1
00:00:00,420 --> 00:00:02,640
Welcome to part two of this module

2
00:00:06,300 --> 00:00:07,140
in this video.

3
00:00:07,140 --> 00:00:10,340
We're going to start working with recon energy.

4
00:00:10,780 --> 00:00:17,160
Recon energy is an open source intelligence tool similar to multi go that comes prepackaged with Cally

5
00:00:17,160 --> 00:00:18,690
Linux.

6
00:00:18,690 --> 00:00:26,010
Unlike multiple ago it is entirely text based which means that all of our interactions with it will

7
00:00:26,010 --> 00:00:28,070
be through the command prompt.

8
00:00:28,320 --> 00:00:30,860
So to begin we're going to load up the program.

9
00:00:30,870 --> 00:00:33,010
There's two ways to do this.

10
00:00:33,060 --> 00:00:42,180
We can either go to applications information gathering and select recon and from the menu or we can

11
00:00:42,180 --> 00:00:50,330
load it up like a pro by opening up our terminal window and simply typing recon and

12
00:00:54,620 --> 00:00:59,450
the first time you load the program you're going to get a lot of error messages about missing api keys.

13
00:00:59,450 --> 00:01:00,680
I'll talk about that in a minute.

14
00:01:02,070 --> 00:01:03,420
So let's go ahead and get started.

15
00:01:04,790 --> 00:01:07,410
Recon and g is a web based framework.

16
00:01:07,490 --> 00:01:09,660
It is entirely text based.

17
00:01:09,680 --> 00:01:18,140
It was written by Tim tomes of Black Hills information security and IT functions very similar to existing

18
00:01:18,140 --> 00:01:25,360
frameworks that you might already be familiar with such as Metis Floyd and social engineering toolkit.

19
00:01:25,370 --> 00:01:31,910
So if you've used either of those before then using recon Angie will have the same feel and look to

20
00:01:31,910 --> 00:01:32,660
it.

21
00:01:32,780 --> 00:01:40,820
It is built around modules that include different functionality such as doing reconnaissance exploration

22
00:01:40,820 --> 00:01:42,600
and discovery.

23
00:01:42,620 --> 00:01:47,180
It's not a replacement for metal split or the social engineering tool kit.

24
00:01:47,240 --> 00:01:54,320
It is focused on doing reconnaissance against a specific target very similar to how Montego is designed

25
00:01:54,320 --> 00:01:56,950
to operate.

26
00:01:56,960 --> 00:02:00,480
There are several Web sites that it uses to gather information.

27
00:02:00,500 --> 00:02:07,640
Some of these sites are Google being linked in Facebook etc. It just depends on which modules you currently

28
00:02:07,640 --> 00:02:12,290
have installed and which api keys you're using.

29
00:02:12,410 --> 00:02:17,850
It works by sending queries to these sites to scrape open source information.

30
00:02:18,320 --> 00:02:24,680
Recon energy is written entirely in the Python programming language so if you have any experience with

31
00:02:24,680 --> 00:02:32,030
python you may be able to write your own custom modules fairly easily which can then be imported directly

32
00:02:32,030 --> 00:02:34,520
into the existing framework.

33
00:02:34,550 --> 00:02:39,680
The creator Tim has written an excellent developers guide for those wishing to get their feet wet in

34
00:02:39,680 --> 00:02:44,740
this area and it includes a module template that you can use.

35
00:02:44,810 --> 00:02:47,860
Check it out if you're interested in that side of things.

36
00:02:49,520 --> 00:02:55,730
I should note before I begin that the current version of recon in G which comes pre installed with Kali

37
00:02:56,270 --> 00:03:02,870
at the time of this recording is due to be upgraded several older modules for one reason or another

38
00:03:03,290 --> 00:03:07,740
became defunct over time and were removed from the framework.

39
00:03:07,760 --> 00:03:11,110
However replacements are currently in development.

40
00:03:11,330 --> 00:03:13,160
Your version of recon and G.

41
00:03:13,220 --> 00:03:20,240
May have additional modules not shown in this tutorial but hopefully after this class you will have

42
00:03:20,240 --> 00:03:27,380
enough of a working understanding to be able to use the framework and pick up the ins and outs of any

43
00:03:27,380 --> 00:03:29,880
newer modules that are released.

44
00:03:30,350 --> 00:03:37,250
They all follow the same general pattern and principles so it should not be too hard to learn any new

45
00:03:37,250 --> 00:03:38,800
ones.

46
00:03:38,970 --> 00:03:44,140
You may even wish to upgrade to the latest version before you start to play around with it.

47
00:03:44,400 --> 00:03:50,860
Just to take care of any bugs in the prepackaged version that comes with Kali.

48
00:03:50,900 --> 00:03:57,500
You can do this by get using the Get Command to clone clone the latest repository from the recon Energy

49
00:03:57,500 --> 00:03:58,760
Web site.

50
00:03:58,760 --> 00:04:06,020
However be aware that if you decide to upgrade to the latest version it may be necessary to either update

51
00:04:06,050 --> 00:04:11,510
or download the relevant Python libraries which as dependencies.

52
00:04:11,510 --> 00:04:18,040
Otherwise you may encounter errors when you try to launch the program once loaded.

53
00:04:18,040 --> 00:04:23,050
You will be presented with a text based title screen which is what you're looking at here.

54
00:04:24,710 --> 00:04:29,240
Listing out all of the modules that come prepackaged with this tool.

55
00:04:30,510 --> 00:04:36,440
Unlike multiple ago which was showcased in the last video recon energy is entirely text based.

56
00:04:36,630 --> 00:04:42,330
All of the commands will be run through the prompt which tends to intimidate newer users who are not

57
00:04:42,330 --> 00:04:44,740
as comfortable with this method of interaction.

58
00:04:44,760 --> 00:04:47,590
It really is easy once you get the hang of it though.

59
00:04:49,570 --> 00:05:00,380
The number next to each listed category is the number of currently installed modules yours may be different

60
00:05:00,380 --> 00:05:03,070
than mine depending on your version.

61
00:05:03,110 --> 00:05:09,560
Now before we begin actually using the program there is one major bit of setup we're going to have to

62
00:05:09,560 --> 00:05:13,280
accomplish before we can actually use this tool.

63
00:05:13,280 --> 00:05:19,880
As I said before recon and G perform searches through several different Web sites and some of those

64
00:05:19,880 --> 00:05:25,300
sites require you to have an API key in order to perform the searches.

65
00:05:25,310 --> 00:05:31,280
I'm not going to cover how to set up an account on each of those sites since they are constantly changing

66
00:05:31,280 --> 00:05:35,460
and such information would quickly be out of date.

67
00:05:35,480 --> 00:05:46,670
There are instructional websites online but really it's just as simple as setting up an account on say

68
00:05:46,730 --> 00:05:56,520
flicker or LinkedIn or Twitter and then finding the API key listed under your account information.

