Based on Recon-ng project.
This project includes some modules from multiple sources and projects such as Pentestly by @praetorian-inc. Modules without hyperlinks are my own. The main goal of this project is to make search with Recon-ng more useful, add alternative data sources and put all extra modules in one place.
Imports from nmap XML output. Module updates hosts and ports tables with the results.
Imports from theHarvester (by @laramies) XML output. Module updates contacts table with emails, found by theHarvester and tries to resolve name of contact:
john.smith@example.com -> John Smith
john.d.smith@example.com -> John D Smith
Additionaly, module updates hosts table with hosts and virtual hosts, found by theHarvester. If theHarvester resolved hostname to IP address, module adds them both. Otherwise, module adds only the hostname.
Import from SimplyEmail (by @killswitch-GUI) JSON output. Module updates contacts table with emails, found by SimplyEmail and tries to resolve name of contact.
Website: https://vk.com/dev
Finds employees by company name on vk.com. Module uses users.search method of VK API with company parameter to find all employees by company name.
Finds emails by company domain on vk.com in 1000 last posts. Module uses newsfeed.search method of VK API with q parameter to find email addresses by domain and tries to resolve name of contact.
Example
domain: mysite.com
search query: @mysite.com
recon/companies-contacts/xing_employees by @mhelwig
Website: https://www.xing.com/
Finds hosts and open ports by org search operator using Shodan API. Updates hosts and ports tables with the results.
Module uses hacked-emails.com API to find compromised credentials. Website: http://hacked-emails.com/
Module works with VibeApp API which is the same as FullContact API. Module finds profiles. Website: http://vibeapp.co
Module scrapes email-format.com for emails and tries to resolve name of contact. Website: http://email-format.com
Module harvests emails using EmailHunter API and tries to resolve name of contact. Website: https://emailhunter.co/
recon/domains-hosts/baidu_site by @F4l13n5n0w
Module scrapes hosts from Baidu Search Engine. Website: http://www.baidu.com/
recon/hosts-netblocks/arin by @ztgrace
Module uses ARIN API to search for netblocks and companies by IP address.
recon/domains-hosts/axfr by @ztgrace
AXFR (DNS Zone Transfer)
MX record (Mail eXchanger)
SPF record (Sender Policy Framework)
Website: https://www.threatcrowd.org/
Searches for domains registered by same email address of registrant
Renamed module from standard repository
Website: https://censys.io/
Module searches for hosts and ports using autonomous_system.organization search filter. Updates the hosts and the ports tables with the results.
Module retrieves MX record for each domain using mx search filter and updates the hosts table with the results.
Module retrieves A record for each host using a search filter and updates the ports with the results.
Website: https://www.zoomeye.org/
Finds ports by IP address using ZoomEye API
Finds hosts and ports using ZoomEye API
Finds hosts by hostname using ZoomEye API
curl -XPOST https://api.zoomeye.org/user/login -d '{"username": "your@mail.com", "password": "Pa55w0rd"}'
To solve the problem with keys file just add manualy these keys:
zoomeye_keyvibeapp_keyvk_keyemailhunter_key
- Fix domainbigdata modules
- Fix EmailHunter API endpoint and filename