Rekono combines other hacking tools and its results to execute complete pentesting processes against a target in an automated way. The findings obtained during the executions will be sent to the user via email or Telegram notifications and also can be imported in Defect-Dojo if an advanced vulnerability management is needed. Moreover, Rekono includes a Telegram bot that can be used to perform executions easily from anywhere and using any device.
Do you ever think about the steps that you follow when you start pentesting? Probably you start performing some OSINT tasks to gather public information about the target. Then, maybe you run hosts discovery and ports enumeration tools. When you know what the target exposes, you can execute more specific tools for each service, to get more information and maybe, some vulnerabilities. And finally, if you find the needed information, you will look for a public exploit to get you into the target machine. I know, I know, this is an utopic scenario, and in the most cases the vulnerabilities are found due to the pentester skills and not by scanning tools. But before using your skills, how many time do you spend trying to get as information as possible with hacking tools? Probably, too much.
Why not automate this process and focus on find vulnerabilities using your skills and the information that Rekono sends you?
The
Rekono
name comes from the Esperanto language where it means recon.
Rekono.mp4
Rekono.Bot.mp4
Rekono Desktop is a standalone app that can be easily installed and executed locally. Install it on Kali Linux with this command:
apt install rekono-kbx
If you are using Parrot OS, you can download the Debian package from the Rekono release:
wget https://github.com/pablosnt/rekono/releases/download/1.6.6/rekono-kbx_1.6.6_amd64.deb && dpkg -i rekono-kbx_1.6.6_amd64.deb || apt -f install -y
Default credentials are
rekono:rekono
. For security reasons, password should be changed the first time you access the account
Execute the following commands in the root directory of the project:
docker-compose build
docker-compose up -d --scale executions-worker=5
Go to https://127.0.0.1/
Default credentials are
rekono:rekono
. For security reasons, password should be changed the first time you access the account. Moreover default user details can be changed using environment variables.
The number of workers can be changed using
--scale
option. The number ofexecutions-worker
determines the number of tools that could be executed at the same time.
Check full documentation for more installation and configuration options, user guides, integrations, Rekono Desktop, Rekono Bot and Rekono CLI details.
Rekono supports the execution of this hacking tools:
- theHarvester
- EmailHarvester
- EmailFinder
- Nmap
- Sslscan
- SSLyze
- SSH Audit
- SMBMap
- Dirsearch
- Gobuster
- GitLeaks & GitDumper
- Log4j Scan
- Spring4Shell Scan
- CMSeeK
- OWASP JoomScan
- OWASP ZAP
- Nikto
- Nuclei
- SearchSploit
- Metasploit
Thanks to all the contributors of these amazing tools!
You can get support, ask questions, solve doubts or solve problems using:
Rekono is an open source project that we really love to maintain and it's absolutely our pleasure, but we would like to offer the possibility of supporting Rekono's development via donations. At the moment, the project only needs its maintainer's time to stay up to date with new features and fix bugs. However, in the future, it could need more expensive resources like hosting, new web pages for documentation, the inclusion of premium hacking tools, etc. With the help received from our supporters, Rekono will be able to grow fastly and have the resources that it deserves. Of course, you can use the donations just to appreciate our work. Thank you for your help!
The main differences between them are that BuyMeACoffe charges fees over each donation while Ko-fi doesn't and Ko-fi supports PayPal payments while BuyMeACoffe doesn't
Rekono is licensed under the GNU GENERAL PUBLIC LICENSE Version 3