Every Pentester targets the information of the client he wants to attack. Thus OSINT Analysis came to effect. OSINT provides the idea of the enemy. In other words, it serves as Open Source Intelligence, which eventually means the method to obtain free information. It can work as your free detective on the internet. As we all know that most of the data is stored on the internet along with some cloud or somewhere on the deep web, information gathering tools can work in respect to obtain all those information just within a minute which can be strenuous to find through certain search engines.

Reckon-ng is an OSINT tool that can be considered an effective way to gather information is a Web Reconnaissance framework written in Python. All those who are familiar with the Metasploit Framework can feel the similarity of the environment used in this tool. As it is supported through Python, any new programmer may add modules to the environment. Modules are the selective analysis outlet that can perform various tasks such as standardizing output, interacting with the database, making web requests, and managing API keys.

It can easily be opened from the Information Gathering Tools if you are using Parrot/Kali linux distro. If it is not given in your distro or you are using Termux, you may download using the following command:-

git clone https://github.com/lanmaster53/reckon-ng.git

cd reckon-ng

pip install -r REQUIREMENTS ./reckon-ng

After you have been finished, you screen should be looking like this:

You may have to install modules if there are no modules installed previously which can be done using the following commands:

marketplace install all

Basically, reckon-ng has five different sections of modules:

1. Discovery
2. Exploitation
3. Import
4. Recon
5. Reporting

Once everything is set up, it is time to get familiar with the interface and create a workspace within reckon-ng. It is a process similar to making a folder in your direction so that you can put up similar work into a categorised manner. To create a workspace, use workspaces create <workspace-name> . Here I have created the work space named as alma by using workspaces create alma .

To view all existing workspaces, use workspaces list and you may use workspaces select <workspace-name> to select the workspace you want to work on.

Now since our framework has been properly set up, we are now liberated to use the modules in order to gather the respective information. Thus we can search the modules using modules search command :-

In order to use any of these modules, we will have to load the modules. Let’s say we want to check the whois lookup.

[recon-ng][alma]>modules search whois. where whois is the keyword for the search. And then select the modules using the modules load whois_pocs command.

Now using the info command we can percept the situation for the lookup.WE can see the SOURCE to be set as default. We can change the default for the lookup using the command options set SOURCE <domain> ; Here I am using the domain as example.com thus, I will use options set SOURCE example.com. And at last, use the run command.

After running the module, the framework will initiate to search for all the related contents.

After completing the process, all the entities would be saved and by show command, we can use it to show <companies|contacts|credentials|domains|hosts|leaks|locations|netblocks|ports|profiles|pushpins|repositories|vulnerabilities>

Such results might be obtained through this method. In a very similar way, many other modules can be used which can be really helpful in order to retrieve significant information from the client. As we can see that there are different modules for different functions. One of the important functions is credential harvesting. But there are many researchers who are still contributing to this project and many authors are expanding the features according to them. The ease with which the tool can be used and the structural modules make this framework the backbone of OSINT Analysis.