DiscoverCyberCode AcademyCourse 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 3: Harvesting Data, Optimizing Contacts, Geolocation
Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 3: Harvesting Data, Optimizing Contacts, Geolocation

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 3: Harvesting Data, Optimizing Contacts, Geolocation

Update: 2025-11-17
Share

Description

In this lesson, you’ll learn about: Conducting a Multi‑Stage OSINT Campaign Using Recon‑ng 1. Initial Data Harvesting & Database Population The OSINT campaign begins by creating a dedicated workspace and planning the stages of information gathering. The first objective is to populate core database tables—contacts and hosts. Contact Gathering
  • whois_pocs module collects domain registration information, extracting email addresses and owner details.
  • PGP search modules identify additional contacts by searching for PGP keys associated with the target domain.
Host Discovery
  • bing_domain_web module scans the domain to enumerate subdomains and hostnames.
  • brute_hosts module brute‑forces common hostnames to uncover additional active hosts not found through search engines.
File Analysis
  • Once the hosts table is filled, the interesting_files module scans discovered hosts for publicly accessible files such as:
    • sitemap.xml
    • phpinfo.php
    • Test files
      These files may contain operational details useful for further analysis.
2. Contact Optimization & Breach Assessment This phase enhances collected contact data and checks whether employees or organizational accounts have been compromised. Email Construction Using Mangle
  • The mangle module builds complete email addresses using partial names and organizational naming patterns.
  • It combines first/last names with the domain to produce likely valid addresses.
Breach Monitoring Using HIBP
  • hibp_breach module checks if collected or constructed emails were exposed in known credential leaks.
  • hibp_paste module searches paste sites for leaked emails or credentials.
  • Any hits are stored in the credentials table for responsible reporting and remediation.
3. Geolocation of Target Servers This stage identifies the physical locations of the target’s online infrastructure. IP Resolution
  • The resolve module converts hostnames into IP addresses and updates host entries.
Geolocation
  • The free_geoip module geolocates IPs, revealing the server’s approximate city, region, and country.
  • Location details are appended to the host’s database record.
Shodan Integration (Optional)
  • When a Shodan API key is available:
    • Latitude/longitude data is used by the shodan module to gather additional OSINT such as services, banners, and exposed ports.
4. Comprehensive Software Stack Profiling The final stage performs a deep analysis of the technologies behind the target website. BuiltWith Technology Scan
  • The BuiltWith module identifies:
    • Web technologies (e.g., Apache, Nginx, Ubuntu)
    • Infrastructure providers (e.g., AWS)
    • Associated tools (jQuery, New Relic, Analytics services)
  • For large domains, the scan may return hundreds of data points, greatly enriching the OSINT profile.
Additional Discoveries
  • Administrative contacts
  • Social media integrations
  • CDN details
  • Heat‑mapping and analytics tools (e.g., Mouseflow)
  • Optimization platforms (e.g., Optimizely)
Summary By the end of this lesson, students understand how to conduct a complete OSINT workflow using Recon‑ng:
  • Populate key database tables
  • Form accurate contact and host profiles
  • Identify data breaches ethically
  • Geolocate infrastructure
  • Profile the full technology stack of a target domain
This staged approach reflects real-world ethical OSINT methodology and supports responsible security research.

You can listen and download our episodes for free on more than 10 different platforms:
https://linktr.ee/cybercode_academy
Comments 
In Channel
Course 11 - Mobile Forensics Fundamentals | Episode 1: Legal Authority, Acquisition Procedures, and Examiner Responsibilities

Course 11 - Mobile Forensics Fundamentals | Episode 1: Legal Authority, Acquisition Procedures, and Examiner Responsibilities

2025-11-2912:55

Course 10 - Network Security Fundamentals | Episode 7: Implementing Defense in Depth, Data Integrity, and Zero Trust

Course 10 - Network Security Fundamentals | Episode 7: Implementing Defense in Depth, Data Integrity, and Zero Trust

2025-11-2812:10

Course 10 - Network Security Fundamentals | Episode 6: Attack Mitigation, Vulnerability Assessment, and Penetration Testing

