Pushpin… Taking Reconnaissance to Another Level

If you are on the offensive side, part of your strategy encompasses reconnaissance at some point. If you are on the defensive side, there is still reconnaissance to be done in order to see what is available about you. Well, a great tool to add to your tool bag is Recon-ng as it makes the recon process simple and seamless. An awesome feature of the program is Pushpin. Pushpin allows you to utilize APIs and grid coordinates in order to display any postings within a designated area. This capability is incredible and could be used for a number of reasons. In any case, a list of the currently released APIs can be found at https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Usage%20Guide. In most cases, you will have to register with the site in which you are trying to get an API for. Some of the APIs include Twitter, YouTube, LinkedIn, and Instagram. Also, the program has a Metasploit type feel so if you are comfortable with that, you will do just fine. The source code can be found at https://bitbucket.org/LaNMaSteR53/recon-ng/src.

To give you a feel for how simple it is, I’ll walk through running the program with Twitter APIs and we will use the Georgia Dome in Atlanta as our area of interest. We will start at the point following installation.


1. Get the Twitter API key and API secret. In order to do so, you will need to create a new app first (https://dev.twitter.com/apps). Once the app is created, you will need to leave the screen up with the APIs on it as you will need them later.

2.Navigate to the recon-ng directory.

3.Start Pushpin

4. Input the APIs into the Recon-ng database.

5. Let’s tell Pushpin the coordinates and radius we want to use. The radius is based on miles.

6.Let’s load the Twitter module

7. Let’s take a second to make sure everything is good. When you run the command, you should see the latitude, longitude, and radius listed.

8. Time to run the module

9. To view it, we will need to use the reporting module.

10. It’s always a good idea to show the options before executing a module. You should see the three things you seen the last time you ran it plus map_filename and media_filename.

11. Now, let’s run it again to produce the report.

12. After it runs, your browser will display a page with a map depicting the location where the posts were sent. The green icon is the actual grid coordinate that you specified a few steps ago. The second page will display a list detailing the number of tweets the program collected and the user’s picture and post of which it collected. Below are pictures of both of the pages.