This is a talk I gave at a NOVA Hackers (http://novahackers.blogspot.com/) meeting in June 2013 on how to make a recon-ng module. The idea was to show people interested in getting involved with an open source project that it isn't hard to do. I selected Tim Tomes' recon-ng (https://bitbucket.org/LaNMaSteR53/recon-ng) to contribute to but the underlying theme of going out and trying to get involved applies to most projects. Sure, you need some knowledge of programming but you'll find that within the Open Source community there are many people ready to help you learn and grow your skills.

1. A beginner’s guide to contributing to an
Open Source Project
Module Making in recon-ng
NovaHackers June 2013Micah Hoffman @WebBreacher

2. Who am I?
 Micah Hoffman - @WebBreacher
 Internal penetration tester
 Recon-ng module-maker
 SANS Mentor
 Appalachian Trail hiker
NovaHackers June 2013Micah Hoffman @WebBreacher

3. The Setup
 Wanted to learn a new language
 Needed a reason/direction
 Thought about contributing to some tool
 No coding experience
 Found recon-ng
 Fit with my work tasks
 Fit with the programming language I use (python)
 How do you contribute?
NovaHackers June 2013Micah Hoffman @WebBreacher

4. Recon-ng (Highlights)
Language Python (2.7)
Code Management Git (bitbucket.org)
Owner Tim Tomes - @LaNMaSteR53
Purpose Web Reconnaissance
framework
NovaHackers June 2013Micah Hoffman @WebBreacher

5. Code Management - git
 Make account on bitbucket.org
 Fork recon-ng repository (copy into your
account)
 Set up your computer to work on the code
 Python, IDE/Text Editor (syntax highlighting
helps)
 git
 Learn about git
 Lotsa docs on Interwebs
 Fork, Clone, Pull, Add, Commit, Push, Branch
NovaHackers June 2013Micah Hoffman @WebBreacher

6. What will the module do?
 Generally the hardest part for me
 Get ideas:
 Twitter, coworkers/friends, web sites you use
 Keep a log of ideas
 Overall function of my module
 User enters information
 recon-ng retrieves data from site
 Parse response data for something
 Display
NovaHackers June 2013Micah Hoffman @WebBreacher

7. Google IDs
 Thought:
 Google Analytics and Google AdSense codes are
used on multiple sites
 Means that sites are related somehow
 Same developers?
 Same maintainers?
 Same owners?
 Simple Regexes to locate codes
 ["'](UA-d+)
 ["'](pub-d+)
NovaHackers June 2013Micah Hoffman @WebBreacher

8. Find a web app for lookups
NovaHackers June 2013Micah Hoffman @WebBreacher

9. Look at response/results
NovaHackers June 2013Micah Hoffman @WebBreacher

10. Results parse-able?
• Yes!
• Regex: <div class="row"><a[^>]*>(.+?)</a>
NovaHackers June 2013Micah Hoffman @WebBreacher

11. Make the module
 RTFM – recon-ng
 https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Home
 Examine other modules
NovaHackers June 2013Micah Hoffman @WebBreacher

12. The code
NovaHackers June 2013Micah Hoffman @WebBreacher

13. The results
NovaHackers June 2013Micah Hoffman @WebBreacher

14. Submission and Review
 Git add/commit/push to your account
 Create a “pull” request to pull into tool’s main
trunk
 Module will be reviewed and commented on
 Address issues/comments
 Resubmit
 Lather, rinse, repeat
 Pull request accepted and merged
 Git clone the main branch

 Move to the next module
NovaHackers June 2013Micah Hoffman @WebBreacher

15. Bonus: dev_diver
 How about a module that takes a
hacker/coder nym and checks coding sites
for it?
 Introducing dev_diver (not in recon-ng yet!)
 Got the module…just need a hacker name
 Volunteers?
NovaHackers June 2013Micah Hoffman @WebBreacher

16. Thanks for volunteering Rob!
“mubix” it is!
NovaHackers June 2013Micah Hoffman @WebBreacher

17. Bonus: dev_diver
7,946 photos
NovaHackers June 2013Micah Hoffman @WebBreacher

18. Micah Hoffman @WebBreacher
http://webbreacher.blogspot.com/
Questions?