69
00:05:56,570 --> 00:06:03,470
I mentioned that these keys are required and you can see which ones are required by typing the keys

70
00:06:03,530 --> 00:06:06,470
list command.

71
00:06:06,820 --> 00:06:10,570
This will list all of the keys that you will need.

72
00:06:10,570 --> 00:06:18,430
And again you will find them on the accounts page after you register for accounts but one thing I do

73
00:06:18,430 --> 00:06:24,820
have to note there are a couple of these sites that require you to pay to get access to some of the

74
00:06:24,820 --> 00:06:32,690
more advanced search features I mentioned this fact in the multi go module and it bears repeating here.

75
00:06:32,740 --> 00:06:39,870
The good news is that if you decide you wish to invest to obtain those extra features your API key should

76
00:06:39,870 --> 00:06:47,430
work for all open source intelligence tools that you use that call for them a bit a multi go recon energy

77
00:06:47,460 --> 00:06:54,610
or whatever it is not necessary to actually spend money to get value out of these tools though.

78
00:06:54,690 --> 00:06:57,640
But the advanced features are quite nice.

79
00:06:57,900 --> 00:06:59,690
The interface to add your keys.

80
00:06:59,700 --> 00:07:03,810
Once you've gathered them is very easy to use from within the framework itself.

81
00:07:03,990 --> 00:07:11,000
As you've seen me do just type keys list to bring up the directory of modules that require keys

82
00:07:13,670 --> 00:07:16,150
and then once you actually have your keys.

83
00:07:16,250 --> 00:07:27,830
Just use the keys and command and then I'll do an example being API and we would copy paste our API

84
00:07:27,860 --> 00:07:28,260
key.

85
00:07:28,280 --> 00:07:34,540
The one I'm about to show you is not a real API key but it is representative of what one looks like.

86
00:07:34,610 --> 00:07:38,860
They tend to be long nonsensical strings of letters and numbers.

87
00:07:38,990 --> 00:07:41,250
Sometimes they're shorter than this.

88
00:07:41,420 --> 00:07:46,920
The Bing Key was particularly long but some of them can be quite short.

89
00:07:47,210 --> 00:07:51,500
And this is essentially what you would look for in your account information.

90
00:07:51,680 --> 00:07:53,050
And some people get confused.

91
00:07:53,060 --> 00:07:58,430
They register for example for a flicker account and they look in their account information for the API

92
00:07:58,460 --> 00:08:04,670
key and they see where it's listed but then they see this long string of what appears to be nonsense.

93
00:08:04,670 --> 00:08:07,550
This is actually what the key looks like.

94
00:08:07,550 --> 00:08:14,270
So once we've entered it we just press enter these list and there we go.

95
00:08:14,310 --> 00:08:19,370
It's input it and you would do this for each one of these modules.

96
00:08:19,530 --> 00:08:24,420
Again some of them may require you to pay money when you register.

97
00:08:24,540 --> 00:08:30,710
It's not absolutely required and the tool will function without all of the API keys.

98
00:08:30,720 --> 00:08:36,450
So even if you're not able to use some of the modules that come with recon energy can still get a lot

99
00:08:36,450 --> 00:08:37,440
of value out of it.

100
00:08:38,720 --> 00:08:44,420
So I'm going to go ahead and I'm going to make a small cut to the video I'm going to add my own keys

101
00:08:45,110 --> 00:08:48,350
and then we'll proceed okay.

102
00:08:48,360 --> 00:08:55,420
I've got all of my keys installed and I've one thing I forgot to mention is that if you wish to add

103
00:08:55,420 --> 00:08:58,470
a key that is not listed you can do that.

104
00:08:58,540 --> 00:09:09,970
For example you could do keys add virus total API and then whatever your key might be.

105
00:09:10,270 --> 00:09:16,330
And this is useful if you know that there is a particular module in development that calls for that

106
00:09:16,330 --> 00:09:24,760
key and sometimes when you install module the entry for that key is not listed in the Keys list.

107
00:09:24,970 --> 00:09:34,480
And I didn't spell Virus Total correctly but you get the idea as long as you name it whatever the module

108
00:09:34,480 --> 00:09:35,740
expects it to be.

109
00:09:35,740 --> 00:09:38,950
So for a virus total it would be a virus total API.

110
00:09:39,100 --> 00:09:42,760
Then the module will check for it in the Keys list.

111
00:09:42,790 --> 00:09:44,320
So this is just something to remember.

112
00:09:44,320 --> 00:09:49,900
If you decide to upgrade later or if you decide to create your own modules and import them into recon

113
00:09:49,940 --> 00:09:50,440
Angie

114
00:09:54,700 --> 00:09:59,740
once you've got all your api keys entered we can get started by looking at the basics of the framework

115
00:10:01,450 --> 00:10:02,980
here for the command prompt.

116
00:10:02,980 --> 00:10:11,850
If you just type in the word kelp and hit enter we'll give you a list of the available commands if you

117
00:10:11,850 --> 00:10:15,050
would like more information about what each command does.

118
00:10:15,060 --> 00:10:20,820
Just type help and the name of the command and hit enter and this will give you case examples of how

119
00:10:20,820 --> 00:10:25,950
to use it as well as any optional arguments that may be included.

120
00:10:25,950 --> 00:10:36,580
For example help keys tells us that we can use the keys command with the arguments list add and delete

121
00:10:36,700 --> 00:10:38,730
as we saw a moment ago.

122
00:10:38,940 --> 00:10:42,340
The first command we want to try using is the show command.

123
00:10:42,480 --> 00:10:49,950
This command will allow you to view items within the framework such as the included modules any data

124
00:10:50,520 --> 00:10:59,810
that you have collected as well as the actual database schema you can use the tab completion to see

125
00:10:59,810 --> 00:11:02,100
commands for example.

126
00:11:02,120 --> 00:11:08,310
See all the commands that can be used with show type show and then press the tab key twice.

127
00:11:11,810 --> 00:11:17,540
So for example if I wanted to show the banner I could do show banner

128
00:11:24,270 --> 00:11:34,130
would help if I typed it correctly but a more useful demonstration of show would be to use the show

129
00:11:34,430 --> 00:11:35,290
schema.

130
00:11:36,470 --> 00:11:45,030
And this shows you how the various databases are setup all of the tables and columns for each one are

131
00:11:45,100 --> 00:11:46,020
currently blank.

132
00:11:46,030 --> 00:11:52,120
But as we begin to gather more and more information this tool these entries will start to fill up quickly

133
00:11:59,330 --> 00:12:01,970
we'll be using show command a lot as we go along

134
00:12:06,430 --> 00:12:12,200
so for now we're going to do show options.

135
00:12:12,280 --> 00:12:19,390
These are all the global options that can be set for using the framework.

