pown-recon v2.112 releases: A powerful target reconnaissance framework
Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between different types of information which comes quite handy in many situations. Graph theory algorithms also help with diffing, searching, like finding the shortest path, and many more interesting tasks.
If installed globally as part of Pown.js invoke like this:
$ pown recon
Otherwise, install this module from the root of your project:
$ git clone https://github.com/pownjs/pown-recon.git $ npm install @pown/recon --save
Once done, invoke pown recon like this:
$ ./node_modules/.bin/pown-cli recon
pown-cli recon [options] <command>
pown-cli recon transform <transform> Perform inline transformation
pown-cli recon select <expression> Perform a selection [aliases: s]
pown-cli recon diff <fileA> <fileB> Perform a diff between two recon files
–version Show version number [boolean]
–modules, -m Load modules [string]
–help Show help [boolean]
- GitHub Search of Repos, Gists and Members
- Bitbucket Search of Repos, Snippets and Members
- CloudFlare 126.96.36.199 DNS API
- CRTSH (CN & SAN)
- DockerHub Repo Search
- Gravatar URLs
- Hacker Target Reverse IP Lookup
- Have I Been Pwned Lookup
- PKS Lookup
- Urlscan Live Shot
- Threatcrowd Lookup
- AWS IAM Pages
- Utility Transforms
- Security Trails
- Auto Recon
To demonstrate the power of Pown Recon and graph-based OSINT (Open Source Intelligence), let’s have a look at the following trivial example.
Let’s start by querying everyone who is a member of Google’s engineering team and contributes to their GitHub account.
pown recon t -w google.network ghlm google
This command will generate a table similar to this:
You just created your first network!
The representation is tabular for convenience but underneath we’ve got a model which consists of nodes connected by edges.
If you are wondering what that looks like you can use SecApps Recon. The command line does not have the necessary level of interactivity to present the complexity of graphs.
The -w google.network command line option exported the network to a file. You can load the file directly into SecApps Recon with the file open feature. The result will look like this:
Copyright (c) 2018 pownjs