Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.
All content for CyberCode Academy is the property of CyberCode Academy and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.
Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 2: Modules, Data Flow, Naming Structure, API Keys
CyberCode Academy
10 minutes
4 days ago
Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 2: Modules, Data Flow, Naming Structure, API Keys
In this lesson, you’ll learn about: Mastering Recon-ng Module Operations, Data Flow, Naming Structure, API Integration & Session Automation 1. Understanding Module Functionality To operate any module correctly, analysts must inspect its requirements using:
show info — displays the module’s:
Name
Description
Required and optional inputs
Source and destination database tables
This command is essential before running any module because it defines what data the module needs and what data it will produce. 2. Data Flow and Interaction Recon-ng modules depend heavily on structured input/output flows:
Modules read from specific database tables (e.g., domains, hosts)
Then write results to other tables (e.g., contacts, repositories)
Understanding this flow is critical for chaining modules efficiently. 3. Module Chaining and Dependency Modules are often dependent on data gathered by earlier modules. Examples:
Use a domain enumeration module (e.g., google_site_web) → populates the hosts table
Then run a discovery module (e.g., interesting_files) → requires the hosts table to be populated to search for files
This process is known as module chaining, forming a structured intelligence pipeline. 4. Database Querying Recon-ng allows advanced database searches:
query command → perform SQL-like lookups
run + SQL syntax → filter large datasets
Example use case: Retrieve contacts belonging to one domain instead of dumping the entire contacts table. This improves workflow efficiency when processing large OSINT datasets. 5. Module Configuration Modules can be customized using:
set → assign a value (e.g., limit results, pick target subdomains)
unset → remove the assigned value
Modules also store collected artifacts (such as downloaded files) inside the workspace directory under the .recon-ng path. 6. Module Naming Structure Recon-ng organizes modules into logical categories such as:
Reconnaissance
Reporting
Import
Discovery
The naming scheme for Reconnaissance modules is especially important:
Each module name reflects the source → destination flow
Example: domains-hosts means “take domains and discover hosts”
Common tables used include:
companies
contacts
domains
hosts
netblocks
profiles
repositories
This structure makes it easy to understand what each module does simply from its name. 7. API Key Management Some modules rely on external APIs (e.g., BuiltWith, Jigsaw). Key commands:
keys add → configure an API key
show keys → list all installed keys
Without keys, these modules will fail or return limited data. 8. Session Scripting & Automation Recon-ng supports automation to streamline repetitive assessments. Tools covered include: a. Command Recording
record start → begin recording commands
record stop → stop recording
Run recorded script using: recon-ng -r
This allows you to reproduce actions automatically. b. Full Session Logging
spool → log everything output in the session Useful for audits, reporting, and compliance documentation.
Summary This lesson teaches students how to:
Understand module requirements (show info)
Chain modules effectively using database-driven workflows
Customize modules with set and unset
Use Recon-ng’s SQL-like querying for...
CyberCode Academy
Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.
