If you are on the offensive side, part of your strategy encompasses reconnaissance at some point. If you are on the defensive side, there is still reconnaissance to be done in order to see what is available about you. Well, a great tool to add to your tool bag is Recon-ng as it makes the recon process simple and seamless. An awesome feature of the program is Pushpin. Pushpin allows you to utilize APIs and grid coordinates in order to display any postings within a designated area. This capability is incredible and could be used for a number of reasons. In any case, a list of the currently released APIs can be found at https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide. In most cases, you will have to register with the site in which you are trying to get an API for. Some of the APIs include Twitter, YouTube, LinkedIn, and Instagram. Also, the program has a Metasploit type feel so if you are comfortable with that, you will do just fine. The source code can be found at https://bitbucket.org/LaNMaSteR53/recon-ng/src.
To give you a feel for how simple it is, I’ll walk through running the program with Twitter APIs and we will use the Georgia Dome in Atlanta as our area of interest. We will start at the point following installation.
1. Get the Twitter API key and API secret. In order to do so, you will need to create a new app first (https://dev.twitter.com/apps). Once the app is created, you will need to leave the screen up with the APIs on it as you will need them later.
2.Navigate to the recon-ng directory.
/opt/recon-ng$ ./recon-ng
3.Start Pushpin
recon-ng][default] > use pushpin
4. Input the APIs into the Recon-ng database.
[recon-ng][default] > keys add twitter_api XXXXXXXXX [recon-ng][default] > keys add twitter_secret XXXXXXXXXXXXXXXXXXXXXX
5. Let’s tell Pushpin the coordinates and radius we want to use. The radius is based on miles.
[recon-ng][default] > set LATITUDE 33.757828 [recon-ng][default] > set LONGITUDE -84.400378 [recon-ng][default] > set RADIUS 2
6.Let’s load the Twitter module
[recon-ng][default] > use pushpin/gather/twitter
7. Let’s take a second to make sure everything is good. When you run the command, you should see the latitude, longitude, and radius listed.
[recon-ng][default][twitter] > show options
8. Time to run the module
[recon-ng][default][twitter] > run
9. To view it, we will need to use the reporting module.
[recon-ng][default][twitter] > use reporting/pushpin
10. It’s always a good idea to show the options before executing a module. You should see the three things you seen the last time you ran it plus map_filename and media_filename.
[recon-ng][default][twitter] > show options
11. Now, let’s run it again to produce the report.
[recon-ng][default][twitter] > run
12. After it runs, your browser will display a page with a map depicting the location where the posts were sent. The green icon is the actual grid coordinate that you specified a few steps ago. The second page will display a list detailing the number of tweets the program collected and the user’s picture and post of which it collected. Below are pictures of both of the pages.
