Tuesday, 24 January 2017

Recon-ng tutorial- 1 XSS Vulnerability (the first step for pen tester)

A powerful tool for information gathering with cool modules
Heyyo Whatsup guys

This is the first part tutorial on Recon-ng which covers basics.

Today we will be doing reconnaissance and find XSS vulnerability in a Website.

Some terminologies -

Reconnaissance - It is the process of gaining information of the target.

Note - 90% of time a hacker does information gathering, just 10% for exploiting. This can tell you how much it is important to know your target.


Information gathering - Exploring more about target which can lead us to vulnerabilities and exploits.

Recon-Ng - It is a tool in Kali Linux to perform penetration testing.

Requirements -

* Kali Linux

* A target

Steps and instructions - 

* Open your terminals and type in recon-ng

It will load slowly

You will get recon-ng user console

* At any time you can type "help" to know commands and usage

These are some commands which we can use.

Note - The commands are very much similar to METASPLOIT commands.

* Now we may want to see modules inside it. Type "show modules"

There are several modules available in this tool

The last time I saw it was 84 modules int-acted

What I like about this tool is that it uses various application programming interfaces (which we call API) to get us more info on target.

(Application program interface (API) is a set of routines, protocols, and tools for building software applications. An API specifies how software components should interact. Additionally, APIs are used when programming graphical user interface (GUI) components.)

For example this tool uses google, bing, instragram and others.

But you need to get API keys first.

Some keys are free and some you have to pay for.

With these keys you have unlimited access over this tool.

To see what keys it is using type in "show keys"

Here I have added a key to facebook API

If you want to add keys to the tool....

Say "keys add facebook_api 123456"

Here I have added a key to facebook api and he key is 123456

The key is added to the facebook api after hitting enter

If you wish to see the added key you can say "keys list" to watch the list again

Ok now we will move on.

We will use a module which do not require any key.

We will use a module which scans for XSS vulnerability.

XSS (Cross Site Scripting) - is a method where you can put malicious code inside a website for exploitation.

* Here in this tool there is a module called XSSposed.

We will use it by typing 

"use recon/domains-vulnerabilities/xssposed"

After entering this module we want to see the options which gives us the module setup info.

type - "show info"

There is nothing much to setup. We need to set up just the target website. 

It should show the source field empty for the first time when you use. I had already used it, so it is displaying the source with the target website that I had entered before.

To set the source or you can say the destination....

* Type "set source targetwebsite"

Here my target is www.hackthissite.org

After setting up the target we just need to hit "run"

Here it says no vulnerabilities found. That's because the site is well constructed. And is not vulnerable to XSS.

I have another site which is definitely i know is vulnerable to XSS.

Its actually a game site which gives us XSS vulnerable website to hack.

Ill set the source to that website and run the module again 


As you can see the red circle I have drawn in the above pic. It says it is vulnerable to XSS.

It also shows you the status which says 'unfixed'


This is a very neat tool when is comes to information and scanning.

I will be making more tuts on this subject.

Thank you guys for reading the tutorial.

You may want to see my other tutorials -

No comments:

Post a comment