 Hello, everyone. I wanted to take a few moments today to talk about some of the newer features or more, I guess, troubling features of ReconNG, those that I've had questions about, those that people have expressed concerns about, and some that are just new and different than what you may be used to. Okay, so jump right in. Here you can see I'm at the interface of ReconNG. If you type in help here, you'll see that there's quite a few commands in there. Some of them are familiar to you. Some of them may not be, such as add, delete, workspaces, and we'll talk about some of those moving forward here in the next few minutes. So the first command I want to talk about is the workspaces command. So the workspaces command has been implemented to manage all aspects of the workspaces before I had the ability to just add them, and there wasn't, and show them, and list them, but there wasn't the ability to remove them, rename them, or do anything like that. So I've added this particular command to provide that functionality. If we type in workspaces here, and we tab complete, we see, or we just hit enter and look at the help, we see that there's a couple of options. We have the ability to list, add, delete, and select our workspaces. So list is the same as it's always been, same as the show workspaces command. It's just going to show you the available workspaces that you have. And as you can see here, I've got quite just a couple of workspaces in there. The add, pretty much self-explanatory, workspace, add something, and you'll see that if we do workspaces list again, that you've added the workspace. And you also notice that it automatically switched over to that workspace. So by adding a workspace, you're automatically going to be also selecting it and moving into that workspace. Now deleting a workspace kind of works as the opposite. If we go to workspaces, delete something, you'll notice that we switched back to the default. So whenever you delete a workspace, obviously, if you're in that workspace, you can't continue to be there because none of that data will exist. It actually goes into the reconNG directory and removes that directory. So what it does is it tosses us back to that default workspace, which is okay. It's expected behavior. So if we go in here in workspaces and select, we notice tab complete, list all of our workspaces for us. We can pick a workspace and we're in and we'll just stick with the default for now. So that's pretty much workspaces. Now I have left a couple of alias commands built into the show command. We're going to talk about show command more here in just a second. But if you go into show workspaces, it pretty much gives you the same output as workspaces list. It is essentially an alias there. So you've got a couple of different places where you can get that information for those of you that are used to using the previous command. So this show command, what is show all about? Well, those of you that have been using the framework for any period of time know that the show command is where just about everything is, probably the most common command you'll use within the framework. So if we do show and we hit enter, you'll see that there's a lot of different options here. It's probably better seen using tab complete. So if we take a look at this, you can look at the banner and you've got a bunch of different options in here, things like dashboard. Those of you should be familiar with dashboard. It kind of shows you a summary of everything you've done. But what are all these other things in here? Well, the show command basically creates, it automatically creates a query that selects all the records from each of the tables stored in the database. So anytime you add a table here or for all the tables that are built into the database, they automatically have a command associated with them that allows you to see all of that information. So here if we do say show hosts, we'll see that no data returned because there's no host in there. That's fine to be expected to this point. But that pretty much is a query that says select star from hosts and it'll dump all the hosts to the screen. So this is kind of handy. These will automatically be created anytime a table gets added to the database by a particular module or if one gets added or deleted in some other form or fashion. So one of the reasons I bring this up is because I saw a lot of folks that are actually using the query command to get that type of information. Now obviously you can definitely do that. If we go here and we say query select star from hosts, we're going to see if we get no data returned. That is one way to actually get the information from the host table, but I've made it so much easier for you by just using the show host command. However, that query command will come in use. The framework is heavily data-driven by the backend database. And so you're going to want to be able to interact with that database in this query command is when you do that. You can not only run select statements, but you can insert, update, drop tables, do all kinds of stuff. You have unrestricted access to the database through the query command and that will come in use for those of you that are power users of the framework itself. So if you look at some other sub-commands of show, obviously we see the options. And many of you are familiar with the options command, but I want to take a look at the global options to show you some of the things that have changed. So if we do a show options at the global context level here, you'll see that there are no longer domains, company names, latitude, longitude, any of that information. And I'll talk about that here in a second after I discuss some of the new ones. Some of the new ones you'll see here, actually the only new one you'll see here, actually two of them, are store tables. So basically the framework now has the built-in capability that any time a module creates a table that's for you to see and ask a table on the screen, if you have this set to true and the developer hasn't overridden this, then it will automatically store that table to the database for you to view that data at a later time. It's a very handy feature for those that want to store all of that information that they're seeing and not just the information that the module developer has chosen to store in one of the one of the existing database tables. So that's kind of a nice feature. I've also got to the point where there are a lot of DNS related modules. And so I've created