Course 10 - Network Security Fundamentals | Episode 6: Attack Mitigation, Vulnerability Assessment, and Penetration Testing

2025-11-2712:30

Course 10 - Network Security Fundamentals | Episode 5: Protecting and Hardening Network Endpoints: Concepts, Strategies, and Management

Course 10 - Network Security Fundamentals | Episode 5: Protecting and Hardening Network Endpoints: Concepts, Strategies, and Management

2025-11-2612:35

Course 10 - Network Security Fundamentals | Episode 4: VPNs, Tunneling, and Secure Remote Access Technologies

Course 10 - Network Security Fundamentals | Episode 4: VPNs, Tunneling, and Secure Remote Access Technologies

2025-11-2509:36

Course 10 - Network Security Fundamentals | Episode 3: Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS)

Course 10 - Network Security Fundamentals | Episode 3: Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS)

2025-11-2411:43

Course 10 - Network Security Fundamentals | Episode 2: Securing Wireless and Mobile Networks: Standards, Threats, and Best Practices

Course 10 - Network Security Fundamentals | Episode 2: Securing Wireless and Mobile Networks: Standards, Threats, and Best Practices

2025-11-2313:04

Course 10 - Network Security Fundamentals | Episode 1: Models, Security, Protocols, and IP Addressing

Course 10 - Network Security Fundamentals | Episode 1: Models, Security, Protocols, and IP Addressing

2025-11-2210:25

Course 9 - Internet of Things Security | Episode 3: IOT Security: Challenges, Vulnerabilities, and Real-World Cyber-Physical Attacks

Course 9 - Internet of Things Security | Episode 3: IOT Security: Challenges, Vulnerabilities, and Real-World Cyber-Physical Attacks

2025-11-2110:46

Course 9 - Internet of Things Security | Episode 2: UK Legislation, Data Privacy (GDPR), and Liability for Drones and Autonomous Vehicles

Course 9 - Internet of Things Security | Episode 2: UK Legislation, Data Privacy (GDPR), and Liability for Drones and Autonomous Vehicles

2025-11-2013:35

Course 9 - Internet of Things Security | Episode 1: Introduction to the IOT: Components, Architectures, Use Cases, and Security

Course 9 - Internet of Things Security | Episode 1: Introduction to the IOT: Components, Architectures, Use Cases, and Security

2025-11-1912:13

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 4: Recon-ng Results: Comprehensive Reporting Formats and Strategic

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 4: Recon-ng Results: Comprehensive Reporting Formats and Strategic

2025-11-1809:04

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 3: Harvesting Data, Optimizing Contacts, Geolocation

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 3: Harvesting Data, Optimizing Contacts, Geolocation

2025-11-1711:49

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 2: Modules, Data Flow, Naming Structure, API Keys

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 2: Modules, Data Flow, Naming Structure, API Keys

2025-11-1610:40

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 1: Recon-ng Installation, Shell Exploration and Data Management

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 1: Recon-ng Installation, Shell Exploration and Data Management

2025-11-1509:05

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 8: Phase 8: Collaboration, Maturity Models, and Strategic Planning

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 8: Phase 8: Collaboration, Maturity Models, and Strategic Planning

2025-11-1412:40

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 7: Incident Management, Operational Defense, and Continuous Security

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 7: Incident Management, Operational Defense, and Continuous Security

2025-11-1412:14

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 6: Secure Validation: A Comprehensive Look at Security Testing Methodolog

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 6: Secure Validation: A Comprehensive Look at Security Testing Methodolog

2025-11-1411:16

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 5: Hardening, DevSecOps Integration, Container Security and WAF

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 5: Hardening, DevSecOps Integration, Container Security and WAF

2025-11-1414:53

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 4: Integrating Secure Coding, Code Review, and Application Security Testi

Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 4: Integrating Secure Coding, Code Review, and Application Security Testi

2025-11-1410:48

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 3: Harvesting Data, Optimizing Contacts, Geolocation

Course 8 - Penetration Testing OSINT Gathering with Recon-ng | Episode 3: Harvesting Data, Optimizing Contacts, Geolocation

CyberCode Academy