Metasploit  Part 4 recon passive information gathering

welcome back to are metasploit section so to-day we are going to use a few the auxiliary modules in a bit of recon using metasploit framework.

Fire up you terminal and type service PostgreSQL start then msfconsole

To know what modules are in the auxiliary section type search auxiliary


the module we are going to be using is called enum_dns
this module lets us get info on a domain using techniques like zone transfers,reveres IP look up etc …

so let’s get started
type this in to metasploit
use auxiliary/gather/enum_dns

then you wanna type info

now you wanna set the domain to get the dns forsake this I’m using and set the thread’s to 10
set domain
set threads 10

and last type run or exploit what ever one you want


this module is also good for sub domain brute forcing this can be handy in finding a new target with in a URL just put set enum_brt true and then set your word list or use a default up to you


this module is use to gain the public info of a company like the street address sector etc..
how to use this module
use auxiliary/gather/corp_watch_lookup_name
set company hackingarise
set limit 1

this will then show you all the public company info

Email collector

So moving on to the email collector this module is handy for phishing campaigns and brute force attacks

use auxiliary/gather/search_email_collector
set domain
set outfile root/Desktop/har-emails.txt
email collector

so this the end are passive information gathering section this was a short example of how to use metasploit for passive information gathering in the next we be doing active information gathering the were we be using things like arp sweep , port scanners etc.. so hope you enjoyed this and see you in the next one


Hi im the laughing man im a pentester and the owner of Hacking a rise

Leave a Reply