# OSINT By recon-ng
## Study case (trivago.com)
```Bash
> recon-ng
## now let's add a workspace
> workspaces add trivago.com
## Add the target domain
> add domains trivago.com
## Double check if domain is added
> show domains
## find related hosts to our domain
> load netcraft
> run
## check added hosts
> show hosts
## Searching web
> load google
> load google_site_web
> run
## Now it's time for brute-forcing
> load brute
> load brute_hosts
> run
## resolve hosts
> load resolve
> run
## now reverse resolve
> load reverse_resolve
> use recon/hosts-hosts/reverse_resolve
> run
## check hosts
> show hosts
## Now let's get some geolocation info
> load ipinfodb
> run
## more geolocation info
### first edit /usr/local/Cellar/recon-ng/4.9.2/libexec/modules/recon/locations-locations/geocode.py
### also edit /usr/local/Cellar/recon-ng/4.9.2/libexec/modules/recon/locations-locations/reverse_geocode.py
### line 21 instead of `return` make it `continue`
> load geocode
> use recon/locations-locations/geocode
> show options
> show info
> set SOURCE query SELECT DISTINCT host FROM hosts WHERE host IS NOT NULL
> run
## Check locations
> show locations
## Now reverse
> load reverse
> use recon/locations-locations/reverse_geocode
> run
## Check locations
> show locations
## Now let's change reverse_geocode query to run on hosts table
> show info
> set SOURCE query SELECT DISTINCT latitude || ',' || longitude FROM hosts WHERE latitude IS NOT NULL AND longitude IS NOT NULL
> run
## Check locations
> show locations
## now let's search contacts
> search contacts
> use recon/domains-contacts/whois_pocs
> run
> load pgp_search
> run
## After you found some contacts, now let's see if there is any leaks for them
> use recon/contacts-credentials/hibp_paste
> run
## Now let's find some interesting files on the servers
> use discovery/info_disclosure/interesting_files
> run
```
https://github.com/jhaddix/domain