CyberCode Academy
Avsnitt

Course 35 - Footprinting and Reconnaissance | Episode 7: Information Gathering and Domain Reconnaissance Lab

CyberCode Academy
Dela

In this lesson, you’ll learn about: reconnaissance using Recon-ng1. What is Recon-ng?

  • A full-featured web reconnaissance framework
  • Pre-installed on Kali Linux
  • Designed to automate OSINT and domain reconnaissance

🔹 Core Concept

  • Works like a framework (similar to Metasploit)
  • Uses modules to perform different recon tasks

👉 Purpose:

  • Build a structured database of target intelligence

2. Tool Overview

  • Recon-ng

🔹 Key Capabilities

  • Domain intelligence gathering
  • Contact harvesting
  • Subdomain discovery
  • File and directory enumeration

👉 Advantage:

  • Organizes results into a workspace database

3. Workspace & Domain Setup🔹 Initial Steps

  • Create a workspace
  • Add target domain

👉 Why it matters:

  • Keeps recon data organized and reusable

4. Contact Harvesting🔹 Module: whois_pocs

  • Extracts:
    • Names
    • Email addresses
    • Locations

👉 Use Case:

  • Build a target profile
  • Useful for:
    • Social engineering
    • OSINT correlation

5. Host Discovery & Stealth🔹 Module: bing_domain_web

  • Finds:
    • Hosts
    • Indexed subdomains

🔹 Stealth Feature

  • Recon-ng introduces delays (sleep) between requests

👉 Benefit:

  • Mimics human browsing
  • Reduces detection risk
  • Avoids IP blocking

6. Subdomain Brute-Forcing🔹 Module: brute_hosts

  • Uses wordlists to guess subdomains

🔹 Output

  • Hidden subdomains
  • Associated IP addresses

👉 Importance:

  • Expands the attack surface
  • Reveals hidden infrastructure

7. Sensitive File Discovery🔹 Module: interesting_files

  • Searches for:
    • robots.txt
    • Backup files
    • Config files

👉 Why it matters:

  • May expose:
    • Hidden directories
    • Internal paths
    • Misconfigurations

8. Analyzing Server Responses🔹 HTTP Status Codes

  • 404 → Resource not found (client-side issue)
  • 300-series → Redirection

👉 Insight:

  • Helps understand:
    • Server behavior
    • Application structure

9. Cybersecurity Use Case🔹 Reconnaissance Phase

  • Early stage of:
    • Penetration testing
    • Bug bounty hunting

🔹 What You Achieve

  • Map:
    • Domains
    • Subdomains
    • Contacts
    • Infrastructure

👉 Outcome:

  • Clear view of the target environment

Key Takeaways

  • Recon-ng is a modular recon framework
  • Uses workspaces to organize intelligence
  • Automates multiple OSINT tasks
  • Includes stealth techniques to avoid detection
  • Provides structured data for further testing

Big PictureRecon-ng helps you:👉 Move from raw data → structured intelligence databaseMental Model

  • Recon-ng → “Collect + organize recon data”
  • Analysis → “Turn data into actionable insights”



You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör CyberCode Academy. Innehållet i podden är skapat av CyberCode Academy och inte av, eller tillsammans med, Poddtoppen.