代码拉取完成,页面将自动刷新
> recon-ng
## now let's add a workspace
> workspaces add trivago.com
## Add the target domain
> add domains trivago.com
## Double check if domain is added
> show domains
## find related hosts to our domain
> load netcraft
> run
## check added hosts
> show hosts
## Searching web
> load google
> load google_site_web
> run
## Now it's time for brute-forcing
> load brute
> load brute_hosts
> run
## resolve hosts
> load resolve
> run
## now reverse resolve
> load reverse_resolve
> use recon/hosts-hosts/reverse_resolve
> run
## check hosts
> show hosts
## Now let's get some geolocation info
> load ipinfodb
> run
## more geolocation info
### first edit /usr/local/Cellar/recon-ng/4.9.2/libexec/modules/recon/locations-locations/geocode.py
### also edit /usr/local/Cellar/recon-ng/4.9.2/libexec/modules/recon/locations-locations/reverse_geocode.py
### line 21 instead of `return` make it `continue`
> load geocode
> use recon/locations-locations/geocode
> show options
> show info
> set SOURCE query SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL
> run
## Check locations
> show locations
## Now reverse
> load reverse
> use recon/locations-locations/reverse_geocode
> run
## Check locations
> show locations
## Now let's change reverse_geocode query to run on hosts table
> show info
> set SOURCE query SELECT DISTINCT latitude || ',' || longitude FROM hosts WHERE latitude IS NOT NULL AND longitude IS NOT NULL
> run
## Check locations
> show locations
## now let's search contacts
> search contacts
> use recon/domains-contacts/whois_pocs
> run
> load pgp_search
> run
## After you found some contacts, now let's see if there is any leaks for them
> use recon/contacts-credentials/hibp_paste
> run
## Now let's find some interesting files on the servers
> use discovery/info_disclosure/interesting_files
> run
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。