Recon-ng is a reconnaissance tool that is used to provide a powerful environment to conduct open-source web-based reconnaissance quickly and thoroughly. It is based on Open Source Intelligence (OSINT), which is the easiest and useful tool for reconnaissance.

Recon-ng is written in Python. Complete with database interaction, independent modules, interactive help, command completion, and built-in convenience functions.


- what is Recon-ng?

- Features.

- Uses.

- Using recon-ng.

- Help.

- Examples.

What is Recon-ng?

Recon-ng is a full-featured reconnaissance framework that has a similar interface to that of Metasploit(which comes in handy and easy to use).

Recon-ng has the command-line interface which you can run on Kali Linux, also you enter a shell-like environment where you can configure options, perform recon, and output results to different report types.

The interactive console provides several helpful features, such as command completion and contextual help.


- The free and open-source tool and can be downloaded and used for free.

- One of the easiest and useful tools for performing reconnaissance.

- Used for vulnerability assessment of web applications.

- Uses the Shodan search engine to scan IoT devices.

- Easily find loopholes in the code of website & web applications.

- Recon-ng has the following modules GeoIP lookup, Banner grabbing, DNS lookup, port scanning, These modules make this tool so powerful.

- Recon-ng can target a single domain and can find all the subdomains of that domain making work easy for pen-testers.

Uses of Recon-ng

- Recon-ng can be used to find the IP Addresses of a target.

- Recon-ng can be used to look for error-based SQL injections.

- Recon-ng can be used to find sensitive files such as robots.txt.

- Recon-ng can be used to find information about Geo-IP lookup, Banner grabbing, DNS lookup, port scanning, sub-domain information, reverse IP using WHOIS lookup.

- Recon-ng can be used to detects Content Management Systems (CMS) in the use of a target web application.

Using Recon-ng

Step 1: Installing Module.

Syntax to install is marketplace install whois_pocs as seen below.

> marketplace install recon/domains-contacts/whois_pocs

Module installed: recon/domains-contacts/whois_pocs

Reloading modules…


Step 2: Loading Modules.


> modules loadrecon/domains-contacts/whois_pocs


Step 3: Set source.

Now set the source. Currently set at default (see below)


> show options/ options list


Syntax options set SOURCE

> options set SOURCE


Step 3: Run The Module.

Type run to execute the module.


> run


The help command from within a loaded module has different options to the global ‘help’.
When you are ready to explore more modules use ‘back’.

This help menu brings additional commands such as:

- options: Manages the global context options

- reload: Reloads the loaded module

- run: Runs the loaded module

- script: Records and executes command scripts.

> help

Commands (type ):

— — — — — — — — — — — — — — — — -

back Exits the current context

dashboard Displays a summary of activity

db Interfaces with the workspace’s database

exit Exits the framework

options Manages the global context options

help Displays this menu

info Shows details about the loaded module

input Shows inputs based on the source option

keys Manages third-party resource credentials

modules Interfaces with installed modules

options Manages the current context options

pdb Starts a Python Debugger session (dev only)

reload Reloads the loaded module

run Runs the loaded module

script Records and executes command scripts

shell Executes shell commands

show Shows various framework items

spool Spools output to a file




Ethical Hacking & Information Security Cheatsheets, Resources, Tools, Quizzes, and lots of free learning material.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Simple vs. Easy

How to Beat Imposter Syndrome

Handy Python functions for Data manipulation.

Top 3 Best IP Geolocation APIs For WordPress

Faker it ’til you make it

The Best Countries for Developers to Work in

CyberSecLabs — Debug

Supercharge your Bash

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Ethical Hacking & Information Security Cheatsheets, Resources, Tools, Quizzes, and lots of free learning material.

More from Medium

I was having a discussion with a person who was upset with someone he deemed to be unpalatable and…

Timing-Based Username Enumeration: What’s a fix versus mitigation?

Forge — HTB

Basic_Pentesting_1 VulnHub