Convert Figma logo to code with AI

lanmaster53 logorecon-ng

Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

3,854
621
3,854
25
View on GitHub

Top Related Projects

smicallef's avatar

spiderfoot

12,645

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

laramies's avatar

theHarvester

11,058

E-mails, subdomains and names Harvester - OSINT

s0md3v's avatar

Photon

10,895

Incredibly fast crawler designed for OSINT.

aboul3la's avatar

Sublist3r

9,657

Fast subdomains enumeration tool for penetration testers

leebaird's avatar

discover

3,409

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

owasp-amass's avatar

amass

11,780

In-depth attack surface mapping and asset discovery

Quick Overview

Recon-ng is an open-source reconnaissance framework designed for web-based information gathering. It provides a powerful environment for conducting open-source intelligence (OSINT) operations, with a modular architecture that allows for easy extension and customization.

Pros

  • Modular design allows for easy addition of new modules and functionality
  • Comprehensive set of built-in modules for various reconnaissance tasks
  • Intuitive command-line interface similar to Metasploit
  • Active community and regular updates

Cons

  • Steep learning curve for beginners
  • Some modules may require additional API keys or subscriptions
  • Limited graphical user interface options
  • Performance can be slow for large-scale scans

Getting Started

To get started with Recon-ng:

  1. Install Recon-ng:
git clone https://github.com/lanmaster53/recon-ng.git
cd recon-ng
pip install -r REQUIREMENTS
  1. Run Recon-ng:
./recon-ng
  1. Use the framework:
[recon-ng][default] > modules search
[recon-ng][default] > modules load recon/domains-hosts/google_site_web
[recon-ng][default][google_site_web] > options set SOURCE example.com
[recon-ng][default][google_site_web] > run

This will install Recon-ng, start the framework, search for available modules, load a specific module, set the target domain, and run the module.

Competitor Comparisons

smicallef logo

spiderfoot

12,645

SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.

Pros of Spiderfoot

  • More extensive and diverse set of modules for data collection
  • User-friendly web interface for easier operation and visualization
  • Active development with frequent updates and community contributions

Cons of Spiderfoot

  • Can be resource-intensive, especially for large-scale scans
  • Steeper learning curve due to the wide range of features and options

Code Comparison

Recon-ng module structure:

from recon.core.module import BaseModule

class Module(BaseModule):
    def module_run(self):
        # Module logic here

Spiderfoot module structure:

from spiderfoot import SpiderFootPlugin, SpiderFootEvent

class sfp_example(SpiderFootPlugin):
    def handleEvent(self, event):
        # Module logic here

Both frameworks use a modular approach, but Spiderfoot's structure allows for more flexibility in event handling and data processing. Recon-ng's modules are more straightforward but may be limited in complex scenarios.

laramies logo

theHarvester

11,058

E-mails, subdomains and names Harvester - OSINT

Pros of theHarvester

  • Simpler and more focused tool, specifically for email and subdomain enumeration
  • Lightweight and easy to set up, with fewer dependencies
  • Supports a wide range of search engines and data sources out of the box

Cons of theHarvester

  • Less extensible compared to Recon-ng's modular architecture
  • Limited reporting capabilities and data visualization options
  • Narrower scope of functionality, primarily focused on information gathering

Code Comparison

theHarvester:

from theHarvester.discovery import *
from theHarvester.discovery.constants import *
search = googlesearch.search_google(word, limit, start)
search.process()
emails = search.get_emails()

Recon-ng:

from recon.core.module import BaseModule
class Module(BaseModule):
    def module_run(self):
        self.query('SELECT DISTINCT domain FROM domains WHERE domain IS NOT NULL')
        for domain in self.query:
            self.heading(domain[0], level=0)

Both tools are written in Python, but Recon-ng has a more modular structure, allowing for easier extension and customization. theHarvester's code is more straightforward and focused on specific search functionalities, while Recon-ng's framework provides a broader range of reconnaissance capabilities through its module system.

s0md3v logo

Photon

10,895

Incredibly fast crawler designed for OSINT.

Pros of Photon

  • Faster and more lightweight, focusing specifically on web reconnaissance
  • User-friendly with a simple command-line interface
  • Supports multiple output formats (JSON, CSV, TXT)

Cons of Photon

  • Less comprehensive than Recon-ng in terms of overall functionality
  • Limited to web-based reconnaissance, lacking modules for other types of information gathering
  • Fewer built-in data sources compared to Recon-ng

Code Comparison

Photon:

def photon(url, level, threads, delay, timeout, cook, headers):
    # Main function implementation
    # ...

