Based on Recon-ng project.

This project includes some modules from multiple sources and projects such as Pentestly by @praetorian-inc. Modules without hyperlinks are my own. The main goal of this project is to make search with Recon-ng more useful, add alternative data sources and put all extra modules in one place.

Imports from nmap XML output. Module updates hosts and ports tables with the results.

Imports from theHarvester (by @laramies) XML output. Module updates contacts table with emails, found by theHarvester and tries to resolve name of contact:

[email protected] -> John Smith

[email protected] -> John D Smith

Additionaly, module updates hosts table with hosts and virtual hosts, found by theHarvester. If theHarvester resolved hostname to IP address, module adds them both. Otherwise, module adds only the hostname.

Import from SimplyEmail (by @killswitch-GUI) JSON output. Module updates contacts table with emails, found by SimplyEmail and tries to resolve name of contact.

Website: https://vk.com/dev

Finds employees by company name on vk.com. Module uses users.search method of VK API with company parameter to find all employees by company name.

Finds emails by company domain on vk.com in 1000 last posts. Module uses newsfeed.search method of VK API with q parameter to find email addresses by domain and tries to resolve name of contact.

Example

domain: mysite.com

search query: @mysite.com

Website: https://www.xing.com/

Finds hosts and open ports by org search operator using Shodan API. Updates hosts and ports tables with the results.

Module uses hacked-emails.com API to find compromised credentials. Website: http://hacked-emails.com/

Module works with VibeApp API which is the same as FullContact API. Module finds profiles. Website: http://vibeapp.co

Module scrapes email-format.com for emails and tries to resolve name of contact. Website: http://email-format.com

Module harvests emails using EmailHunter API and tries to resolve name of contact. Website: https://emailhunter.co/

Module scrapes hosts from Baidu Search Engine. Website: http://www.baidu.com/

Module uses ARIN API to search for netblocks and companies by IP address.

AXFR (DNS Zone Transfer)

MX record (Mail eXchanger)

SPF record (Sender Policy Framework)

Website: https://www.threatcrowd.org/

Searches for domains registered by same email address of registrant

Renamed module from standard repository

Website: https://censys.io/

Module searches for hosts and ports using autonomous_system.organization search filter. Updates the hosts and the ports tables with the results.

Module retrieves MX record for each domain using mx search filter and updates the hosts table with the results.

Module retrieves A record for each host using a search filter and updates the ports with the results.

Website: https://www.zoomeye.org/

Finds ports by IP address using ZoomEye API

Finds hosts and ports using ZoomEye API

Finds hosts by hostname using ZoomEye API

How to get access_token?

curl -XPOST https://api.zoomeye.org/user/login -d '{"username": "[email protected]", "password": "Pa55w0rd"}'

To solve the problem with keys file just add manualy these keys:

• zoomeye_key
• vibeapp_key
• vk_key
• emailhunter_key

• Fix domainbigdata modules
• Fix EmailHunter API endpoint and filename