136
00:12:19,460 --> 00:12:24,500
You can see that it already has several defaults set.

137
00:12:24,500 --> 00:12:30,110
You can actually change these values either globally or for any of the individual modules that you'll

138
00:12:30,140 --> 00:12:31,030
be using.

139
00:12:31,280 --> 00:12:33,560
Using the set command.

140
00:12:33,800 --> 00:12:39,760
So for example let's say that we wanted to change the threads.

141
00:12:39,830 --> 00:12:51,570
We would do set threads and we'll do 20 show options we can see that threads have been changed from

142
00:12:51,570 --> 00:12:54,240
the value of 10 to the value of 20

143
00:12:57,360 --> 00:13:06,520
so as you can see it's pretty simple to use the name server that is listed as googles and DNS server.

144
00:13:06,560 --> 00:13:08,440
Some of you may not like that.

145
00:13:08,630 --> 00:13:10,880
And of course it can be changed.

146
00:13:10,880 --> 00:13:17,270
You might wish to use the DNS server of a specific target to narrow down your search results.

147
00:13:17,270 --> 00:13:21,070
You can change that option here.

148
00:13:21,080 --> 00:13:26,720
So now let's drill down a little further we're going to use the clear command to bring up a fresh screen

149
00:13:28,990 --> 00:13:35,800
and we're going to do show modules to give us a list of all of the available modules currently prepackaged

150
00:13:36,160 --> 00:13:44,960
with this version of recon G rather a long list if we scroll up we can see everything

151
00:13:49,610 --> 00:13:55,010
it's rather extensive and you'll notice that they're separated into categories

152
00:14:01,730 --> 00:14:06,080
so we've got Discovery exploitation import recon etc..

153
00:14:06,290 --> 00:14:09,370
It's quite a bit of output and that can be a bit of a pain.

154
00:14:09,440 --> 00:14:13,490
So let's narrow it down to just what we want.

155
00:14:13,720 --> 00:14:16,880
Show modules reporting

156
00:14:19,500 --> 00:14:23,960
which will just show the relevant modules under the reporting category.

157
00:14:23,970 --> 00:14:26,360
You can do this for any of the categories.

158
00:14:26,490 --> 00:14:31,740
It can be helpful to remember this little trick until you really know what all the different modules

159
00:14:31,770 --> 00:14:36,510
are and what they do as you're doing a particular research against a target.

160
00:14:36,510 --> 00:14:41,350
You'll want to switch between the different types of modules very quickly.

161
00:14:41,370 --> 00:14:43,570
We'll get into this a bit more later.

162
00:14:43,860 --> 00:14:50,110
And one thing I'd like to note here you'll see this word default at the prompt.

163
00:14:50,130 --> 00:14:54,420
This is not anything to do with the module you have loaded.

164
00:14:54,420 --> 00:15:00,600
This is actually one of the work spaces that you can have loaded within the framework will cover workspaces

165
00:15:00,600 --> 00:15:01,140
shortly.

166
00:15:01,140 --> 00:15:04,140
But I wanted to point this out to avoid confusion.

167
00:15:04,140 --> 00:15:09,740
You can also back out of a particular module by typing back.

168
00:15:09,740 --> 00:15:16,160
So there's basically three ways to load a module from within recon and g the first two commands are

169
00:15:16,160 --> 00:15:22,470
a use and load either one of these will work.

170
00:15:22,470 --> 00:15:28,590
We could do load and just let's say

171
00:15:32,770 --> 00:15:45,620
recon domains hosts being domain web and that brings up the Bing domain web module.

172
00:15:45,810 --> 00:15:55,690
Now if we go back out of this for a moment if we know what the name of a module is and there aren't

173
00:15:55,690 --> 00:16:02,470
multiple modules that use the same name we can just use the use command to very quickly load up a module

174
00:16:02,740 --> 00:16:07,270
without having to type out the entire path such as with the load command.

175
00:16:07,270 --> 00:16:17,050
So for example use profiler will bring us directly into the profile and profile our module.

176
00:16:17,230 --> 00:16:23,490
And please note that the module you have loaded will always appear to the to the right of your workspace

177
00:16:23,490 --> 00:16:24,910
in the prompt.

178
00:16:24,910 --> 00:16:29,760
So the structure of the prompt is pretty simple it just tells you the first entry is that recon and

179
00:16:29,760 --> 00:16:31,360
G is what we're working with.

180
00:16:31,540 --> 00:16:36,560
The second entry which is currently default will show you the name of the workspace you're using.

181
00:16:36,700 --> 00:16:38,240
Again more on that in a minute.

182
00:16:38,410 --> 00:16:42,550
And the third entry will always be the module that you're currently running.

183
00:16:42,550 --> 00:16:45,010
So on the subject of work spaces.

184
00:16:45,190 --> 00:16:52,740
This is a quick concept I'm going to need to go over a workspace is basically just a separate location

185
00:16:52,770 --> 00:16:57,230
that you can setup to store all of your data for a specific target.

186
00:16:57,230 --> 00:17:02,850
And this would be handy if you're doing multiple tests against several different targets and it keeps

187
00:17:03,000 --> 00:17:08,180
all of the databases that you build up within recon energy nicely organized.

188
00:17:08,400 --> 00:17:14,430
You really don't want several different sets of data bases that are unrelated to exist in the same default

189
00:17:14,430 --> 00:17:21,240
profile because then you'll start pulling up totally unrelated and dare I say highly wonky results.

190
00:17:21,420 --> 00:17:29,930
So I'm just going to back out of profiler and clear the screen just to make things nice and neat.

191
00:17:30,000 --> 00:17:33,950
So like I said this word default means that we're in the default workspace.

192
00:17:33,960 --> 00:17:34,980
That's no good.

193
00:17:34,980 --> 00:17:39,580
We don't want to use that or things will get very messy very quickly.

194
00:17:40,380 --> 00:17:49,360
Let's go ahead and type work spaces list and hit enter and that'll bring up a list of the work spaces

195
00:17:49,360 --> 00:18:02,540
that we have set up which is currently just default so to add a new workspace we're gonna do work spaces

196
00:18:02,720 --> 00:18:05,560
add and you can call it whatever you want.

197
00:18:05,570 --> 00:18:11,470
It's generally a good policy to name it after whatever your target is.

198
00:18:11,570 --> 00:18:21,130
For instance if you were researching the Disney corporation you might want to name it Disney for right

199
00:18:21,130 --> 00:18:23,150
now I'm just going to name it.

200
00:18:23,260 --> 00:18:23,850
Class

201
00:18:30,000 --> 00:18:38,790
that spit out a few errors because I don't have a complete list of API so I don't have the jigsaw and

202
00:18:38,940 --> 00:18:41,610
POMALYST api keys entered.

203
00:18:41,610 --> 00:18:46,770
But you probably won't get any errors and if you do it's no big deal.

204
00:18:46,770 --> 00:18:54,240
So now if we do work spaces list again we can see that class has been added to our table.

205
00:18:54,240 --> 00:19:00,330
Notice also that the prompt has now changed indicating that we are in the work space that we have just

206
00:19:00,330 --> 00:19:09,870
created any data we enter or find using the various modules and recon Angie will be unique to this workspace

207
00:19:09,880 --> 00:19:18,180
that will be separate from other workspaces that we create and will have its own databases that will

208
00:19:18,180 --> 00:19:24,390
not bleed over when we conduct searches using other workspaces or the default workspace

209
00:19:27,490 --> 00:19:32,320
so the last thing I'll say about work spaces for right now is that it's worth pointing out that whenever

210
00:19:32,320 --> 00:19:39,370
you create a new workspace an actual folder for that workspace is created within the recon energy directory

211
00:19:39,730 --> 00:19:46,180
and that folder will contain the unique database specific to that workspace that you built of over time.

212
00:19:46,270 --> 00:19:56,710
So I'm actually going to back out of recon and G and I may do C.T. recon in G and if I do.

213
00:19:56,820 --> 00:20:06,230
Alas can see there's a workspaces folder so will seedy workspaces unless again and there are work spaces

214
00:20:06,230 --> 00:20:12,810
for class and default and within the class folder is our database.

215
00:20:12,980 --> 00:20:14,580
So that's where it's stored.

216
00:20:14,600 --> 00:20:21,440
If you want to make any changes if you want to take it if you want to take your database and import

217
00:20:21,440 --> 00:20:30,620
it into recon and on another computer for example it's useful to remember these are the basic fundamentals

218
00:20:30,620 --> 00:20:32,880
of using a workspace.

219
00:20:32,900 --> 00:20:41,460
So with that all being said let's go ahead and restart recon and G OK and we'll go back to the workspace

220
00:20:41,480 --> 00:20:48,460
that we created with Workspace select glass

221
00:20:52,230 --> 00:20:54,710
and now we're in the class workspace.

222
00:20:54,720 --> 00:21:01,170
So now we're ready to begin working with the actual modules to gather input from various domains and

223
00:21:01,170 --> 00:21:03,720
use output for the hosts.

224
00:21:03,720 --> 00:21:08,720
Now we're ready to begin working with the modules to gather actual data.

225
00:21:08,760 --> 00:21:18,130
First off let's go ahead and list off the recon modules we're going to once again do show modules recon.

226
00:21:19,200 --> 00:21:21,750
And we're going to scroll up to find our module

227
00:21:34,820 --> 00:21:39,490
which in this case is going to be being domain Webb.

228
00:21:39,530 --> 00:21:46,760
Actually this is a good moment to point out that each module the module center contains both its input

229
00:21:46,790 --> 00:21:56,480
and output an information in this case it's going to be taking inputs from the domain tables and it

230
00:21:56,480 --> 00:22:00,110
will put the outputs into hosts.

231
00:22:00,290 --> 00:22:05,870
This will become more clear as we go along but it's just a little something to remember and come back

232
00:22:05,870 --> 00:22:12,410
to it'll probably make more sense on a second viewing of this video which brings us to the obvious question

233
00:22:12,770 --> 00:22:18,230
how do we input the basic information into our tables for the modules to use.

234
00:22:18,880 --> 00:22:23,450
Oh there are a couple of ways that you can do this.

235
00:22:23,630 --> 00:22:32,960
We can either set this on each module that we run or we can create a database entry with the add command.

236
00:22:33,170 --> 00:22:40,790
For example if we use the ad command we can take the target domain and add it to the database for domains

237
00:22:40,850 --> 00:22:46,580
so that every module we run will check against that listed domain.

238
00:22:46,580 --> 00:22:54,440
So to do this we're gonna do ad domains and I'm just going to pick one Disney dot com.

239
00:22:54,860 --> 00:23:04,510
And now we do show domains we can see that Disney dot com is now in our table of domains.

240
00:23:04,580 --> 00:23:08,840
The other way to set the data once we have a module loaded.

241
00:23:08,840 --> 00:23:30,360
If we go back and run let's say being a domain Web once we get that loaded if we do a show options command

242
00:23:30,930 --> 00:23:36,900
we can see that there is only one input required here and this is where you would set your input.

243
00:23:36,900 --> 00:23:41,130
If you have not already preset it to the relevant table.

244
00:23:41,130 --> 00:23:51,570
So for example we would do set source Disney dot com or whatever your relevant information is that would

245
00:23:51,570 --> 00:23:54,300
set it for this module alone.

246
00:23:54,540 --> 00:24:00,960
But since we've already added it to the database manually via the domains table we don't actually have

247
00:24:00,960 --> 00:24:02,790
to do this.

248
00:24:02,970 --> 00:24:09,420
It's just a second way if you wanted to run a particular module using a piece of information that you

249
00:24:09,420 --> 00:24:15,660
didn't want in your domains table for some reason maybe to keep your search results more narrow.

250
00:24:15,960 --> 00:24:21,450
It's also worth pointing out at this point that you can get additional information about a module that

251
00:24:21,450 --> 00:24:27,210
you currently have loaded by typing the show info command.

252
00:24:27,210 --> 00:24:33,360
This shows you who wrote the module and gives a brief description of the module shows the options that

253
00:24:33,360 --> 00:24:33,860
are needed.

254
00:24:33,870 --> 00:24:38,070
And finally shows the database that will be queried even more fun.

255
00:24:38,070 --> 00:24:45,920
You can do the show source command to see the code in Python.

256
00:24:45,940 --> 00:24:51,020
That particular module runs with if you have coding skills.

257
00:24:51,130 --> 00:24:58,690
This can be a veritable cornucopia of information about how the module works what exactly it is doing

258
00:24:58,690 --> 00:24:59,830
and so forth.

259
00:24:59,830 --> 00:25:07,300
You can see how each modules was written and you can use them as an example or a template when you write

260
00:25:07,300 --> 00:25:08,170
your own.

261
00:25:08,170 --> 00:25:11,510
Anyway now that our module is loaded and we have our data set.

262
00:25:11,530 --> 00:25:12,960
In this case our domain.

263
00:25:13,150 --> 00:25:18,000
We just need to run the module to do this.

264
00:25:18,110 --> 00:25:21,740
We just type the run command and hit enter.

265
00:25:21,760 --> 00:25:23,920
This may take some time.

266
00:25:24,110 --> 00:25:30,350
If you have a domain with a lot of subdomains and I suspect that Disney has a lot of subdomains

267
00:25:39,130 --> 00:25:45,880
this information as it's being gathered is being added to our tables each green asterisk next to an

268
00:25:45,880 --> 00:25:53,740
entry represents a new piece of information a blue asterisk is either notifying you of something or

269
00:25:53,770 --> 00:26:01,210
telling you that a piece of information that is already present within the tables has been found you'll

270
00:26:01,210 --> 00:26:04,860
also notice that it will sleep to avoid lockout.

271
00:26:04,930 --> 00:26:10,050
That's because there's a limited number of search queries with some of these modules.

272
00:26:10,150 --> 00:26:16,220
It can slow this process down a little bit but I recommend that you not change that setting.

273
00:26:16,300 --> 00:26:23,650
It can be very annoying to be locked out completely and lockouts can last up to I believe 24 hours.

274
00:26:23,650 --> 00:26:30,440
It may have gone up to 48 with some Web sites that recon and she queries.

275
00:26:30,560 --> 00:26:33,860
You also won't necessarily be told if you get locked out.

276
00:26:33,860 --> 00:26:39,350
So if you find that your search queries are running and you're not getting any results and you know

277
00:26:39,350 --> 00:26:47,270
you should be consider trying again after about 24 hours of past if you've been running a module excessively

278
00:26:47,600 --> 00:26:51,350
against certain Web sites without limiting your thread count.

279
00:26:51,350 --> 00:26:51,640
All right.

280
00:26:51,650 --> 00:26:55,070
So it looks like we found quite a lot of information.

281
00:26:55,190 --> 00:26:57,950
So if we do these show hosts command

282
00:27:00,630 --> 00:27:04,720
and we pulled up quite a lot of subdomains.

283
00:27:08,400 --> 00:27:13,330
Now you'll notice that at the moment we only have the name of the host.

284
00:27:13,350 --> 00:27:20,970
The row I.D. and the module that was used to find it the IP address region country and coordinates are

285
00:27:20,970 --> 00:27:25,200
not yet included but we'll be getting those pretty soon now.

286
00:27:25,230 --> 00:27:30,150
We could have done this all manually we could have looked up each one of these and added them to a table

287
00:27:30,810 --> 00:27:33,390
individually just like this.

288
00:27:33,390 --> 00:27:35,960
That's the beauty of open source intelligence programs.

289
00:27:35,970 --> 00:27:38,340
All of this information is available out there.

290
00:27:38,940 --> 00:27:45,870
However as we go along our database tables will improve as more and more information fills up inside

291
00:27:45,870 --> 00:27:47,730
them.

292
00:27:47,730 --> 00:27:54,420
And for this reason it is sometimes advantageous to run the same module several times at different points

293
00:27:54,450 --> 00:27:56,730
during your research process.

294
00:27:56,730 --> 00:28:00,770
We just ran big being web domain.

295
00:28:00,780 --> 00:28:09,420
Now if we run some of the other modules that relate to finding hosts and finding domains then our tables

296
00:28:09,420 --> 00:28:16,490
will improve those modules may find things that Bing domain Web did not find.

297
00:28:16,530 --> 00:28:22,860
And then if we go back and run Bing domain Web again later in this process we may get still more results.

298
00:28:22,860 --> 00:28:27,840
But that's just something to keep in mind we don't need to worry about being that fastidious just for

299
00:28:27,840 --> 00:28:29,260
this tutorial.

300
00:28:29,280 --> 00:28:35,880
So now let's go ahead and start filling in those additional fields that I mentioned such as IP address

301
00:28:35,880 --> 00:28:37,500
region and country et cetera.

302
00:28:37,530 --> 00:28:42,180
We'll start by focusing on how to get a hold of the IP address for the host.

303
00:28:42,270 --> 00:28:56,270
There's a good module for this we can use that as cold resolve so we'll just use resolve.

304
00:28:56,400 --> 00:29:06,360
Pardon me use recon hosts hosts resolve would help if I spelled it right.

305
00:29:06,360 --> 00:29:09,740
Wouldn't it.

306
00:29:09,740 --> 00:29:10,160
There we go.

307
00:29:11,230 --> 00:29:12,310
OK.

308
00:29:12,410 --> 00:29:13,550
Sorry about that.

309
00:29:13,550 --> 00:29:15,200
So we have the module loaded.

310
00:29:15,290 --> 00:29:16,570
Let's go ahead and run it

311
00:29:19,490 --> 00:29:27,950
and we can see that it's pulling up IP addresses for each of those subdomains that we found or hosts

312
00:29:27,950 --> 00:29:32,330
rather pardon me.

313
00:29:32,390 --> 00:29:37,630
So now if we do show hosts Well there we go.

314
00:29:37,630 --> 00:29:44,620
We now have all of these IP addresses included in our database.

315
00:29:44,630 --> 00:29:48,380
So now let's go ahead and fill in the rest of those blanks.

316
00:29:48,380 --> 00:29:49,920
We have the IP address.

317
00:29:49,940 --> 00:29:53,700
Let's find out where on earth that corresponds to.

318
00:29:53,960 --> 00:29:55,450
There's a useful module for this.

319
00:29:55,460 --> 00:30:07,410
We'll use free geo ip and if we do show info you can see that it uses IP addresses as the input since

320
00:30:07,410 --> 00:30:10,290
we already have that in our database.

321
00:30:10,290 --> 00:30:12,530
All we need to do is type run.

322
00:30:12,900 --> 00:30:18,840
And again you could set this individually if you wanted to limit your results to a single IP address

323
00:30:19,250 --> 00:30:23,780
you would use the set command here and just simply use a single IP.

324
00:30:23,790 --> 00:30:38,870
But we're gonna go ahead and check them all and now it's pulling up location data.

325
00:30:38,900 --> 00:30:46,530
Now if we do show hosts again while our table has become a little bit muddled and that will happen we

326
00:30:46,530 --> 00:30:47,840
can make this pretty later.

327
00:30:47,850 --> 00:30:48,450
Don't worry.

328
00:30:48,450 --> 00:31:00,230
But for right now we can see that almost all of these produced a result we have the location country

329
00:31:00,350 --> 00:31:01,820
latitude longitude

330
00:31:06,010 --> 00:31:11,500
hopefully this example gives you an idea of how you develop information about your target.

331
00:31:11,860 --> 00:31:17,260
The more information you uncover the bigger your databases become more your subsequent usage of various

332
00:31:17,260 --> 00:31:23,590
modules will uncover so it may seem tedious at first starting with just a small amount of information

333
00:31:23,590 --> 00:31:30,130
like but like a row of falling dominoes one thing leads to another pretty quickly and pretty soon your

334
00:31:30,130 --> 00:31:36,130
search will blossom into a large trove of information before even before you know it they'll have a

335
00:31:36,130 --> 00:31:43,030
huge picture of the activities of your target locations habits all of this data is coming without having

336
00:31:43,030 --> 00:31:46,980
to set foot on their property or sending any packets to their servers.

337
00:31:46,990 --> 00:31:52,910
It's all open source so let's take a look at the other tables in the database.

