Thiago Teixeira

EN | PT

Recon-ng

LaNMaSteR53

Modular web reconnaissance framework, written in Python.

Threat Intelligence Free & Open Source CLI Practiced in lab Cross-platform

Homepage

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

Recon-ng is a modular OSINT framework with a Metasploit-like console (use, set, run). Each module pulls data from a public source (search engines, certificate transparency logs, breach databases, social media) and stores results in a workspace DB you can query with SQL.

It is a favourite for passive reconnaissance because it never sends a packet to the target — all data comes from third-party APIs.

Use cases

Passive enumeration of an organisation's external footprint
Generating lists of likely usernames/emails for awareness training
Feeding intel into a phishing simulation playbook

Example

recon-ng
workspaces create example
modules load recon/domains-hosts/hackertarget
options set SOURCE example.com
run