def run_recon(domains, bruteforce, workspace):
reconb = base.Recon(base.Mode.CLI)
reconb.init_workspace(workspace)
reconb.onecmd("TIMEOUT=100")
module_list = [
"recon/domains-hosts/bing_domain_web",
"recon/domains-hosts/google_site_web",
"recon/domains-hosts/netcraft",
"recon/domains-hosts/shodan_hostname",
"recon/netblocks-companies/whois_orgs",
"recon/hosts-hosts/resolve"
]
wordlist = bruteforce if bruteforce else os.path.join(recon_path, "data/hostnames.txt")
for domain in domains:
for module in module_list:
run_module(reconb, module, domain)
x = reconb.do_load("recon/domains-hosts/brute_hosts")
x.do_set("WORDLIST " + wordlist)
x.do_set("SOURCE " + domain)
x.do_run(None)
out_file = "FILENAME " + os.getcwd() + "/" + workspace
x = reconb.do_load("reporting/csv")
x.do_set(out_file + ".csv")
x.do_run(None)
x = reconb.do_load("reporting/list")
x.do_set(out_file + ".lst")
x.do_set("COLUMN host")
x.do_run(None)
def run_recon(domains, bruteforce):
stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y')
wspace = domains[0] + stamp
reconb = base.Recon(base.Mode.CLI)
reconb.init_workspace(wspace)
reconb.onecmd("TIMEOUT=100")
module_list = [
"recon/domains-hosts/bing_domain_web",
"recon/domains-hosts/google_site_web", "recon/domains-hosts/netcraft",
"recon/domains-hosts/shodan_hostname",
"recon/netblocks-companies/whois_orgs", "recon/hosts-hosts/resolve"
]
for domain in domains:
for module in module_list:
run_module(reconb, module, domain)
#subdomain bruteforcing
if bruteforce:
x = reconb.do_load("recon/domains-hosts/brute_hosts")
x.do_set("WORDLIST /usr/share/recon-ng/data/banner.txt")
x.do_set("SOURCE bugcrowd.com")
x.do_run(None)
#reporting output
outFile = "FILENAME " + os.getcwd() + "/" + domains[0]
x = reconb.do_load("reporting/csv")
x.do_set(outFile + ".csv")
x.do_run(None)
x = reconb.do_load("reporting/list")
x.do_set(outFile + ".lst")
x.do_set("COLUMN host")
x.do_run(None)
def RunRecon(self, domain, subDomains, bruteForce):
stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y')
wspace = domain + stamp
reconb = base.Recon(base.Mode.CLI)
reconb.init_workspace(wspace)
reconb.onecmd("TIMEOUT=100")
module_list = [
"recon/domains-hosts/bing_domain_web",
"recon/domains-hosts/google_site_web",
"recon/domains-hosts/netcraft",
"recon/domains-hosts/shodan_hostname",
"recon/netblocks-companies/whois_orgs", "recon/hosts-hosts/resolve"
]
for module in module_list:
self.RunModule(reconb, module, domain)
if bruteForce:
self.RunBruteForce(reconb, domain)
#reporting output
outFile = "FILENAME " + os.getcwd() + "/" + domain
module = reconb.do_load("reporting/csv")
module.do_set(outFile + ".csv")
module.do_run(None)
reconNgOutput = domain + '.csv'
with open(reconNgOutput, 'r') as csvfile:
for row in csv.reader(csvfile, delimiter=','):
subDomains.append(row[0])
os.remove(reconNgOutput)
def recon_cli(args):
# process toggle flag arguments
flags = {
'check': args.check if not args.stealth else False,
'analytics': args.analytics if not args.stealth else False,
'marketplace': args.marketplace if not args.stealth else False,
}
# instantiate framework
x = base.Recon(**flags)
options = [base.Mode.CLI]
if args.workspace:
options.append(args.workspace)
x.start(*options)
# set given workspace
if args.workspace:
x._init_workspace(args.workspace)
print(f"WORKSPACE => {args.workspace}")
# run given global commands
for command in args.global_commands:
print(f"GLOBAL COMMAND => {command}")
x.onecmd(command)
# set given global options
for option in args.goptions:
param = ' '.join(option.split('='))
x._do_options_set(param)
# if requested, show global options and exit
if args.gshow:
x._do_options_list('')
return
# if requested, show modules and exit
if args.show_modules:
x._do_modules_search('')
return
# exit if module not specified
if not args.module:
output('No module provided.')