338
00:31:52,910 --> 00:32:03,110
The locations if we do a quick show locations we can see that it currently does not have any data.

339
00:32:04,560 --> 00:32:10,440
One of the other modules we want to use is the reverse geo code using the latitude and longitude that

340
00:32:10,440 --> 00:32:12,550
we have already obtained.

341
00:32:12,600 --> 00:32:17,400
So the module that we were going to use for this is called

342
00:32:19,750 --> 00:32:22,230
reverse geo code

343
00:32:25,360 --> 00:32:32,840
where you show info you can see that it needs latitude and longitude which we already have.

344
00:32:32,890 --> 00:32:38,240
I think we need to add them individually for this one but let's go ahead and try running it first.

345
00:32:38,260 --> 00:32:40,210
This may not work.

346
00:32:40,210 --> 00:32:46,480
Yeah it has to be added individually some modules will not automatically check your database if you

347
00:32:46,480 --> 00:32:47,960
get an error like this.

348
00:32:48,160 --> 00:32:54,520
You will have to add the individual pieces of information to the module.

349
00:32:54,640 --> 00:32:57,200
It's just the way the module is designed.

350
00:32:57,400 --> 00:33:04,300
So we're going to add some of these two are locations table so we do add locations.

351
00:33:06,170 --> 00:33:08,570
And I'm just going to do one of these to start out with.

352
00:33:08,570 --> 00:33:10,970
We're going to do our latitude.

353
00:33:10,970 --> 00:33:12,430
We will copy it.

354
00:33:15,140 --> 00:33:16,280
And paste

355
00:33:19,100 --> 00:33:23,180
and now we're going to do our longitude.

356
00:33:23,300 --> 00:33:25,280
Same deal copy

357
00:33:29,050 --> 00:33:30,670
paste.

358
00:33:30,670 --> 00:33:32,490
We don't have the street address yet.

359
00:33:32,500 --> 00:33:35,530
That's what we're trying to find out so we're gonna leave this blank.

360
00:33:35,540 --> 00:33:39,770
We'll just press enter and now we're gonna go ahead and run it.

361
00:33:44,870 --> 00:33:45,390
OK.

362
00:33:45,460 --> 00:33:51,610
Show hosts I'm sorry show locations.

363
00:33:51,610 --> 00:33:52,730
And there we go.

364
00:33:52,730 --> 00:33:57,770
Now we have an actual street address to go with that information so as you can see this is pretty easy

365
00:33:57,770 --> 00:33:59,020
sometimes.

366
00:33:59,900 --> 00:34:06,380
These modules will not pull up the relevant information I actually had that happen during a previous

367
00:34:06,380 --> 00:34:13,400
attempt to record this class where a couple of these a latitude and longitude just simply did not produce

368
00:34:13,400 --> 00:34:16,340
a result and that was simply a failure of the module.

369
00:34:16,430 --> 00:34:20,150
But in the vast majority of cases you will get information back.

370
00:34:20,150 --> 00:34:21,940
So just be patient.

371
00:34:21,950 --> 00:34:25,190
Keep trying it does occasionally take multiple tries.

372
00:34:25,190 --> 00:34:28,940
If a module fails it doesn't hurt to run it twice.

373
00:34:28,940 --> 00:34:31,930
I've actually had it succeed on a second attempt.

374
00:34:32,030 --> 00:34:37,850
So here we go all the basic information we were looking for.

375
00:34:37,850 --> 00:34:38,300
All right.

376
00:34:39,140 --> 00:34:43,110
So the next table we're going to look at is called push pins.

377
00:34:43,160 --> 00:34:49,220
This is one of the more fun aspects of recon and gee it's also one of the creepier aspects of recon

378
00:34:49,250 --> 00:34:57,540
energy and open source intelligence in general and you'll see why shortly with push pins Well we can

379
00:34:57,540 --> 00:35:06,340
collect data from sites like flicker YouTube Instagram and we can actually put that info up on a map.

380
00:35:06,570 --> 00:35:15,210
For example if you use push pin module for flicker it will connect to flicker using the GOP data that

381
00:35:15,210 --> 00:35:21,990
we have already obtained and pull down any photos related to that particular location within a certain

382
00:35:21,990 --> 00:35:23,490
radius of it.

383
00:35:23,610 --> 00:35:27,190
It will take the data and plot it out for you on the map.

384
00:35:27,380 --> 00:35:28,530
So we'll show you what I mean.

385
00:35:28,530 --> 00:35:32,670
We're going to go ahead and we're going to use flicker

386
00:35:35,340 --> 00:35:42,450
and we'll do show info you can see that it requires inputs from latitude and longitude which we have

387
00:35:42,510 --> 00:35:44,670
already input it.

388
00:35:44,760 --> 00:35:49,700
We could put in more but that would result in a lot of options and it would take a lot of time.

389
00:35:49,700 --> 00:35:56,780
So for simplicity's sake we're just going to use the one set of coordinates and now we're just going

390
00:35:56,780 --> 00:35:59,040
to go ahead and we're going to run this module

391
00:36:03,030 --> 00:36:11,970
and we can see that it's finding a lot of photographs that are associated with this set of coordinates

392
00:36:12,390 --> 00:36:17,880
and this number would be a great deal more if we were using all of the coordinates that we had pulled

393
00:36:17,880 --> 00:36:18,480
up.

394
00:36:18,690 --> 00:36:23,760
And it's true that not all of these would be relevant and I should also mention that this is being done

395
00:36:23,760 --> 00:36:28,750
through the API key that we entered for flicker worked 1000 photos already.

396
00:36:28,920 --> 00:36:34,920
As you can see this takes some time and if you're using a lot of locations it will take even longer.

397
00:36:34,920 --> 00:36:45,650
It's generally best to keep your search somewhat narrow if you include many disparate locations your

398
00:36:45,650 --> 00:36:49,440
map information is going to be a jumbled mess.

399
00:36:49,440 --> 00:36:56,740
I'm actually going to go ahead and make a pause to the video once we get up to about a foul 3000 photographs

400
00:36:58,970 --> 00:37:04,580
just in the interest of not taking up too much time with this process.

401
00:37:04,580 --> 00:37:05,420
OK.

402
00:37:05,450 --> 00:37:15,530
Well four thousand two hundred and six total push pins were found or thirty three thousand two hundred

403
00:37:15,530 --> 00:37:24,160
and fifty photos Yeah I am I will say that you won't normally find this many from a search.

404
00:37:24,160 --> 00:37:33,230
And the reason this number is so high is because Disney in any case this will certainly do for an example.

405
00:37:33,280 --> 00:37:38,890
So now that we have the data let's go ahead and run one of the reporting modules and see what it looks

406
00:37:38,890 --> 00:37:42,290
like when everything is nicely plotted out on a map.

407
00:37:42,310 --> 00:37:43,180
So

408
00:37:46,660 --> 00:37:55,060
let's go ahead and use reporting push pen show options

409
00:37:58,170 --> 00:38:04,800
so we're going to narrow down our search a bit more by getting specific latitude and longitude that

410
00:38:04,800 --> 00:38:06,120
we used for

411
00:38:09,190 --> 00:38:10,780
just this location

412
00:38:13,280 --> 00:38:16,910
set latitude

413
00:38:23,320 --> 00:38:25,510
we can copy and paste

414
00:38:28,660 --> 00:38:32,540
set the longitude.

415
00:38:32,590 --> 00:38:36,000
Pardon me for being imprecise

416
00:38:50,400 --> 00:38:57,720
and now we don't want to come up with an excessive number of results because we got a lot of push pens

417
00:38:58,230 --> 00:39:04,320
from this search and once again you will not find so many in the vast majority of cases only with very

418
00:39:04,320 --> 00:39:09,870
large corporations such as Disney would you tend to find so many push pens.

419
00:39:09,870 --> 00:39:18,660
So we're going to set the radius of our search to one and that will narrow down the results to the specific

420
00:39:18,660 --> 00:39:23,160
area on the map and now we're gonna go ahead and run it.

421
00:39:26,180 --> 00:39:28,630
Now it's going to open our browser window.

422
00:39:28,630 --> 00:39:31,630
And forgive me that this is excessively slow sometimes.

423
00:39:31,630 --> 00:39:38,860
This module is very slow to assemble a map particularly with so many different push pin results and

424
00:39:38,860 --> 00:39:43,110
photographs to plot so it's creating the map.

425
00:39:43,110 --> 00:39:47,600
Now it should just take a moment and here we go.

426
00:39:47,630 --> 00:39:50,230
We can see that all the data has been plotted out on the map.

427
00:39:51,800 --> 00:39:55,960
Two different windows that go with this particular module.

428
00:39:56,000 --> 00:39:57,770
This is the media reporting.

429
00:39:57,770 --> 00:40:04,800
You can scroll down this list and see the individual entries and there's the push pins map.

430
00:40:04,980 --> 00:40:07,680
And this is the radius that we set radius 1.

431
00:40:07,680 --> 00:40:11,520
So everything within this radius is relevant to our search.

432
00:40:11,520 --> 00:40:14,990
Now again you won't get this many results.

433
00:40:15,000 --> 00:40:21,290
I chose Disney and that's why we're seeing so many different geo tags.

434
00:40:21,510 --> 00:40:24,930
A smaller company will definitely have more focused results.

435
00:40:24,930 --> 00:40:28,860
And this is what I meant earlier when I said this is kind of creepy because if you know what you're

436
00:40:28,860 --> 00:40:33,430
doing you can actually track people down like this.

437
00:40:33,540 --> 00:40:42,180
You can see in essence where they've been where they took a particular photo.

438
00:40:42,460 --> 00:40:45,880
You can track their patterns and their movements.

439
00:40:45,880 --> 00:40:49,730
And this is the way the Internet in the way of open source intelligence gathering.

440
00:40:49,960 --> 00:40:56,290
People are just not careful about what they post online and they're not sensible about what information

441
00:40:56,290 --> 00:41:02,920
might be included with those posts even geo tags for simple photographs.

442
00:41:02,980 --> 00:41:13,350
And of course we could click on individual pins and get more information but you get the general idea.

443
00:41:13,510 --> 00:41:20,410
Also this module that we're using was just limited to flicker but if we included for example the Instagram

444
00:41:20,410 --> 00:41:28,480
module this would be also included down here and we could uncheck a particular module in this case flicker

445
00:41:28,490 --> 00:41:35,470
tune again get rid of all of the plotted results for that module to help narrow things down further.

446
00:41:35,470 --> 00:41:40,900
And so as you can see there is a wealth of information that can be pulled up with recon energy and like

447
00:41:40,900 --> 00:41:42,520
the multi go tutorial.

448
00:41:42,520 --> 00:41:48,190
This is really just scratching the surface of what you can do if you practice and play around with this

449
00:41:48,190 --> 00:41:48,690
tool.

450
00:41:48,700 --> 00:41:54,900
I guarantee you'll be able to pull up far more information than this and all of this is open source.

451
00:41:54,910 --> 00:41:56,260
It's free.

452
00:41:56,380 --> 00:41:58,540
It's nicely organized for you.

453
00:41:58,540 --> 00:42:05,380
And as you play around with the various modules you'll be able to find ultimately almost any piece of

454
00:42:05,380 --> 00:42:09,700
information that you might be looking for on either a person or a company.

455
00:42:09,700 --> 00:42:10,840
It's all out there.

456
00:42:10,840 --> 00:42:18,080
So I'm going to close this for the moment and the last aspect of recon energy I want to touch upon before

457
00:42:18,080 --> 00:42:24,280
I close out this introduction is the use of snapshots snapshots.

458
00:42:24,320 --> 00:42:28,980
Essentially let you take a quick backup of your current workspace.

459
00:42:29,030 --> 00:42:32,300
You can then restore from a snapshot if you need to.

460
00:42:32,300 --> 00:42:37,610
So let's say for example that you've gathered a lot of data and now you want to run a new experimental

461
00:42:37,610 --> 00:42:40,420
module that you've never run before.

462
00:42:40,430 --> 00:42:44,900
This module might corrupt your database with a lot of useless junk.

463
00:42:44,960 --> 00:42:51,320
So before you run that you might want to take a snapshot of your current workspace and backup all your

464
00:42:51,320 --> 00:42:55,910
databases very quickly so that you can revert back if anything goes wrong.

465
00:42:57,260 --> 00:43:00,290
So help snapshots

466
00:43:09,380 --> 00:43:18,030
sorry need to be in the right context menu help snapshots gives us our arguments.

467
00:43:18,030 --> 00:43:21,540
So we're gonna do snapshots list.

468
00:43:21,540 --> 00:43:34,020
We don't have any yet no notice workspaces no snapshots so snapshots take if we list

469
00:43:40,420 --> 00:43:40,850
sorry.

470
00:43:44,070 --> 00:43:48,840
We can see that we now have one that we could load up if we needed to

471
00:44:06,200 --> 00:44:08,320
and it's as easy as that.

472
00:44:08,510 --> 00:44:14,870
And you can take multiple snapshots throughout a reconnaissance project all for the same workspace if

473
00:44:14,870 --> 00:44:22,280
at any point you find that a particular search has given new york databases an influx of completely

474
00:44:22,280 --> 00:44:27,410
irrelevant information which can happen which is then cluttering up your searches.

475
00:44:27,410 --> 00:44:34,250
It's very easy to revert back without having to start the entire process over again in a new workspace

476
00:44:34,580 --> 00:44:39,440
or having to edit your databases which let's face it can be quite painful.

