Download - Module Making in recon-ng
Micah Hoffman @WebBreacher
A beginner’s guide to contributing to an Open Source Project
Module Making in recon-ng
NovaHackers June 2013
Micah Hoffman @WebBreacher
Who am I?
Micah Hoffman - @WebBreacher Internal penetration tester Recon-ng module-maker SANS Mentor Appalachian Trail hiker
NovaHackers June 2013
Micah Hoffman @WebBreacher
The Setup
Wanted to learn a new language Needed a reason/direction Thought about contributing to some tool No coding experience Found recon-ng
Fit with my work tasks Fit with the programming language I use
(python) How do you contribute?
NovaHackers June 2013
Micah Hoffman @WebBreacher
Recon-ng (Highlights)
Language Python (2.7)
Code Management
Git (bitbucket.org)
Owner Tim Tomes - @LaNMaSteR53
Purpose Web Reconnaissance framework
NovaHackers June 2013
Micah Hoffman @WebBreacher
Code Management - git
Make account on bitbucket.org Fork recon-ng repository (copy into your
account) Set up your computer to work on the code
Python, IDE/Text Editor (syntax highlighting helps)
git Learn about git
Lotsa docs on Interwebs Fork, Clone, Pull, Add, Commit, Push, Branch
NovaHackers June 2013
Micah Hoffman @WebBreacher
What will the module do?
Generally the hardest part for me Get ideas:
Twitter, coworkers/friends, web sites you use Keep a log of ideas
Overall function of my module User enters information recon-ng retrieves data from site Parse response data for something Display
NovaHackers June 2013
Micah Hoffman @WebBreacher
Google IDs
Thought: Google Analytics and Google AdSense codes
are used on multiple sites Means that sites are related somehow
Same developers? Same maintainers? Same owners?
Simple Regexes to locate codes ["\'](UA-\d+)
["\'](pub-\d+)NovaHackers June 2013
Micah Hoffman @WebBreacher
Find a web app for lookups
NovaHackers June 2013
Micah Hoffman @WebBreacher
Look at response/results
NovaHackers June 2013
Micah Hoffman @WebBreacher
Results parse-able?
• Yes!• Regex: <div class="row"><a[^>]*>(.+?)</a>
NovaHackers June 2013
Micah Hoffman @WebBreacher
Make the module
RTFM – recon-ng https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Home
Examine other modules NovaHackers June 2013
Micah Hoffman @WebBreacher
The code
NovaHackers June 2013
Micah Hoffman @WebBreacher
The results
NovaHackers June 2013
Micah Hoffman @WebBreacher
Submission and Review
Git add/commit/push to your account Create a “pull” request to pull into tool’s main
trunk Module will be reviewed and commented on
Address issues/comments Resubmit Lather, rinse, repeat
Pull request accepted and merged Git clone the main branch Move to the next module
NovaHackers June 2013
Micah Hoffman @WebBreacher
Bonus: dev_diver
How about a module that takes a hacker/coder nym and checks coding sites for it?
Introducing dev_diver (not in recon-ng yet!)
Got the module…just need a hacker name
Volunteers?
NovaHackers June 2013
Micah Hoffman @WebBreacher
Thanks for volunteering Rob!
“mubix” it is!
NovaHackers June 2013
Micah Hoffman @WebBreacher
Bonus: dev_diver
7,946 photos
NovaHackers June 2013
Micah Hoffman @WebBreacher
http://webbreacher.blogspot.com/
Questions?
