hey everyone welcome to afs hackers my name is afshan and i'm super excited to share that i am going to start the series of penetration testing tools on this channel in this series we are going to cover the tools used in penetration testing and will also cover the information gathering tools as well so the first tool that we are going to learn is recon ng recon ng is a passive reconnaissance tool uh reconnaissance simply means the information gathering uh like you are collecting or gathering information about your target is called reconnaissance okay so there are two types of reconnaissance the first one is active reconnaissance second one is passive reconnaissance in active recon we have to engage with the target system or network for example if you are conducting the port scan to find out the open ports that count as an active recon whereas in passive recon we are not actively engaging with the target system or network we just gather the freely available data so in a nutshell recon ng is a framework written in python it comes with powerful environment where we can conduct open source web-based reconnaissance quickly and thoroughly it is incorporated with independent modules database interaction functions and interactive help recon ng's interface is very similar to metasploit framework so if you don't know what metasploit is we will cover in our upcoming videos it is a very great framework actually so this is all about the recon ng now let's get into the practical details so so here is my kali machine let me open my terminal okay okay write the sudo pseudo seo for root privileges okay great the recon ng is preinstalled in kali linux so we don't have to install it separately so let's write recon and g okay okay recon ng black hills infosec.com so it isn't sponsored by the black hills impossible.com is there okay no modules enabled or installed so if you are using the recon ng for the first time by default no modules are installed or enabled so you need to install them prior to using the recon ng tool so before that let's just write the help okay so the command we have to okay the command is type help or we can use the question mark for the help menu you you guys can also use the question mark for help menu and the topic is specify the topic so we have back command that is exits the current context dashboard display a summary of activities db command we will use db command db interfaces with the workspaces database exit command is there to exit from the framework help command display this menu okay next one is index that's create a modules index this is for developer only okay there are there is also a command called keys to manage is third party resources credential like uh if you are you know if you are using so you have to import your keys like showdown key so this is this facility is also there this command that is marketplace interfaces with the modules marketplace we will see how to use this marketplace command the next one is modules interfaces with the installed modules okay currently we don't have any modules installed so the option command is also there manages the current context options okay pdb that is start a python debugger session this is also for developer as you guys can see develop dev only we have script command as well that is records and executes command scripts we'll also have shell command that executes shell show shows various framework items okay snapshot command is also there manages workspace snapshots we will see what workspace is next is pool spools output to a file okay last one is workspaces like manages workspace mana workspace is like your folder as i've already said by default no modules are installed uh in recon ng so let's start installing some modules and let me clear the screen okay we'll use this command that is market place we have seen this command marketplace installed all i want all modules so i am using this command that is market marketplace install all okay it will take some time some modules may not get installed when you run the command that is marketplace install all uh you need to install them separately for installing modules it will take maybe two to one minute don't worry about these errors we have to install these modules separately okay google api twitter api okay so we don't have to worry about anything like as you guys can see showdown ip modules will likely fail at runtime so we have to install these modules separately okay let me clear the screen okay so now let's create the workspace it is always a good practice to create a workspace before you start your reconnaissance process or information gathering process so let's write workspaces yeah workspaces help okay so this is the usage that is workspaces we can create the workspace we can list the workspaces we can load the workspace we can remove the workspace workspace is like a folder and like yeah it is like a folder let's create workspaces create okay car lover okay i love cars by the way okay don't worry about these errors as you guys can see the workspace is changed before that it is a default workspace let me show you the default workspace is selected now we have created the card lover workspace so we are in the car lover workspace okay let me just clear the screen now let's list the don't forget s huh this is not workspace it is workspaces okay make sure you are writing s as you guys can see we have two workspaces the first one is car lover the second one is default so if you are a car lover then comment below tell me what is your favorite car uh okay so the reason behind the errors that we are getting is that we haven't configured the api keys in to some modules but it is okay it is optional so don't worry about those errors now let's use the db command db help db interfaces with the workspace database okay so the db modules allow us to insert delete query and view the schema of the database tables now let's see the db schema okay db schema okay so we have this repositories table we have profiles table the username resource url category nodes modules okay push pins table is also there leaks table is there credentials these are the tables guys contacts table is also there host table is there ports for liabilities location net blocks companies like we can gather companies detail as well and the domains okay domain names sorry domain table is also there let me just clear the screen so we can add names of our target domains or company to the tables using the following insert command let's say our target is tesla let me write it first db insert like as you guys can see when we write db help so we have this insert option okay we we can insert the data they be insert in in what table domains table okay we are going to insert uh the domain in this domain table okay make sure you're writing s that is domains let's hit enter