477
00:44:41,320 --> 00:44:46,930
Before I close out this section of the tutorial though I'd like to show you what you can do with all

478
00:44:46,930 --> 00:44:47,580
of this data.

479
00:44:47,620 --> 00:44:54,700
Once you've assembled it so it's actually very easy to take all of this disparate information and assemble

480
00:44:54,700 --> 00:44:59,460
it into a a nicely readable format.

481
00:44:59,500 --> 00:45:04,480
So what we're gonna do is we're gonna use one of the many reporting modules that comes with recon energy

482
00:45:04,480 --> 00:45:06,810
and this will assemble all of that data for you.

483
00:45:06,810 --> 00:45:15,960
So let's go ahead and first off show and launch rules reporting we have quite a few choices.

484
00:45:16,060 --> 00:45:25,470
I'm going to use the H Tam l version use reporting punched in the mouth and now we're gonna do show

485
00:45:25,560 --> 00:45:39,220
options so we're gonna set it creator to Udemy the customer student.

486
00:45:39,810 --> 00:45:46,470
And as you notice the file name is the path where the report will be generated.

487
00:45:46,470 --> 00:45:53,220
So in this case it would be placed in the work spaces folder that we've created under recon and G but

488
00:45:53,240 --> 00:45:56,820
I'm going to change that to the desktop set

489
00:45:59,180 --> 00:46:10,460
route desktop Disney dot HD PML and now we're gonna go ahead and run the reporting module and this is

490
00:46:10,460 --> 00:46:12,310
generated the report for us.

491
00:46:12,320 --> 00:46:21,310
So I'm going to minimize recon and G in here it is and then a double click this and this will open up

492
00:46:21,310 --> 00:46:27,530
the file in our web browser.

493
00:46:27,830 --> 00:46:29,060
And here we go.

494
00:46:29,060 --> 00:46:33,650
A nicely assembled report of all of the information that we've pulled up.

495
00:46:33,800 --> 00:46:40,130
Now of course we only ran a few of the modules that came with recon energy which is demonstrated in

496
00:46:40,130 --> 00:46:45,250
the summary here and in the categories that the report generated for us.

497
00:46:45,470 --> 00:46:54,380
So we can see from our search all of the hosts that we found their coordinates their locations the fact

498
00:46:54,380 --> 00:46:58,090
that we which which module we used

499
00:47:10,280 --> 00:47:13,700
we can see which domains we searched which in this case was only the one

500
00:47:16,780 --> 00:47:18,230
the locations that we pulled up

501
00:47:25,320 --> 00:47:29,310
and as you can see from the summary a great deal of information can be assembled.

502
00:47:29,410 --> 00:47:37,080
And this is of course what you're seeing is limited to the modules that came prepackaged with recon

503
00:47:37,080 --> 00:47:37,850
energy.

504
00:47:37,930 --> 00:47:45,580
I mentioned at the start of this tutorial that the Facebook and linked in modules are currently being

505
00:47:46,310 --> 00:47:50,230
recreated as it were as they had some problems.

506
00:47:50,260 --> 00:47:58,660
So with those modules in use as well as others you can generate a picture of your target.

507
00:47:58,670 --> 00:48:08,640
That would include all of the employees in a particular corporation how they interrelate their contacts

508
00:48:09,120 --> 00:48:15,210
their credentials and you can take this information and you can run it through other open source intelligence

509
00:48:15,210 --> 00:48:20,310
tools to see how individuals within a corporation interrelate.

510
00:48:20,340 --> 00:48:27,540
That's a very good use of multi go to see how the credentials linked to specific individuals and so

511
00:48:27,540 --> 00:48:28,000
forth.

512
00:48:28,710 --> 00:48:36,450
So really the sky is the limit in terms of what you can discover about corporations people really anything

513
00:48:36,450 --> 00:48:37,430
you can search for.

514
00:48:37,440 --> 00:48:44,990
And as you find more information you're able to refine the questions that you ask.

515
00:48:45,120 --> 00:48:46,400
And this is very important.

516
00:48:46,410 --> 00:48:52,890
If you look into something in a very general way you're likely to pull up a great deal of information

517
00:48:52,920 --> 00:48:55,380
and not a lot of it will be really useful.

518
00:48:55,380 --> 00:48:59,390
But as you assemble a picture you can focus your search.

519
00:48:59,460 --> 00:49:06,370
And by doing that you can really find out the inner details that you really want to know.

520
00:49:06,410 --> 00:49:12,720
So going to go ahead and close out of the reporting module for the moment and I'm going to show you

521
00:49:12,720 --> 00:49:22,480
one final tool of recon Angie and that is the ability to run scripts.

522
00:49:22,480 --> 00:49:29,800
So this script is very simple it's just a list of all the commands that you saw me run during the tutorial

523
00:49:30,700 --> 00:49:38,290
and you can actually load recon energy using this script or any other script that you write and it will

524
00:49:38,320 --> 00:49:46,000
automatically run through each of these steps one by one it can be very handy if you're conducting research

525
00:49:46,030 --> 00:49:54,160
against multiple different targets to have these scripts you just load an instance of recon energy with

526
00:49:54,160 --> 00:50:00,600
one script and then you can load another and all you would do is we might change the name of the workspace.

527
00:50:00,610 --> 00:50:05,070
So anyway it's a useful thing to know so I'll demonstrate it now.

528
00:50:07,170 --> 00:50:12,810
So to show this off we're in a fresh instance of recon energy and the command that we're looking for

529
00:50:12,810 --> 00:50:14,520
is called resource.

530
00:50:14,520 --> 00:50:23,670
So we're going to help resource in the root context menu and we can see that the resource command simply

531
00:50:23,670 --> 00:50:28,230
requires a file name in this case the path to the script that we want to run.

532
00:50:28,890 --> 00:50:36,470
So we're going to do resource groups desktop and I named it script and we press center

533
00:50:39,400 --> 00:50:44,650
and now it's going to run through all of the commands one by one that you saw me use throughout the

534
00:50:44,650 --> 00:50:46,750
course of this tutorial.

535
00:50:47,080 --> 00:50:49,540
And it's not really necessary to showcase all of this.

536
00:50:49,540 --> 00:50:50,800
You get the idea.

537
00:50:51,070 --> 00:50:56,260
And when this concludes a report will be generated on the desktop just as before.

538
00:50:56,260 --> 00:50:58,930
Because I told the script to do that.

539
00:50:58,930 --> 00:51:03,530
So it's not really necessary to showcase all of this is this is all something you've seen.

540
00:51:03,790 --> 00:51:06,390
So I will close out the tutorial here.

541
00:51:06,400 --> 00:51:12,040
I hope you enjoyed it and that you have a lot of success with recon Angie.

542
00:51:12,250 --> 00:51:12,700
Thank you.