Hot Topics
Cross-Site Request Forgery (CSRF): Complete Guide to Understanding and Prevention Cross-Site Request Forgery (CSRF): Complete Guide to Understanding and Prevention
SQLMap advanced cheat sheet for SQL injection testing SQLMap Advanced Cheat Sheet
Top 10 Vulnerability Scanners in 2026: Comprehensive Security Guide
Ultimate Recon-ng Cheat Sheet
Ultimate theHarvester Cheat Sheet

Ultimate Recon-ng Cheat Sheet

Posted on by cybersamir

Ultimate Recon-ng Cheat Sheet

A full-featured Web Reconnaissance framework written in Python.

1. Start & Workspaces

Recon-ng organizes investigations into “Workspaces” to keep data separate.

Launch

Start the framework from the terminal.

$ recon-ng

Workspace Management

Always create a new workspace for a new client/target.

workspaces create company_name
workspaces list
workspaces load company_name

Add Seed Data

Add the initial target (domain) to the database.

db insert domains

(Then type the domain, e.g., target.com)

2. Marketplace

Recon-ng comes with no modules installed by default. You must fetch them from the marketplace.

Searching

marketplace search
marketplace search whois
marketplace search hackertarget

Installing

Install a specific module or all of them.

marketplace install recon/domains-hosts/hackertarget
marketplace install all
Pro Tip:

Run marketplace refresh occasionally to update the list of available modules.

3. API Keys

Many powerful modules (Shodan, Hunter.io, Github) require API keys to work.

List Keys

keys list

Add Key

keys add shodan_api [YOUR_API_KEY_HERE]
keys add hunter_io [YOUR_API_KEY_HERE]

Remove Key

keys remove shodan_api

4. Modules & Execution

The workflow: Load Module -> Set Options -> Run.

Load Module

Use tab completion to find paths easily.

modules load recon/domains-hosts/hackertarget

Show Info

See what the module does and what “Source” it requires.

info

Set Options

Typically, the SOURCE option defaults to “default” (the database), but you can override it.

options set SOURCE target.com

Run

run

Back

Return to main menu.

back

5. Database & Results

Recon-ng stores everything in a local database. Use show to view collected data.

Domains & Hosts

show domains
show hosts

People & Credentials

show contacts
show credentials

Schema

See all available tables.

show schema

Querying

You can run raw SQL queries if needed.

query SELECT * FROM hosts WHERE country LIKE ‘US’

6. Reporting

Export your findings into a readable format.

Load Reporting Module

modules load reporting/html

Configure & Run

options set FILENAME report.html
options set CREATOR “Your Name”
options set CUSTOMER “Target Company”
run
Other Formats:

You can also use reporting/csv, reporting/json, or reporting/xml.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts