kali 1、信息收集：recon-ng

recon-ng:既提供了被动扫描的功能、也提供了主动扫描的功能；特别是在收集子域名以及解析子域名的IP地址时.

1、打开recon-ng

①命令行输入：recon-ng ②菜单打开：【01-Information Gathering】【recon-ng】

2、recon-ng 网络侦测框架

输入help获取命令解释：

[recon-ng][default] > help

Commands (type [help|?] <topic>):
---------------------------------
back            退出当前上下文
dashboard       显示活动的摘要
db              与工作区数据库的接口
exit            退出框架
help            显示此菜单
index           创建一个模块索引(仅限dev)
keys            管理第三方资源凭据
marketplace     与模块市场的接口
modules         已安装模块的接口
options         管理当前上下文选项
pdb             启动Python调试器会话(仅限dev)
script          记录并执行命令脚本
shell           执行shell命令
show            显示各种框架项
snapshots       管理工作空间快照
spool           线轴输出到文件
workspaces      管理工作区

与模块市场的接口：目前kali并未内置模块，需要手动安装。并且需要科学上网
[recon-ng][default] > marketplace
Interfaces with the module marketplace
Usage: marketplace <info|install|refresh|remove|search> [...]
info 信息
install安装
refresh刷新
remove删除
search搜索

kali使用宿主机上网方式 a> proxychain4安装 基于 Kali 2022.3 版本进行讲解，默认安装模式下已经预装了 proxychains4 ，因此可以跳过此步骤。对于其他版本基于 Debian 的 Linux 发行版，可以通过如下命令安装软件包。 sudo apt-get install proxychains4 sudo vim /etc/proxychains4.conf 将 dynamic_chain 前面的 “#” 去掉，并在 strict_chain 前添加 “#” b> 来到文件尾部，sock4 开头的一行配置信息不用管，在其下方添加一行配置信息，格式如下： c> 保存退出并重启。 d> 使用命令启动要经过代理的应用。 proxychains4 firefox 此处引用：https://www.jianshu.com/p/7d52ea50b6f2

3、与模块市场的接口

\***刷新与市场的模块索引：marketplace refresh ***\
[recon-ng][default] > marketplace refresh
[proxychains] Dynamic chai... OK
[*] Marketplace index refreshed.

\** 查看信息：marketplace info ***\

\***搜索某一个模块信息是否安装：marketplace search ***\
[recon-ng][default] > marketplace search DNS Cache Snooper
[*] Searching module index for 'DNS Cache Snooper'...

  +--------------------------------------------------------------------------------------+
  |                  Path                 | Version |     Status    |  Updated   | D | K |
  +--------------------------------------------------------------------------------------+
  | discovery/info_disclosure/cache_snoop | 1.1     | not installed | 2020-10-13 |   |   |
  +--------------------------------------------------------------------------------------+

  D = Has dependencies. See info for details.
  K = Requires keys. See info for details.

\*** 下载安装该模块：marketplace install  ***\
[recon-ng][default] > marketplace install discovery/info_disclosure/cache_snoop
[proxychains]  OK
[*] Module installed: discovery/info_disclosure/cache_snoop
[*] Reloading modules...
[recon-ng][default] > marketplace search DNS Cache Snooper
[*] Searching module index for 'DNS Cache Snooper'...

  +----------------------------------------------------------------------------------+
  |                  Path                 | Version |   Status  |  Updated   | D | K |
  +----------------------------------------------------------------------------------+
  | discovery/info_disclosure/cache_snoop | 1.1     | installed | 2020-10-13 |   |   |
  +----------------------------------------------------------------------------------+

  D = Has dependencies. See info for details.
  K = Requires keys. See info for details.

\*** 查看你已安装模块信息  ***\
[recon-ng][default] > marketplace search

  +-----------------------------------------------------------------------------------------------+
  |                        Path                        | Version |   Status  |  Updated   | D | K |
  +-----------------------------------------------------------------------------------------------+
  | discovery/info_disclosure/cache_snoop              | 1.1     | installed | 2020-10-13 |   |   |
  | discovery/info_disclosure/interesting_files        | 1.2     | installed | 2021-10-04 |   |   |
  | exploitation/injection/command_injector            | 1.0     | installed | 2019-06-24 |   |   |
  | exploitation/injection/xpath_bruter                | 1.2     | installed | 2019-10-08 |   |   |
  | import/csv_file                                    | 1.1     | installed | 2019-08-09 |   |   |
  | import/list                                        | 1.1     | installed | 2019-06-24 |   |   |
  | import/masscan                                     | 1.0     | installed | 2020-04-07 |   |   |
  | import/nmap                                        | 1.1     | installed | 2020-10-06 |   |   |
  | recon/companies-contacts/bing_linkedin_cache       | 1.0     | installed | 2019-06-24 |   | * |
  | recon/companies-contacts/censys_email_address      | 2.0     | installed | 2021-05-11 | * | * |
  | recon/companies-contacts/pen                       | 1.1     | installed | 2019-10-15 |   |   |
  | reporting/xml                                      | 1.1     | installed | 2019-06-24 |   |   |
  +-----------------------------------------------------------------------------------------------+

  D = Has dependencies. See info for details.有依赖性。参见详细信息。
  K = Requires keys. See info for details.需要钥匙。参见详细信息。需要API信息

\***查看模块的作用：marketplace info <<path>|<prefix>|all> ***\
[recon-ng][default] > marketplace info shodan

  +---------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  | path          | recon/companies-multi/shodan_org
                  |
  | name          | Shodan IP Enumerator
                  |
  | author        | Austin Tipton (@hiEntropy404) & Ryan Hays (@_ryanhays)
                  |
  | version       | 1.1
                  |
  | last_updated  | 2020-07-01
                  |
  | description   | Harvests host and port information from the Shodan API by using the 'org' search operator. Updates the 'hosts' and 'ports' tables with the results. |
  | required_keys | ['shodan_api']
                  |
  | dependencies  | ['shodan']
                  |
  | files         | []
                  |
  | status        | installed
                  |

4、已安装模块的接口