Recon-ng – Open Source Intelligence (OSINT) Reconnaissance Framework

  • 557

Recon-ng is a reconnaissance framework that can perform open source web based information gathering for a given target. Recon-ng is loaded with different type of modules, such as reconnaissance, reporting, import, discovery, and exploitation modules. The type of information that can be gathered with these modules include contacts, credentials, social media profiles, and handful of other information like IP, reverse IP, WHOIS information, and ports information.  Recon-ng can also look for certain vulnerabilities in a target web application, such as cross site scripting, PunkSPIDER, and GHDB (Google Hacking Database).

Recon-ng Installation

recon-ng cloning

To install Recon-ng, first clone the framework using the following command.

git clone https://[email protected]/LaNMaSteR53/recon-ng.git

In the next step, move to the Recon-ng directory and run the REQUIRMENTS file.

cd recon-ng
pip install -r REQUIREMENTS

recon-ng requirements

How Recon-ng Works

Recon-ng can be set into action using the following command.


The help menu can be explored as follows.

./recon-ng –h

recon-ng help menu

In order to explore the modules, run the following command. The command displays all the modules along with the path required to run each module.

show modules

In order to use any module, just type the following command.

use <module path>

Similarly, to set the target domain, use the following syntax.

set source <target domain>

For example, if we want to run the XSSED vulnerabilities test module, we can do so in the following manner.

use recon/domains-vulnerabilities/xssed
set source

The tool runs the defined module and displays the results on the screen as shown below.

xssed test results

We can try other modules using the same approach. There are certain modules like Shodan, Facebook, twitter, Instagram etc that require API keys to fetch results. The API key for such modules can be added using the following command.

keys add <module_api> <api key here>

For example, we have Shodan api key as SH1254AKD. We can add this API key as follows.

keys add shodan_api SH1254AKD

In order to see the configured keys in Recon-ng, use the following command.

keys list

What Bunny rating does it get?

Recon-ng is a modular framework that can gather detailed information about target web applications and individuals, it is n amazing tool for the OSINT part of a red team engagement!. As a result we will be awarding this tool an amazing rating of 4.5 out of 5 bunnies!.

half bunny

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.


The following two tabs change content below.

Adil Adeel

I am a cyber-security enthusiast with the focus on network security, cloud security, data-driven security, and advanced cryptography. Contact me at [email protected]

Adil Adeel

I am a cyber-security enthusiast with the focus on network security, cloud security, data-driven security, and advanced cryptography. Contact me at [email protected]

Leave a Reply

Do NOT follow this link or you will be banned from the site!