a rather than having to manually put in a different name server or every single one of those modules, I've created this global option so that you can set it once and it gets inherited by all of the sub modules. This name server does not have to be a name server for the target organization. This is a name server that the DNS modules will attempt to query through. Now if you want to focus on specifically a name server at the target environment, of course you can set that within the module itself and we'll talk about that moving forward too. So where did all this stuff go? Where is our domains? Where is our company names? Where are our locations? How do we set this stuff? Well I had gotten to the point where the framework had grown enough to where it was powerful and I was getting feature requests and myself personally was wanting to use it against multiple companies with multiple domains or companies that may have multiple names for different business units. I wanted to have multiple inputs rather than just of the static ones or the individual ones that you could label in the global options. And so I spent a lot of time thinking about this and the best way I could come up to do this was to push everything down into the database. And this allows for a couple of things. Number one, it does allow for those multiple inputs but it also kind of takes the framework into a new area in that now we're not just limited to domains, companies and locations, this input. Now everything in the database can become an input for another module. So essentially now we have this new idea of the transformation of data which is very, very much very similar to Maltigo's approach. Any piece of data in the database can be transformed to another one. And so that becomes now greatly increases the power of the framework. So now we have to get data into the database in order to actually start leveraging it. But before we get into that I want to discuss briefly about the different sources of data or input for the modules because one of the concerns that when I initially started going down this path I said, you know what, I'm just going to make everything data-driven. You can't use anything outside the database if you want to use anything within the framework for the modules that's got to be in the database. But once I coded that up and started testing it I quickly came to the conclusion that I still wanted some flexibility. I still wanted the ability to use single entries. I still wanted the ability to use external files. And so basically what it's come down to is that each module when it's developed the developer assigns that module with a default query for the database. That becomes the default input for that module. So if you don't change anything, if you don't mess with the sources as you maneuver through the framework everything is going to work according to the database and what the developers of the modules have established are the default input from the database. However, if that query is provided by the developer in the module the framework will automatically create this source option at the module level which allows you to specify a file name such as a list of inputs. It'll allow you to specify a single entry. It'll allow you to specify a custom query if you want to pull data from a different piece of the database or just the default input. And I'll show you a little more about that here in just a moment. But with all these changes to the back end and how we actually prime the framework for harvesting data how do we actually get that information in there to initially start? Well you can use one of those alternative source options such as an external file but if you want to start with just the database I have added two commands. One is the add command and one is the delete command. So what do these commands do? Well if we type add we see the help here. It simply just adds records to the database and we can add records in a couple of different ways. We can type add in the name of the table and it'll take us into an interactive session. So let's try that now. So let's say add companies and you'll see that we're in an interactive session and the framework goes and it pulls all the columns from that particular table and says okay now I'm going to prompt the user for information for that columns. So for the company I can type in Visium and Description I you know main business unit hit enter and then it takes us back to the prompt. Now if we go to Show Companies you can see that I now have one in there. Now this is great for those that are used to working inside of the framework but for those people that like scripting the framework whether it's resources files or you can see a lot which I'll talk about in another video we want something that's a little bit more useful and so the add command has the ability to give the values within the as parameters to the add command delimited by a tilde. So let's add another company. Let's add companies and we'll say bhis tilde and we'll kind of give it the same thing just because I'm uncreated not very creative right now and we'll add it and we'll see there that added it we go to Show Companies and you can see that we now have two there. So there's two different ways to use the add command but that is the command that we now use to prime the database for future data harvesting. Now some folks will notice hey what's this row ID column I've never seen that before. Well row ID is is someone I guess you could call it an invisible column that SQLite automatically creates in every single database table to to keep a record or a reference to each row in every table. It is a unique ID it's not the default it's the default primary key if you don't create one but basically what I've done is I've created where the show command displays this row ID table for use with the delete command so now we've gone for a full circle back to the delete command. If we show delete and hit enter just to see the help you'll see that you have delete you can put the table name in and then you can here you have an option to specify a row ID. So just like the add command if I say delete companies and I don't give it a row ID it will actually prompt me for one and I can say two and then if I show companies I can see that it's been deleted or I can say delete companies and give the row ID and it's been deleted. So now we can interact with the database by adding and removing records from within the framework and this gives us the ability to now prime the framework so that our module or prime the database so that our modules have actual information to search for. Okay so I'm going to go ahead and add one of these back here. Did I miss it? We'll just use bhs that'll work. Okay so we should have a company in here so now we have so now we have a company we've primed our database maybe we've got a location in here maybe we've got a domain in here but we've primed the database with information. Now how do we use it? So let's go here and we look at show modules once again that show command is very important and you'll notice that the path to the modules has changed drastically and no longer references a protocol and never and no longer references you know whether it's coming from an API or whether it's coming from just web scraping resource but you'll notice here that it's got the table names within the path. Now basically what this means is is you have under recon you've got a module called jigsaw and that jigsaw takes some data from the company's table it acts on that particular piece of data and then it stores data to the contacts table and every single module is configured like this so we've got say the built with module it takes some information from the domains table probably the domain and then its output you get stored to the contacts table so we're harvesting contacts we're transforming domains into contacts with the built with module. Okay so now that we know that if we've got information in the database whether it be a company name or a domain and we know that we want to take that information and transform it into something well we can just search for the modules that allow us to do that so let's say search companies dash and what that's going to do is show us all of the modules that take companies as input and then create some sort of output from it in this particular case the only thing cut is you get to transform from companies or contacts but you kind of get adjusted now we're now we can start looking for information based on what we have well now how to say we're after contacts and we we have some data in the database but we're not necessarily interested in starting there we just have a target we want to get to we want to get to contacts well we can just simply search the database for dash contacts and now we see all of the modules that result in contacts and so now by searching and because of the way that we've we've reconfigured the module tree based on whether you based on whether you're looking for information from what you have or looking to transform into something else you can now search the search out the modules that work for you very very easily okay so a feature that's been there for for a little while that I that I want to that I want to talk about now is a feature called smart loading because I still I see a lot of people doing videos and demos on recon ng and talks and they just don't use this particular feature but I find it very very helpful and this is the feature of smart loading so you see we have this this module here called name check well name check is probably unique to this particular module so if we're going to load this particular module rather than go have to have to type this whole thing in copy and paste it or go through command completion and do all that we can literally just type in the text name check and if this text right here is unique to any one module on the framework it will load that module quite handy right so what if it doesn't do that say we say load pond if we say load pond and that text shows up in more than one module well it'll list all those modules for us so that we can either look for different unique text or we can just look for the of the full path copy and paste command complete whatever it is that we're going after so this smart loading feature is something that cuts down on the amount of time it takes to use the interactive framework it just makes it very very simpler and move maneuver around thank you Ethan Robish for this this was his idea fantastic feature and a feature that I think all console based frameworks should employ all right so let's go ahead and load this this name check actually it's not load name check let's load let's load just this jigsaw module right here all right so I said I wanted to show you uh I'll show you a little bit more about this source option at the module level so if we go and show it would show options at the module level which is most of you are pretty used to you can see here that we've got this company URL which is something unique to jigsaw but we also have this this source option and and many of you are used to seeing this in other in other modules in some modules but not all of them well now it exists in every single module that uses some sort of input from the database it is automatically created it's no longer something that has to be deliberately put there it's automatically created by the framework okay so this just says default so for for a first time user of the framework and we open this up we say source default we're only you know what does that mean what does default mean to me and you know even after you've seen this video you don't necessarily know what the input is right here I mean you could say it's companies but do we know what column from the company's table it is no we don't so if you do show info I have that info command at the module context you'll see it then let me clear the screen here so it's a little bit clearer you'll see that there's a lot more information here okay I'm sure you have the description about what it does you also have the option shown but then you have this source options block that was not there previously this is going to give us information about the available source options first of all what does default mean well here's what it means it gives us the exact query that the developer created as input for that particular module so here we know that this module uses the company column from the company's table as input by default we can also provide it a string we can provide it a path to a file containing a list of companies or we can give it a custom sequel query as a source input okay so that pretty much covers all the topics that I wanted that I wanted to talk about today in this particular video as always if you have any questions concerns feature requests whatever it is hit me up on twitter at landmaster 53 and also if you want to contribute to the framework check out recon ng or recon dash ng dot com and as always enjoy the framework thank you