R3con1z3r is a free and open-source tool available on Github. R3con1z3 is one of the easiest and useful tools for performing reconnaissance on websites and web apps. The R3con1z3r tool is also available for Linux on Github. R3con1z3r is written in python language. You must have python language installed into your Kali Linux operating system. R3con1z3r provides a command-line interface that you can run on Kali Linux. This tool can be used to get information about our target(domain). We can target any domain using R3con1z3r. The interactive console of R3con1z3r provides a number of helpful features that are helpful for security researchers.
R3con1z3r is based on Open Source Intelligence (OSINT). R3con1z3r is also called a lightweight Web information-gathering tool. R3con1z3r is also used to find footprints of the target. In terms of security, footprints are called a collection of every possible information regarding the target. R3con1z3r has a number of unique features that make this tool a lightweight tool. R3con1z3r has built-in functionalities which include passive reconnaissance Whois Footprinting, DNS information, Nmap port scanner, HTTP header flag, Traceroute, Reverse Target and hyperlinks on a webpage. As this tool is a lightweight tool it generated output in HTML format after the input domain is given in the input field of the tool.
Features of R3con1z3:
- R3con1z3r is a free and open-source tool that is available on GitHub. You can go and download this tool from Github free of cost.
- R3con1z3r works and acts as a web application/website scanner. Its scans the website/web app and generated the output in HTML format.
- R3con1z3r is written in python language. You must have installed python in your Kali Linux operating system.
- R3con1z3r is a lightweight tool.
- R3con1z3r’s interactive console provides a number of helpful features.
- R3con1z3r is used for information gathering and vulnerability assessment of web applications.
- R3con1z3r is pronounced as recognizer.
- Using R3con1z3r footprinting can be conducted quickly.
- R3con1z3r has built-in functionalities such as HTTP header flag, Traceroute, Whois Footprinting, DNS information.
Uses of R3con1z3:
- For information gathering and vulnerability assessment.
- To identify footprinting.
- To get HTTP header information.
- To Find server information.
- To find routing information of the target.
- To find the information of DNS Server.
- To find vulnerabilities of closed and open ports of the target.
- To perform crawling on the target domain.
- To find hidden files on the target domain.
- To find hyperlinks to the domain target webpage.
Installation of R3con1z3r Tool
Step 1. Open your Kali Linux operating system. Move to desktop. Here you have to create a directory called R3con1z3. In this directory, you have to install the tool. To move to desktop use the following command.
cd Desktop
Step 2. Now you are on the desktop. Here you have to create directory R3con1z3. To create R3con1z3 directory use the following command.
Step 3. You have created a directory. Now use the following command to move into that directory.
cd R3con1z3
Step 4. Now you are in R3con1z3 directory. Now you have to install the pip command. Use the following command to install R3con1z3r.
sudo apt install pip
Step 5. The pip command is being installed into your system. Now to install the R3con1z3r tool use the following command.
pip install R3con1z3r
Step 6. The tool has been downloaded and installed into your system. This is the time to run the tool. To run the tool use the following command.
r3con1z3r
Example: Use the R3con1z3r tool and scan the website testphp.vulnweb.com and find out open-ports, header information, etc. First we need to set our target using the following command.
r3con1z3r -d testphp.vulnweb.com
We can see that here all the scanning has been completed and an HTML report has been generated. To view, the report uses the following command. To view the report. Go to the tool directory, and you will find the whole report.
This is the HTML file that you have to open, and you will find the following similar kind of results.
R3C0N1Z3R Report - [testphp.vulnweb.com] HTTP header information HTTP/1.1 200 OK Server: nginx/1.19.0 Date: Mon, 12 Apr 2021 10:55:12 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1 Content-Encoding: gzip Trace Route net/http: timeout awaiting response headers Whois Information This HTTP triggered function executed successfully. DNS server record A : 18.192.172.30 TXT : "google-site-verification:toEctYsulNIxgraKk7H3z58PCyz2IOCc36pIupEPmYQ" Starting Nmap 7.70 ( https://nmap.org ) at 2021-04-12 10:55 UTC Nmap scan report for testphp.vulnweb.com (18.192.172.30) Host is up (0.082s latency). rDNS record for 18.192.172.30: ec2-18-192-172-30.eu-central-1.compute.amazonaws.com PORT STATE SERVICE 21/tcp filtered ftp 22/tcp filtered ssh 23/tcp filtered telnet 80/tcp open http 110/tcp filtered pop3 143/tcp filtered imap 443/tcp filtered https 3389/tcp filtered ms-wbt-server Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds Website on the same server No DNS server records found for testphp.vulnweb.com Reverse IP Address antivirus1.vulnweb.com ec2-18-192-172-30.eu-central-1.compute.amazonaws.com odincovo.vulnweb.com testhtml5.vulnweb.com testphp.vulnweb.com tetphp.vulnweb.com virus.vulnweb.com viruswall.vulnweb.com vulnweb.com www.test.php.vulnweb.com www.virus.vulnweb.com www.vulnweb.com Page Links https://www.acunetix.com/ https://www.acunetix.com/vulnerability-scanner/ http://www.acunetix.com https://www.acunetix.com/vulnerability-scanner/php-security-scanner/ https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/ http://www.eclectasy.com/Fractal-Explorer/index.html http://www.acunetix.com
Example 2. Using recognizer to perform a full scan on a website to get details.
Once we set our target the tool will start full scanning of the target.