Recon-ng

Recon-ng provides a powerful environment for web reconnaissance with a look and feel similar to the Metasploit Framework, reducing the learning curve. It includes 76 recon modules, 8 reporting modules, 2 import modules, 2 exploitation modules, and 2 discovery modules as shown in version 4.9.4. Designed exclusively for web-based open source reconnaissance, it is not intended for exploitation or social engineering, recommending Metasploit and Social Engineer Toolkit for those purposes.

The framework supports interactive use and command-line operation via recon-cli, as well as a web-based UI through recon-web. Modules like recon/domains-vulnerabilities/xssed query external sources such as xssed.com to identify domain vulnerabilities including XSS and redirects, reporting details like host, category, example URLs, references, and status (e.g., unfixed).

Use cases include searching for known vulnerabilities on target domains, gathering reconnaissance data into workspaces, and generating reports. It integrates convenience functions, interactive help, command completion, and a marketplace (configurable).

Recon-ng operates as a modular framework with a console interface where users load modules (e.g., recon/domains-vulnerabilities/xssed), set options like SOURCE (target domain), and run them. Modules interact with external sources like xssed.com to retrieve vulnerability data, storing results in a database for further use across recon, reporting, import, exploitation, and discovery modules. It supports workspace isolation, global and module-specific options, resource files for automation, and REST API via recon-web.