RECON FRAMEWORK

Recon-ng: The Metasploit of Reconnaissance

6 MIN READ

STRATEGIC INTEL

Share Intel

Recon-ng: The Metasploit of Reconnaissance Screenshot

Intelligence Capture

Modular Efficiency

Recon-ng is a full-featured Web Reconnaissance framework. It has a modular structure, similar to Metasploit, allowing users to easily add their own modules or use existing ones.

The Workspace Concept

Everything in Recon-ng is organized into workspaces. This keeps your investigations separate and allows you to build a dedicated database of intel for each target.

Mastering the CLI

Recon-ng is built for the command line. It features tab completion, context-sensitive help, and an interactive shell that makes it incredibly efficient for power users.

Share this Intel

Spread the methodology to harden the collective perimeter.

Share Intel

Clinical Mastery

Expert CLI Documentation & Tradecraft

Tool Reference

Recon-ng

Interactive modular reconnaissance framework.

recon-ng

Core Flags & Options

modules search

Finds modules based on keywords (e.g., 'shodan', 'whois').

options set

Configures the parameters for a loaded module.

run

Executes the currently loaded module.

Expert Strings (Chaining & Automation)

Automated Host Search

modules load google_site_web ; run

BENEFIT: Uses Google dorking to find valid subdomains for the target workspace.

Shodan Reverse

modules load shodan_hostname ; run

BENEFIT: Pivots from domain names to IP addresses using the Shodan API.

PRO TIP: Always pipe output into tee -a recon_log.txt to maintain a clinical audit trail of your investigation steps.