Frameworks

Tools

  • recon-ng
  • Spiderfoot
  • sn0int
  • etc. Check in Kali and online for more.

recon-ng

hackertarget.py

[recon-ng][default] > marketplace search

[recon-ng][default] > marketplace install hackertarget

[recon-ng][default] > modules load hackertarget

[recon-ng][default][hackertarget] > info

[recon-ng][default][hackertarget] > options set SOURCE domain.com

[recon-ng][default][hackertarget] > run

[recon-ng][default][hackertarget] > show hosts

[recon-ng][default][hackertarget] > back
[recon-ng][default] >

profiler.py

Dec 12, 2023: If your profiler.py is printing errors in red here is probably how you can fix it:
github.com/lanmaster53/recon-ng-marketplace/pull/246

To make it easier, I put all the file locations and modifications here:

recon-ng-marketplace Edit #1
Edit: /home/kali/.recon-ng/modules/recon/profiles-profiles/profiler.py at line 30.

   def module_thread(self, site, user):
        d = dict(site)
        # if d['valid'] == True:
        if d.get('valid', True) == True:
            self.verbose(f"Checking: {d['name']}")

recon-ng-marketplace Edit #2
Edit: /home/kali/.recon-ng/modules/recon/profiles-profiles/profiler.py at line 30.

meta = {
  'name': 'OSINT HUMINT Profile Collector',
  'author': 'Micah Hoffman (@WebBreacher), Brendan Burke (@gbinv)',
  # 'version': '1.1',
  'version': '1.2',
  'description': 'Takes each username from the profiles table and searches a variety of web sites for those users. The list of valid sites comes from the parent project at https://github.com/WebBreacher/WhatsMyName',
  'comments': (

recon-ng-marketplace Edit #3
Edit: /home/kali/.recon-ng/modules.yml on line 1101 and 1105.

  files: []
  last_updated: '2023-12-30'
  name: OSINT HUMINT Profile Collector
  path: recon/profiles-profiles/profiler
  required_keys: []
  version: '1.2'
- author: Robert Frost (@frosty_1313, frosty[at]unluckyfrosty.net)
  dependencies: []

After updating those files you should be able to run it.

[recon-ng][default] > marketplace install profiler

[recon-ng][default] > modules load profiler

[recon-ng][default][profiler] > info

[recon-ng][default][profiler] > options set SOURCE thecybermentor

[recon-ng][default][profiler] > run

[recon-ng][default][profiler] > show profiles

Maltego

A great tool, especially if you have access to API keys.

  • Create an account, install maltego on Kali, launch it and log in.
  • API keys are needed for most of the Hub Partners, but it some free recon.
  • Click the + at the top right to open a new graph.
  • Type domain in the search and drag it over to the graph area.
  • Rename the domain to the target.
  • Right click on the Domain Entity and select from the list of Transforms.
  • Testing All Transforms here.
    • Click on the “double” arrow to begin.
    • Click on the + area to see what it does and the arrow to return.
  • After setting the Required Inputs, click Run.
  • In the results, click on anything to see more, add notes, etc.
  • You can select an item from the results and run another Transform on it.
    • Emails, domains, companies, etc.
    • Then select another item from here and run a Transform again.
  • If you run it on a company that’s been around for a while and has a decent presence, you should gather a lot of data like emails, DNS entries, subdomains, IP addresses, open ports/services, locations, people, etc.