Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 2: Modules, Data Flow, Naming Structure, API Keys

In this lesson, you’ll learn about: Mastering Recon-ng Module Operations, Data Flow, Naming Structure, API Integration & Session Automation 1. Understanding Module Functionality To operate any module correctly, analysts must inspect its requirements using:show info — displays the module’s:NameDescriptionRequired and optional inputsSource and destination database tablesThis command is essential before running any module because it defines what data the module needs and what data it will produce. 2. Data Flow and Interaction Recon-ng modules depend heavily on structured input/output flows:Modules read from specific database tables (e.g., domains, hosts)Then write results to other tables (e.g., contacts, repositories)Understanding this flow is critical for chaining modules efficiently. 3. Module Chaining and Dependency Modules are often dependent on data gathered by earlier modules. Examples:Use a domain enumeration module (e.g., google_site_web)→ populates the hosts tableThen run a discovery module (e.g., interesting_files)→ requires the hosts table to be populated to search for filesThis process is known as module chaining, forming a structured intelligence pipeline. 4. Database Querying Recon-ng allows advanced database searches:query command → perform SQL-like lookupsrun + SQL syntax → filter large datasetsExample use case:Retrieve contacts belonging to one domain instead of dumping the entire contacts table. This improves workflow efficiency when processing large OSINT datasets. 5. Module Configuration Modules can be customized using:set → assign a value (e.g., limit results, pick target subdomains)unset → remove the assigned valueModules also store collected artifacts (such as downloaded files) inside the workspace directory under the .recon-ng path. 6. Module Naming Structure Recon-ng organizes modules into logical categories such as:ReconnaissanceReportingImportDiscoveryThe naming scheme for Reconnaissance modules is especially important:Each module name reflects the source → destination flowExample: domains-hosts means “take domains and discover hosts”Common tables used include:companiescontactsdomainshostsnetblocksprofilesrepositoriesThis structure makes it easy to understand what each module does simply from its name. 7. API Key Management Some modules rely on external APIs (e.g., BuiltWith, Jigsaw). Key commands:keys add → configure an API keyshow keys → list all installed keysWithout keys, these modules will fail or return limited data. 8. Session Scripting & Automation Recon-ng supports automation to streamline repetitive assessments. Tools covered include: a. Command Recordingrecord start → begin recording commandsrecord stop → stop recordingRun recorded script using:recon-ng -r This allows you to reproduce actions automatically. b. Full Session Loggingspool → log everything output in the sessionUseful for audits, reporting, and compliance documentation.Summary This lesson teaches students how to:Understand module requirements (show info)Chain modules effectively using database-driven workflowsCustomize modules with set and unsetUse Recon-ng’s SQL-like querying for precise data extractionManage API keys for enhanced OSINT dataAutomate tasks using recording and spoolingMastering these concepts is essential for efficient Recon-ng usage in real-world penetration testing and intelligence operations.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy