Module Making in recon-ng


Published on

This is a talk I gave at a NOVA Hackers ( meeting in June 2013 on how to make a recon-ng module. The idea was to show people interested in getting involved with an open source project that it isn't hard to do. I selected Tim Tomes' recon-ng ( to contribute to but the underlying theme of going out and trying to get involved applies to most projects. Sure, you need some knowledge of programming but you'll find that within the Open Source community there are many people ready to help you learn and grow your skills.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Module Making in recon-ng

  1. 1. A beginner’s guide to contributing to anOpen Source ProjectModule Making in recon-ngNovaHackers June 2013Micah Hoffman @WebBreacher
  2. 2. Who am I? Micah Hoffman - @WebBreacher Internal penetration tester Recon-ng module-maker SANS Mentor Appalachian Trail hikerNovaHackers June 2013Micah Hoffman @WebBreacher
  3. 3. The Setup Wanted to learn a new language Needed a reason/direction Thought about contributing to some tool No coding experience Found recon-ng Fit with my work tasks Fit with the programming language I use (python) How do you contribute?NovaHackers June 2013Micah Hoffman @WebBreacher
  4. 4. Recon-ng (Highlights)Language Python (2.7)Code Management Git ( Tim Tomes - @LaNMaSteR53Purpose Web ReconnaissanceframeworkNovaHackers June 2013Micah Hoffman @WebBreacher
  5. 5. Code Management - git Make account on Fork recon-ng repository (copy into youraccount) Set up your computer to work on the code Python, IDE/Text Editor (syntax highlightinghelps) git Learn about git Lotsa docs on Interwebs Fork, Clone, Pull, Add, Commit, Push, BranchNovaHackers June 2013Micah Hoffman @WebBreacher
  6. 6. What will the module do? Generally the hardest part for me Get ideas: Twitter, coworkers/friends, web sites you use Keep a log of ideas Overall function of my module User enters information recon-ng retrieves data from site Parse response data for something DisplayNovaHackers June 2013Micah Hoffman @WebBreacher
  7. 7. Google IDs Thought: Google Analytics and Google AdSense codes areused on multiple sites Means that sites are related somehow Same developers? Same maintainers? Same owners? Simple Regexes to locate codes ["](UA-d+) ["](pub-d+)NovaHackers June 2013Micah Hoffman @WebBreacher
  8. 8. Find a web app for lookupsNovaHackers June 2013Micah Hoffman @WebBreacher
  9. 9. Look at response/resultsNovaHackers June 2013Micah Hoffman @WebBreacher
  10. 10. Results parse-able?• Yes!• Regex: <div class="row"><a[^>]*>(.+?)</a>NovaHackers June 2013Micah Hoffman @WebBreacher
  11. 11. Make the module RTFM – recon-ng Examine other modulesNovaHackers June 2013Micah Hoffman @WebBreacher
  12. 12. The codeNovaHackers June 2013Micah Hoffman @WebBreacher
  13. 13. The resultsNovaHackers June 2013Micah Hoffman @WebBreacher
  14. 14. Submission and Review Git add/commit/push to your account Create a “pull” request to pull into tool’s maintrunk Module will be reviewed and commented on Address issues/comments Resubmit Lather, rinse, repeat Pull request accepted and merged Git clone the main branch Move to the next moduleNovaHackers June 2013Micah Hoffman @WebBreacher
  15. 15. Bonus: dev_diver How about a module that takes ahacker/coder nym and checks coding sitesfor it? Introducing dev_diver (not in recon-ng yet!) Got the module…just need a hacker name Volunteers?NovaHackers June 2013Micah Hoffman @WebBreacher
  16. 16. Thanks for volunteering Rob!“mubix” it is!NovaHackers June 2013Micah Hoffman @WebBreacher
  17. 17. Bonus: dev_diver7,946 photosNovaHackers June 2013Micah Hoffman @WebBreacher
  18. 18. Micah Hoffman @WebBreacher