Recon-ng:

def do_reload(self, params):
    # Reload modules
    self._load_modules()
    self.output('Modules reloaded.')
    return True

While both projects are written in Python, Photon's codebase is more focused on web crawling and information extraction, whereas Recon-ng's code structure reflects its modular nature and broader scope of reconnaissance capabilities.

aboul3la logo

Sublist3r

9,657

Fast subdomains enumeration tool for penetration testers

Pros of Sublist3r

  • Focused specifically on subdomain enumeration, making it more specialized and potentially more efficient for this task
  • Simpler to use with a straightforward command-line interface
  • Faster execution for subdomain discovery due to its specialized nature

Cons of Sublist3r

  • Limited to subdomain enumeration, lacking the broader reconnaissance capabilities of Recon-ng
  • Less extensible and customizable compared to Recon-ng's modular framework
  • May require additional tools for comprehensive reconnaissance tasks

Code Comparison

Sublist3r:

def main(domain, threads, savefile, ports, silent, verbose, enable_bruteforce, engines):
    bruteforce_list = []
    subdomains = []
    search_list = []

Recon-ng:

def do_reload(self, params):
    '''Reloads all modules'''
    self.output('Reloading...')
    self.load_modules()
    self.output('Reloading complete.')

Both projects are written in Python, but their code structures differ significantly. Sublist3r's main function focuses on subdomain enumeration parameters, while Recon-ng's example shows its modular nature with a reload function for modules.

leebaird logo

discover

3,409

Custom bash scripts used to automate various penetration testing tasks including recon, scanning, enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.

Pros of Discover

  • More comprehensive toolset, including network mapping and vulnerability scanning
  • Easier to use for beginners with a menu-driven interface
  • Regularly updated with new features and tools

Cons of Discover

  • Less focused on specific reconnaissance tasks compared to Recon-ng
  • May require more system resources due to its broader scope
  • Less modular structure, making it harder to extend or customize

Code Comparison

Discover (menu-driven interface):

#!/bin/bash

# Main menu
echo "1. Domain"
echo "2. IP"
echo "3. Network Mapping"
read -p "Enter your choice: " choice

Recon-ng (module-based approach):

from recon.core.module import BaseModule

class Module(BaseModule):
    meta = {
        'name': 'Example Module',
        'author': 'Your Name',
        'description': 'Module description',
        'options': (
            ('option', 'default', True, 'Option description'),
        ),
    }

Discover offers a more user-friendly approach with its menu-driven interface, making it accessible for beginners. Recon-ng, on the other hand, provides a more modular and extensible structure, allowing advanced users to create custom modules easily. While Discover includes a wider range of tools, Recon-ng focuses specifically on reconnaissance tasks, potentially offering more depth in that area.

owasp-amass logo

amass

11,780

In-depth attack surface mapping and asset discovery

Pros of Amass

  • More comprehensive subdomain enumeration with multiple data sources
  • Faster performance for large-scale reconnaissance
  • Active development with frequent updates and new features

Cons of Amass

  • Steeper learning curve due to more complex configuration options
  • Less modular structure compared to Recon-ng's plugin system
  • May produce more false positives in certain scenarios

Code Comparison

Amass (Go):

func (e *Enumeration) submitKnownNames() {
    for _, name := range e.Config.ProvidedNames {
        e.Bus.Publish(requests.NewNameTopic, &requests.DNSRequest{
            Name:   name,
            Domain: e.Config.Domain,
        })
    }
}

Recon-ng (Python):

def do_add(self, params):
    table = params.split()[0]
    params = ' '.join(params.split()[1:])
    self.query('INSERT INTO %s (%s) VALUES (%s)' % (table, self.to_columns_string(params), self.to_values_string(params)))

Both repositories offer powerful reconnaissance capabilities, but Amass focuses on subdomain enumeration with a more comprehensive approach, while Recon-ng provides a modular framework for various recon tasks. Amass is written in Go, offering better performance for large-scale scans, while Recon-ng's Python codebase allows for easier customization and plugin development.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

The Recon-ng Framework

Recon-ng content now available on Pluralsight!

Recon-ng is a full-featured reconnaissance framework designed with the goal of providing a powerful environment to conduct open source web-based reconnaissance quickly and thoroughly.

Recon-ng has a look and feel similar to the Metasploit Framework, reducing the learning curve for leveraging the framework. However, it is quite different. Recon-ng is not intended to compete with existing frameworks, as it is designed exclusively for web-based open source reconnaissance. If you want to exploit, use the Metasploit Framework. If you want to social engineer, use the Social-Engineer Toolkit. If you want to conduct reconnaissance, use Recon-ng! See the Wiki to get started.

Recon-ng is a completely modular framework and makes it easy for even the newest of Python developers to contribute. See the Development Guide for more information on building and maintaining modules.

Sponsors

Black Hills Information Security


Practical Security Services

Donations

Recon-ng is free software. However, large amounts of time and effort go into its continued development. If you are interested in financially supporting the project, you can view and assist in marketing the Pluralsight content, or send a donation to tjt1980[at]gmail.com via PayPal. Thank you.