okay uh i'm gonna use tesla.com tesla.com okay tesla.com notes is for learning purpose we are doing this learning purpose okay tesla.com is our domain and notes in notes i am just saying for learning purpose let me write only here okay let's hit enter okay as you guys can see one row is affected now to view any of the table contents we'll use the show command show help let's see though this is the command okay so we are going to use the show help shows various framework items show companies contacts credentials domains host leaks location as you guys can see that we have push pins repositories vulnerabilities like these are the tables right so let's show the table that is domains okay we are we are viewing the content of the table that is domains okay okay as you guys can see we have row id1 tesla.com for learning purpose only okay okay i'm sorry let me clear the screen show domains now it's time for using the domains to perform the actual reconnaissance or information gathering process we'll use the command called module and first let's write help so we can load the modules we can reload the module or we can search the module okay now we have installed all the modules right from the from the marketplace uh installed all command now let's see now let's search the modules don't forget s module search hack okay as you guys can see we have found this one module that is recon it is categorized as recon and this is the location of this module that is hacker target okay we are going to see hacker target to gather information about this tesla.com this is our domain now let's load the module modules load we have to paste this location we have to paste this path hit enter we are in this hacker target workspace and if you want the more detail of this module you can use the following command that is info okay hacker target lookup uses the hackertarget.com api to find host names update the host table with the results okay so we have four source options the first one is default uh select distinct domain from domains where domain is not null we have string options are available string representing a single input we can also provide the path of the file and sql query option is also the database query returning on columns of input options are source current value is default required is yes description is source of input okay now you can also view the details of the options alone using the options command let's write options help so we can list the options set the option or unset the options so as you guys can see we have four options to set the value for this demo i am going to use the string value now we have to set the source that is options set source source is our tesla.com i'm providing the string value that is tesla.com options set source tesla.com okay you can replace the tesla.com with your target domain name okay the source is set that is tesla.com now let's run this and just wait okay so summary is 35 total host found okay let's see one by one country is none ip address is this host is this we are not getting the latitude and longitude as you guys can see we are getting host names and ip addresses okay there's a 35 results we are getting okay email tesla.com host name okay great let me just show you okay links hostname is links tesla.com marketing tesla.com okay great great these are the host names okay as we already know there are different tables in the db module and host were one among them right we have seen the host table so let's let's write show host because we are getting host name here right hostname is also there let's hit enter okay these are the host and the ip addresses like 35 rows return okay but it's not look great right you can't send this report to your manager so what we are going to do there are multiple reporting modules available in recon ng so it is time for us to learn the reporting mechanism so let's search what are the modules we have for reporting let's write the modules okay let me just clear my screen first modules search report okay so we have three six eight eight modules we have that is reporting modules the category is reporting as you guys can see first is csv html json list proxy fire push pin xls and xml okay and if nothing is already installed then you can use the following command to install them that is marketplace marketplace installed reporting okay by using this command you can install the reporting modules we already have these reporting modules so i'm not going to use this command okay so i'm going to use this html module let's write modules load and i've already copied this reporting html so let's paste it here and hit enter let's write info as you guys can see it is changed the workspace is changed that is html let's see the details okay tim is the author of this module and we have four options we have to create four options and it is a required field first is a creator customer file name and sanitize okay let's set the options let me just clear the screen we are going to use the options command to set set the source okay so options set the first source was created make sure you are writing it in all gaps creator is afs hackers okay creator is set as afs hackers options set customer is of shan okay our customer is optioned just assume it guys let's hit enter now we have to set the file name right okay so we have to create the file name so i am creating the file called car sorry touch car info dot html car info.html let me write ls so as you guys can see car info dot html is there let's write pwd ctrl c ctrl v car info dot html yes car info.html great okay i'm sorry we have to use the file name f i name okay file name now it is set that is home kali car info dot html we have to create the file name before we have to use this command okay now let's run the report generated at home kali car info.html okay let's go to this folder open a folder as you guys can see we have car info.html file double click on it great so our customer is of sean recon ng reconnaissance report let me just make it okay we have provided the one domain that is tesla.com host we have found the 35 host right let's see the domains domain table we have provided the tesla.com and note is for learning purpose and here we have the host detail and now it looks great right you guys can send this report to your manager okay so it looks great and here created by the afs hacker sunday august 14 2022. okay that's great so in this video we have seen two modules the first one is the hacker target the second one is reporting okay so so that's it for this video guys i hope you like it if you did then please share this video with your friends and your colleague who are learning the penetration testing make sure that you guys are subscribing to my youtube channel we'll see you guys in my next video till then take care and keep learning bye