return
# load the module
y = x._do_modules_load(args.module)
# exit if module not successfully loaded
if not y: return
print(f"MODULE => {args.module}")
# run given module commands
for command in args.module_commands:
print(f"MODULE COMMAND => {command}")
y.onecmd(command)
# set given module options
for option in args.options:
param = ' '.join(option.split('='))
y._do_options_set(param)
# if requested, show module options and exit
if args.show:
y._do_options_list('')
return
if args.run:
# run the module
y.do_run(None)
def run_recon(domains, bruteforce):
#stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y')
#wspace = domains[0]+stamp
wspace = domains[0]
reconb = base.Recon(base.Mode.CLI)
reconb.init_workspace(wspace)
reconb.onecmd("TIMEOUT=100")
#dns_resolver_ip = get_random_resolver_ip()
#reconb.options["nameserver"] = dns_resolver_ip
#reconb.onecmd("NAMESERVER={}".format(dns_resolver_ip))
module_list = [
"recon/domains-hosts/bing_domain_web",
"recon/domains-hosts/shodan_hostname",
"recon/domains-hosts/google_site_web",
"recon/domains-hosts/shodan_hostname",
"recon/domains-hosts/certificate_transparency",
#"recon/domains-hosts/netcraft",
#"recon/domains-hosts/threatcrowd",
#"recon/domains-hosts/hackertarget",
"recon/domains-hosts/builtwith",
"recon/domains-hosts/mx_spf_ip",
"recon/netblocks-hosts/shodan_net",
"recon/domains-hosts/google_site_api",
"recon/netblocks-companies/whois_orgs",
"recon/domains-vulnerabilities/punkspider",
"recon/domains-vulnerabilities/xssed",
"recon/domains-vulnerabilities/xssposed",
"recon/domains-vulnerabilities/ghdb",
"recon/hosts-hosts/reverse_resolve",
"recon/repositories-vulnerabilities/gists_search",
"recon/companies-multi/github_miner",
"recon/hosts-hosts/resolve"
]
for domain in domains:
for module in module_list:
print("Attempting Module {}".format(module))
run_module(reconb, module, domain)
#subdomain bruteforcing
x = reconb.do_load("recon/domains-hosts/brute_hosts")
if bruteforce:
x.do_set("WORDLIST " + bruteforce)
else:
x.do_set("WORDLIST /usr/share/recon-ng/data/hostnames.txt")
x.do_set("SOURCE " + domain)
x.do_run(None)
outFile = "FILENAME " + os.getcwd() + "/" + domains[0]
x = reconb.do_load("reporting/list")
x.do_set(outFile + ".lst")
x.do_set("COLUMN host")
x.do_run(None)
def set_workspace(workspace):
x = base.Recon(mode=base.Mode.CLI)
# init workspace
x.init_workspace(workspace)
output('WORKSPACE => {}'.format(workspace))
x.onecmd("set TIMEOUT 30")
x.onecmd("set THREADS 10")
x.onecmd('set NAMESERVER 114.114.114.114')
x.onecmd(('set USER-AGENT Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; '
'Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)'))
output('')
return x
def run_recon(domains, bf_wordlist, is_altdns_set, out_file):
"""Initialize recon-ng base class and run core of script."""
stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y')
wspace = domains[0] + stamp
reconb = base.Recon(base.Mode.CLI)
reconb.start(base.Mode.CLI)
reconb._init_workspace(wspace)
report_module = "reporting/list"
bf_module = "recon/domains-hosts/brute_hosts"
module_list = [
"recon/hosts-hosts/resolve", "recon/domains-hosts/bing_domain_web",
"recon/domains-hosts/google_site_web",
"recon/domains-hosts/shodan_hostname",
"recon/netblocks-companies/whois_orgs", "recon/domains-hosts/netcraft"
]
install_modules(reconb, module_list + [f"{bf_module}", f"{report_module}"])
pool = Pool()
procs = []
for domain in domains:
for module in module_list:
p = pool.apply_async(run_module, args=(reconb, module, domain))
procs.append(p)
# subdomain bruteforcing if wordlist set
m = reconb._do_modules_load(bf_module)
m.options['wordlist'] = bf_wordlist
m.options['source'] = domain
m.do_run(None)
# Export results if output file given
if out_file:
m = reconb._do_modules_load(report_module)
m.options['filename'] = out_file
m.options['column'] = "host"
m.do_run(None)
# wait until all pool processes complete
for proc in procs:
proc.get()
if is_altdns_set:
run_altdns(domains)
return
def init_keys(config_file):
try:
key_conf = open(config_file)
except IOError as e:
output('Reading configure file error: {}'.format(str(e)))
exit(-1)
x = base.Recon(mode=base.Mode.CLI)
# init workspace
x.init_workspace('default')
for line in key_conf.readlines():
line = line.strip()
if not len(line) or line.startswith('#'):
continue
key, value = line.split('=')
if not key:
output('Config filr error at line:{}'.format(line))
return
if not value:
continue
x.onecmd('keys add {} {}'.format(key, value))
key_conf.close()
def recon_ui(args):
# set up command completion
try:
import readline
except ImportError:
print(
f"{Colors.R}[!] Module 'readline' not available. Tab complete disabled.{Colors.N}"
)
else:
import rlcompleter
if 'libedit' in readline.__doc__:
readline.parse_and_bind('bind ^I rl_complete')
else:
readline.parse_and_bind('tab: complete')
readline.set_completer_delims(
re.sub('[/-]', '', readline.get_completer_delims()))
# for possible future use to format command completion output
#readline.set_completion_display_matches_hook(display_hook)
# process toggle flag arguments
flags = {
'check': args.check if not args.stealth else False,
'analytics': args.analytics if not args.stealth else False,
'marketplace': args.marketplace if not args.stealth else False,
'accessible': args.accessible
}
# instantiate framework
x = base.Recon(**flags)
# check for and run script session
if args.script_file:
x._do_script_execute(args.script_file)
# launch the interactive session
options = [base.Mode.CONSOLE]
if args.workspace:
options.append(args.workspace)
try:
x.start(*options)
except KeyboardInterrupt:
print('')
def run_recon(domains, output, shodankey):
stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y')
wspace = domains[0]+stamp
reconb = base.Recon(base.Mode.CLI)
reconb.init_workspace(wspace)
reconb.onecmd("TIMEOUT=100")
reconb.onecmd("keys add shodan_api " + shodankey)
module_list = [
"recon/domains-hosts/threatcrowd",
"recon/domains-hosts/hackertarget",
"recon/domains-hosts/bing_domain_web",
"recon/domains-hosts/shodan_hostname",
]
for domain in domains:
for module in module_list:
run_module(reconb, module, domain)
x = reconb.do_load("reporting/list")
x.do_set("FILENAME " + output)
x.do_set("COLUMN host")
x.do_run(None)
def run_module(workspace, module):
results = {}
try:
# instantiate important objects
job = get_current_job()
recon = base.Recon(check=False, analytics=False, marketplace=False)
recon.start(base.Mode.JOB, workspace=workspace)
tasks = Tasks(recon)
# update the task's status
tasks.update_task(job.get_id(), status=job.get_status())
# execute the task
module = recon._loaded_modules.get(module)
module.run()
except Exception as e:
results['error'] = {
'type': str(type(e)),
'message': str(e),
'traceback': traceback.format_exc(),
}
results['summary'] = module._summary_counts
# update the task's status and results
tasks.update_task(job.get_id(), status='finished', result=results)
return results
from flask import Flask, cli, render_template
from flasgger import Swagger
from recon.core import base
from recon.core.constants import BANNER_WEB
from recon.core.web.db import Tasks
from redis import Redis
import os
import rq
# disable the development server warning banner
cli.show_server_banner = lambda *x: None
print(BANNER_WEB)
# create an application-wide framework and tasks instance
recon = base.Recon(check=False, analytics=False, marketplace=False)
recon.start(base.Mode.WEB)
tasks = Tasks(recon)
# configuration
DEBUG = False
SECRET_KEY = 'we keep no secrets here.'
JSON_SORT_KEYS = False
REDIS_URL = os.environ.get('REDIS_URL', 'redis://')
SWAGGER = {
'title': 'Swagger',
'info': {
'title': 'Recon-API',
'description': 'A RESTful API for Recon-ng',
'version': '0.0.1',
},