def run_recon(domains, bruteforce, workspace): reconb = base.Recon(base.Mode.CLI) reconb.init_workspace(workspace) reconb.onecmd("TIMEOUT=100") module_list = [ "recon/domains-hosts/bing_domain_web", "recon/domains-hosts/google_site_web", "recon/domains-hosts/netcraft", "recon/domains-hosts/shodan_hostname", "recon/netblocks-companies/whois_orgs", "recon/hosts-hosts/resolve" ] wordlist = bruteforce if bruteforce else os.path.join(recon_path, "data/hostnames.txt") for domain in domains: for module in module_list: run_module(reconb, module, domain) x = reconb.do_load("recon/domains-hosts/brute_hosts") x.do_set("WORDLIST " + wordlist) x.do_set("SOURCE " + domain) x.do_run(None) out_file = "FILENAME " + os.getcwd() + "/" + workspace x = reconb.do_load("reporting/csv") x.do_set(out_file + ".csv") x.do_run(None) x = reconb.do_load("reporting/list") x.do_set(out_file + ".lst") x.do_set("COLUMN host") x.do_run(None)
def run_recon(domains, bruteforce): stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y') wspace = domains[0] + stamp reconb = base.Recon(base.Mode.CLI) reconb.init_workspace(wspace) reconb.onecmd("TIMEOUT=100") module_list = [ "recon/domains-hosts/bing_domain_web", "recon/domains-hosts/google_site_web", "recon/domains-hosts/netcraft", "recon/domains-hosts/shodan_hostname", "recon/netblocks-companies/whois_orgs", "recon/hosts-hosts/resolve" ] for domain in domains: for module in module_list: run_module(reconb, module, domain) #subdomain bruteforcing if bruteforce: x = reconb.do_load("recon/domains-hosts/brute_hosts") x.do_set("WORDLIST /usr/share/recon-ng/data/banner.txt") x.do_set("SOURCE bugcrowd.com") x.do_run(None) #reporting output outFile = "FILENAME " + os.getcwd() + "/" + domains[0] x = reconb.do_load("reporting/csv") x.do_set(outFile + ".csv") x.do_run(None) x = reconb.do_load("reporting/list") x.do_set(outFile + ".lst") x.do_set("COLUMN host") x.do_run(None)
def RunRecon(self, domain, subDomains, bruteForce): stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y') wspace = domain + stamp reconb = base.Recon(base.Mode.CLI) reconb.init_workspace(wspace) reconb.onecmd("TIMEOUT=100") module_list = [ "recon/domains-hosts/bing_domain_web", "recon/domains-hosts/google_site_web", "recon/domains-hosts/netcraft", "recon/domains-hosts/shodan_hostname", "recon/netblocks-companies/whois_orgs", "recon/hosts-hosts/resolve" ] for module in module_list: self.RunModule(reconb, module, domain) if bruteForce: self.RunBruteForce(reconb, domain) #reporting output outFile = "FILENAME " + os.getcwd() + "/" + domain module = reconb.do_load("reporting/csv") module.do_set(outFile + ".csv") module.do_run(None) reconNgOutput = domain + '.csv' with open(reconNgOutput, 'r') as csvfile: for row in csv.reader(csvfile, delimiter=','): subDomains.append(row[0]) os.remove(reconNgOutput)
def recon_cli(args): # process toggle flag arguments flags = { 'check': args.check if not args.stealth else False, 'analytics': args.analytics if not args.stealth else False, 'marketplace': args.marketplace if not args.stealth else False, } # instantiate framework x = base.Recon(**flags) options = [base.Mode.CLI] if args.workspace: options.append(args.workspace) x.start(*options) # set given workspace if args.workspace: x._init_workspace(args.workspace) print(f"WORKSPACE => {args.workspace}") # run given global commands for command in args.global_commands: print(f"GLOBAL COMMAND => {command}") x.onecmd(command) # set given global options for option in args.goptions: param = ' '.join(option.split('=')) x._do_options_set(param) # if requested, show global options and exit if args.gshow: x._do_options_list('') return # if requested, show modules and exit if args.show_modules: x._do_modules_search('') return # exit if module not specified if not args.module: output('No module provided.') return # load the module y = x._do_modules_load(args.module) # exit if module not successfully loaded if not y: return print(f"MODULE => {args.module}") # run given module commands for command in args.module_commands: print(f"MODULE COMMAND => {command}") y.onecmd(command) # set given module options for option in args.options: param = ' '.join(option.split('=')) y._do_options_set(param) # if requested, show module options and exit if args.show: y._do_options_list('') return if args.run: # run the module y.do_run(None)
