• SpiderFoot GitHub

Description: theHarvester is a tool designed for open source intelligence (OSINT) and reconnaissance, particularly useful for early stages of a penetration test. It's designed to gather information about emails, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines and PGP key databases.

Key Features:

• Simple command-line interface.

• Quick enumeration of emails, subdomains, and hosts.

• Supports various search engines and sources for data collection.

Resources:

• GitHub Repo

• FootPrinting/Reconnaissance using tools the harvester

• OSINT analysis — SpiderFoot & theharvester (Information Gathering)

• To gather emails and subdomains from a particular domain, you might use theHarvester -d targetdomain.com -b google.

Shodan is not a framework but a search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Although it’s a standalone service, it’s often used within reconnaissance frameworks or in the reconnaissance phase to find devices, servers, and even IoT devices that are publicly accessible on the internet.

Key Features:

• Finds devices connected to the internet.

• Can filter by device type, country, port, operating system, and more.

• Offers powerful API integration for custom tools and scripts.

Resources:

• Main site

• What Is Shodan? How to Use It & How to Stay Protected [2024]