This is a talk I gave at a NOVA Hackers (http://novahackers.blogspot.com/) meeting in June 2013 on how to make a recon-ng module. The idea was to show people interested in getting involved with an open source project that it isn't hard to do. I selected Tim Tomes' recon-ng (https://bitbucket.org/LaNMaSteR53/recon-ng) to contribute to but the underlying theme of going out and trying to get involved applies to most projects. Sure, you need some knowledge of programming but you'll find that within the Open Source community there are many people ready to help you learn and grow your skills.
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Module Making in recon-ng
1. A beginner’s guide to contributing to an
Open Source Project
Module Making in recon-ng
NovaHackers June 2013Micah Hoffman @WebBreacher
2. Who am I?
Micah Hoffman - @WebBreacher
Internal penetration tester
Recon-ng module-maker
SANS Mentor
Appalachian Trail hiker
NovaHackers June 2013Micah Hoffman @WebBreacher
3. The Setup
Wanted to learn a new language
Needed a reason/direction
Thought about contributing to some tool
No coding experience
Found recon-ng
Fit with my work tasks
Fit with the programming language I use (python)
How do you contribute?
NovaHackers June 2013Micah Hoffman @WebBreacher
4. Recon-ng (Highlights)
Language Python (2.7)
Code Management Git (bitbucket.org)
Owner Tim Tomes - @LaNMaSteR53
Purpose Web Reconnaissance
framework
NovaHackers June 2013Micah Hoffman @WebBreacher
5. Code Management - git
Make account on bitbucket.org
Fork recon-ng repository (copy into your
account)
Set up your computer to work on the code
Python, IDE/Text Editor (syntax highlighting
helps)
git
Learn about git
Lotsa docs on Interwebs
Fork, Clone, Pull, Add, Commit, Push, Branch
NovaHackers June 2013Micah Hoffman @WebBreacher
6. What will the module do?
Generally the hardest part for me
Get ideas:
Twitter, coworkers/friends, web sites you use
Keep a log of ideas
Overall function of my module
User enters information
recon-ng retrieves data from site
Parse response data for something
Display
NovaHackers June 2013Micah Hoffman @WebBreacher
7. Google IDs
Thought:
Google Analytics and Google AdSense codes are
used on multiple sites
Means that sites are related somehow
Same developers?
Same maintainers?
Same owners?
Simple Regexes to locate codes
["'](UA-d+)
["'](pub-d+)
NovaHackers June 2013Micah Hoffman @WebBreacher
8. Find a web app for lookups
NovaHackers June 2013Micah Hoffman @WebBreacher
11. Make the module
RTFM – recon-ng
https://bitbucket.org/LaNMaSteR53/recon-ng/wiki/Home
Examine other modules
NovaHackers June 2013Micah Hoffman @WebBreacher
14. Submission and Review
Git add/commit/push to your account
Create a “pull” request to pull into tool’s main
trunk
Module will be reviewed and commented on
Address issues/comments
Resubmit
Lather, rinse, repeat
Pull request accepted and merged
Git clone the main branch
Move to the next module
NovaHackers June 2013Micah Hoffman @WebBreacher
15. Bonus: dev_diver
How about a module that takes a
hacker/coder nym and checks coding sites
for it?
Introducing dev_diver (not in recon-ng yet!)
Got the module…just need a hacker name
Volunteers?
NovaHackers June 2013Micah Hoffman @WebBreacher