def run_recon(domains, bruteforce): #stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y') #wspace = domains[0]+stamp wspace = domains[0] reconb = base.Recon(base.Mode.CLI) reconb.init_workspace(wspace) reconb.onecmd("TIMEOUT=100") #dns_resolver_ip = get_random_resolver_ip() #reconb.options["nameserver"] = dns_resolver_ip #reconb.onecmd("NAMESERVER={}".format(dns_resolver_ip)) module_list = [ "recon/domains-hosts/bing_domain_web", "recon/domains-hosts/shodan_hostname", "recon/domains-hosts/google_site_web", "recon/domains-hosts/shodan_hostname", "recon/domains-hosts/certificate_transparency", #"recon/domains-hosts/netcraft", #"recon/domains-hosts/threatcrowd", #"recon/domains-hosts/hackertarget", "recon/domains-hosts/builtwith", "recon/domains-hosts/mx_spf_ip", "recon/netblocks-hosts/shodan_net", "recon/domains-hosts/google_site_api", "recon/netblocks-companies/whois_orgs", "recon/domains-vulnerabilities/punkspider", "recon/domains-vulnerabilities/xssed", "recon/domains-vulnerabilities/xssposed", "recon/domains-vulnerabilities/ghdb", "recon/hosts-hosts/reverse_resolve", "recon/repositories-vulnerabilities/gists_search", "recon/companies-multi/github_miner", "recon/hosts-hosts/resolve" ] for domain in domains: for module in module_list: print("Attempting Module {}".format(module)) run_module(reconb, module, domain) #subdomain bruteforcing x = reconb.do_load("recon/domains-hosts/brute_hosts") if bruteforce: x.do_set("WORDLIST " + bruteforce) else: x.do_set("WORDLIST /usr/share/recon-ng/data/hostnames.txt") x.do_set("SOURCE " + domain) x.do_run(None) outFile = "FILENAME " + os.getcwd() + "/" + domains[0] x = reconb.do_load("reporting/list") x.do_set(outFile + ".lst") x.do_set("COLUMN host") x.do_run(None)
def set_workspace(workspace): x = base.Recon(mode=base.Mode.CLI) # init workspace x.init_workspace(workspace) output('WORKSPACE => {}'.format(workspace)) x.onecmd("set TIMEOUT 30") x.onecmd("set THREADS 10") x.onecmd('set NAMESERVER 114.114.114.114') x.onecmd(('set USER-AGENT Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; ' 'Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)')) output('') return x
def run_recon(domains, bf_wordlist, is_altdns_set, out_file): """Initialize recon-ng base class and run core of script.""" stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y') wspace = domains[0] + stamp reconb = base.Recon(base.Mode.CLI) reconb.start(base.Mode.CLI) reconb._init_workspace(wspace) report_module = "reporting/list" bf_module = "recon/domains-hosts/brute_hosts" module_list = [ "recon/hosts-hosts/resolve", "recon/domains-hosts/bing_domain_web", "recon/domains-hosts/google_site_web", "recon/domains-hosts/shodan_hostname", "recon/netblocks-companies/whois_orgs", "recon/domains-hosts/netcraft" ] install_modules(reconb, module_list + [f"{bf_module}", f"{report_module}"]) pool = Pool() procs = [] for domain in domains: for module in module_list: p = pool.apply_async(run_module, args=(reconb, module, domain)) procs.append(p) # subdomain bruteforcing if wordlist set m = reconb._do_modules_load(bf_module) m.options['wordlist'] = bf_wordlist m.options['source'] = domain m.do_run(None) # Export results if output file given if out_file: m = reconb._do_modules_load(report_module) m.options['filename'] = out_file m.options['column'] = "host" m.do_run(None) # wait until all pool processes complete for proc in procs: proc.get() if is_altdns_set: run_altdns(domains) return
