A South Dakota-based penetration testing company called Black Hills Information Security has released Recon-ng, a Metasploit-like open source framework that automates web-based reconnaissance.
Written in Python, Recon-ng comes with a number of modules, including auxiliary modules which enhance the information that’s already stored in the database, contacts modules which harvest details about people associated with a certain company, and hosts modules that collect data on hosts associated with a given domain.
In addition, the output modules create usable forms of the data stored in the database.
By using PwnedList, the service which allows users to check if their accounts have been compromised, the framework allows experts to access hacker-stolen credentials as part of the penetration testing process.
This is possible because Recon-ng uses the Pwnedlist.com API to retrieve full credentials of compromised user accounts.
“This is the first open source framework that we know of that makes it easy for penetration testers to get access to hacker-stolen credentials for their clients in just a matter of seconds,” Steve Thomas, the co-founder of PwnedList told Softpedia.
“We've been using Pwnedlist through the Recon-ng framework over the past several months and it has drastically increased our efficiency and effectiveness during the penetration testing process,” said Tim Tomes, senior security analyst at Black Hills Information Security and author of Recon-ng.
“At times, we've had valid authentication credentials for a target environment without sending a single packet to the network.”
Thomas added, “We believe that with the increasing spread of data leaks over the past few years, hackers are making use of stolen credentials now more than ever, and we are going to see penetration testers using social networking and stolen credentials as a more integral part of their testing process.”
Here’s a video which shows Recon-ng in action: