Episode Details

Back to Episodes
Course 35 - Footprinting and Reconnaissance | Episode 7: Information Gathering and Domain Reconnaissance Lab

Course 35 - Footprinting and Reconnaissance | Episode 7: Information Gathering and Domain Reconnaissance Lab

Published 1 month, 2 weeks ago
Description
In this lesson, you’ll learn about: reconnaissance using Recon-ng1. What is Recon-ng?
  • A full-featured web reconnaissance framework
  • Pre-installed on Kali Linux
  • Designed to automate OSINT and domain reconnaissance
🔹 Core Concept
  • Works like a framework (similar to Metasploit)
  • Uses modules to perform different recon tasks
👉 Purpose:
  • Build a structured database of target intelligence
2. Tool Overview
  • Recon-ng
🔹 Key Capabilities
  • Domain intelligence gathering
  • Contact harvesting
  • Subdomain discovery
  • File and directory enumeration
👉 Advantage:
  • Organizes results into a workspace database
3. Workspace & Domain Setup🔹 Initial Steps
  • Create a workspace
  • Add target domain
👉 Why it matters:
  • Keeps recon data organized and reusable
4. Contact Harvesting🔹 Module: whois_pocs
  • Extracts:
    • Names
    • Email addresses
    • Locations
👉 Use Case:
  • Build a target profile
  • Useful for:
    • Social engineering
    • OSINT correlation
5. Host Discovery & Stealth🔹 Module: bing_domain_web
  • Finds:
    • Hosts
    • Indexed subdomains
🔹 Stealth Feature
  • Recon-ng introduces delays (sleep) between requests
👉 Benefit:
  • Mimics human browsing
  • Reduces detection risk
  • Avoids IP blocking
6. Subdomain Brute-Forcing🔹 Module: brute_hosts
  • Uses wordlists to guess subdomains
🔹 Output
  • Hidden subdomains
  • Associated IP addresses
👉 Importance:
  • Expands the attack surface
  • Reveals hidden infrastructure
7. Sensitive File Discovery🔹 Module: interesting_files
  • Searches for:
    • robots.txt
    • Backup files
    • Config files
👉 Why it matters:
  • May expose:
    • Hidden directories
    • Internal paths
    • Misconfigurations
8. Analyzing Server Responses🔹 HTTP Status Codes
  • 404 → Resource not found (client-side issue)
  • 300-series → Redirection
👉 Insight:
  • Helps understand:
    • Server behavior
    • Application structure
9. Cybersecurity Use Case🔹 Reconnaissance Phase
  • Early stage of:
    • Penetration testing
    • Bug bounty hunting
🔹 What You Achieve
  • Map:
    • Domains
    • Subdomains
    • Contacts
    • Infrastructure
👉 Outcome:
  • Clear view of the target environment
Key Takeaways
  • Recon-ng is a modular recon framework
  • Uses workspaces to organize intelligence
  • Automates multiple OSINT tasks
  • Includes stealth techniques to avoid detection
  • Provides structured data for further testing
Big PictureRecon-ng helps you:👉 Move from raw data → structured intelligence databaseMental Model
  • Recon-ng → “Collect + organize recon data”
  • Analysis → “Turn data into actionable insights”


You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_acade
Listen Now