def init_keys(config_file): try: key_conf = open(config_file) except IOError as e: output('Reading configure file error: {}'.format(str(e))) exit(-1) x = base.Recon(mode=base.Mode.CLI) # init workspace x.init_workspace('default') for line in key_conf.readlines(): line = line.strip() if not len(line) or line.startswith('#'): continue key, value = line.split('=') if not key: output('Config filr error at line:{}'.format(line)) return if not value: continue x.onecmd('keys add {} {}'.format(key, value)) key_conf.close()
def recon_ui(args): # set up command completion try: import readline except ImportError: print( f"{Colors.R}[!] Module 'readline' not available. Tab complete disabled.{Colors.N}" ) else: import rlcompleter if 'libedit' in readline.__doc__: readline.parse_and_bind('bind ^I rl_complete') else: readline.parse_and_bind('tab: complete') readline.set_completer_delims( re.sub('[/-]', '', readline.get_completer_delims())) # for possible future use to format command completion output #readline.set_completion_display_matches_hook(display_hook) # process toggle flag arguments flags = { 'check': args.check if not args.stealth else False, 'analytics': args.analytics if not args.stealth else False, 'marketplace': args.marketplace if not args.stealth else False, 'accessible': args.accessible } # instantiate framework x = base.Recon(**flags) # check for and run script session if args.script_file: x._do_script_execute(args.script_file) # launch the interactive session options = [base.Mode.CONSOLE] if args.workspace: options.append(args.workspace) try: x.start(*options) except KeyboardInterrupt: print('')
def run_recon(domains, output, shodankey): stamp = datetime.datetime.now().strftime('%M:%H-%m_%d_%Y') wspace = domains[0]+stamp reconb = base.Recon(base.Mode.CLI) reconb.init_workspace(wspace) reconb.onecmd("TIMEOUT=100") reconb.onecmd("keys add shodan_api " + shodankey) module_list = [ "recon/domains-hosts/threatcrowd", "recon/domains-hosts/hackertarget", "recon/domains-hosts/bing_domain_web", "recon/domains-hosts/shodan_hostname", ] for domain in domains: for module in module_list: run_module(reconb, module, domain) x = reconb.do_load("reporting/list") x.do_set("FILENAME " + output) x.do_set("COLUMN host") x.do_run(None)
def run_module(workspace, module): results = {} try: # instantiate important objects job = get_current_job() recon = base.Recon(check=False, analytics=False, marketplace=False) recon.start(base.Mode.JOB, workspace=workspace) tasks = Tasks(recon) # update the task's status tasks.update_task(job.get_id(), status=job.get_status()) # execute the task module = recon._loaded_modules.get(module) module.run() except Exception as e: results['error'] = { 'type': str(type(e)), 'message': str(e), 'traceback': traceback.format_exc(), } results['summary'] = module._summary_counts # update the task's status and results tasks.update_task(job.get_id(), status='finished', result=results) return results
from flask import Flask, cli, render_template from flasgger import Swagger from recon.core import base from recon.core.constants import BANNER_WEB from recon.core.web.db import Tasks from redis import Redis import os import rq # disable the development server warning banner cli.show_server_banner = lambda *x: None print(BANNER_WEB) # create an application-wide framework and tasks instance recon = base.Recon(check=False, analytics=False, marketplace=False) recon.start(base.Mode.WEB) tasks = Tasks(recon) # configuration DEBUG = False SECRET_KEY = 'we keep no secrets here.' JSON_SORT_KEYS = False REDIS_URL = os.environ.get('REDIS_URL', 'redis://') SWAGGER = { 'title': 'Swagger', 'info': { 'title': 'Recon-API', 'description': 'A RESTful API for Recon-ng', 'version': '0.0.1', },