Recon-ng: Profiler Module

My newest recon-ng module, “profiler”,  is going to really blow you away. It doesn’t do anything miraculous like crypto or ZigBee or SCADA but it does make it easy for you to get information about users on the Internet.

Here is the basic premise: you want to find out if a certain user name exists on a bunch ‘o web sites. You enter those names into the recon-ng profiles table and then run the profiler module. It’ll send requests out to each site it knows about (over 160 right now!) and will see if that user name exists. Cool huh? Not revolutionary but, for lazy guys like me, helpful.

So, picture you are doing some research on “Kim Kelly”. I have no idea who that really is…it is just a name I picked. You may create a MindMap file that looks like the below:

Before using the module, you do need to do some work to find the user names that you will feed to the module (see content on the left of the above picture). Google/DuckDuckGo to your heart’s content but get those names.

Grab recon-ng from

NOTE: For Recon-ng version 5 commands look directly after this. The original blog used and shows content for Recon-ng version 4.

Version 5:

  • workspaces create test1
  • modules load profiler
  • db insert profiles dreadpirateroberts~~~~
  • db insert profiles farmboywesley~~~~
  • run
  • Once it is done, type: "show profiles" (no quotes) to see the results.

The OLD Recon-ng version 4:

Here is what I’ve done in the picture below:

  • Create a new workspace to separate my data – workspaces add kimkelly
  • Query the “profiles” table to see if there is any existing data there (there is not) – show profiles
  • Add the usernames I’ve found from the MindMap into the profiles table – add profiles name~~~~
  • Looking once more at the profiles table content to ensure I didn’t fat finger anything – show profiles
  • Load the profiler module – use profiler
  • Run the module – run

Now we run the module and look at the output. Green text means that it may have found a hit. Keep in mind that there may be LOTS of people using that same username on the Interwebs so it is important that you visit the site and corroborate the information to ensure that it is YOUR target and not some other person.

Once it finishes looking for the first user name, it’ll switch to the next one.

Let it run and, when it finishes, look at your results in the profiles table (show profiles). Sorry the picture below is such a small picture but it is very wide due to one of the sites.

Now visit each site and get your additional data! You may also want to use the recon-ng reporting/csv or reporting/xlsx (soon to be released!) modules to output this content to a file.

Comments are closed.

Up ↑

%d bloggers like this: