This is part 2 in the recon-ng articles, in part 1 we discussed how to use the recon-ng framework for information gathering about someone’s networks and now in this part, we will gather the personal information of any person.
If you didn’t cover part 1 then [click here]
This part will help you gather someone’s personal information using the recon-ng framework.
Let’s start with the tool
// 01 Recon-ng for collecting personal information
1. Open your Linux terminal and type the command [recon-ng] for running the tool
2. create a new workspace for personal information gathering named (personal), enter the command [workspaces create person] for creating the workspace.
3. Now first we need to perform footprinting on any domain to extract contacts available in it. For this first set the domain by the command:-
[db insert domains] ->
domain [cipherssecurity.com] ->
notes [any alias] ->
load recon modules[modules load brute] ->
then choose the module you want -> (recon/domains-hosts/brute_hosts)
[modules load recon/domains-hosts/brute_hosts] ->
[run]
4. Our first step is completed for footprinting the domain now we need to extract POC data that contains the username and other details.
5. Now load the whois_pocs module for gathering POC data from whois queries from the given domain.
[back] ->
[modules load recon/domains-contacts/whois_pocs] ->
after loading module enter the command [info] for viewing all the options required to execute the module ->
now set the source option [options set SOURCE twitter.com] ->
[run]
6. Now we will use another module for searching for any person from the domain list.
7. this module will help you in finding the existence of user-profiles on various domains and websites. enter these commands for executing this module:-
[back] ->
for finding profiles on various websites we need to load the profiler module ->
[modules load recon/profiles-profiles/profiler] ->
after loading the module enter the command [info] for seeing the options for running the module ->
[options set SOURCE anukram] ->
[run]
8. As we gathered user details about the users in the various domains and websites. Now we need to create a report on it. We need to prepare the report containing the result of the profile URL of the obtained user.
9. for creating the report we need to load the HTML reporting module:-
[back] ->
[modules load reporting/html] ->
after loading the modules enter [info] command, and we need to assign some values in it such as FILENAME, CREATOR, AND CUSTOMER ->
[options set CREATOR lucifer] It will show the name of who created the report ->
[options set CUSTOMER anukram] It will show for whom we created the report ->
[options set FILENAME (destination for saving the file)] It will assign a place or directory for saving the generated report. ->
[run]
10. now we need to navigate to the directory where we saved the generated report and open it in the browser and observe the report.
This is the final report of gathering information about any user from various websites and domains. The modules used in this phase will provide you with the exact URL of the user’s profiles on various websites.
This data will help you in doing social engineering attacks and finding vulnerabilities in employees’ data in any organization.