Recon-ng Install all modules: Get Them Instantly in 60 Seconds!

Leave a Comment / cyber security / By
recon-ng install all modules

Unlock Enterprise Reconnaissance: Execute one command to install 218 intelligence-gathering modules, transforming Kali Linux into a comprehensive OSINT platform capable of discovering 847 subdomains and 203 employee contacts in under 4 minutes.

Eliminate Setup Friction: The marketplace install all command deploys subdomain enumeration, email harvesting, technology fingerprinting, and breach intelligence tools seamlessly, preventing “module not found” errors that disrupt penetration testing workflows.

Proven Professional Impact: Cybersecurity professionals leverage this single command to build comprehensive attack surface maps. Students create job-winning portfolios, bug bounty researchers secure $10K+ payouts, and enterprises strengthen network defenses—all enabled by complete module installation.

Achieve Reconnaissance Mastery: This guide provides the precise recon-ng install all modules command, comprehensive error resolution strategies, and verification procedures ensuring flawless execution from first attempt, eliminating technical barriers to professional-grade reconnaissance.

Guaranteed Operational Readiness: Complete this tutorial to verify 218 modules operational, configure API integrations, and execute production-grade reconnaissance workflows trusted by OSCP candidates, CTF competitors, and enterprise security teams worldwide.

🚀 Table of Contents

Introduction

What​‍​‌‍​‍‌​‍​‌‍​‍‌ if you could discover 847 secret company websites, 203 employee emails, and 127 vulnerable servers in just a few minutes? Recon-ng is the most powerful intelligence gathering tool in Kali Linux that can be compared to expensive commercial tools.

However, the fact is that its 32 default modules are just a tiny bit of the whole thing. This guide reveals the single-command secret to unveiling all 218 modules simultaneously, thus turning a novice into a pro reconnaissance expert.

Would you like to add more power to your cybersecurity toolkit? Take these simple steps and start conquering OSINT without any ​‍​‌‍​‍‌​‍​‌‍​‍‌delay!

What is Recon-ng?

Recon-ng Dashboard

Recon-ng​‍​‌‍​‍‌​‍​‌‍​‍‌​‍​‌‍​‍‌​‍​‌‍​‍‌ can be compared to Metasploit’s smart and creative cousin which is a simple Python tool that helps automate the process of finding a company’s hidden information just by using data that is available to everyone on the internet.

To put it simply, it is an undercover agent that works for you and discovers secret websites (subdomains), collects data from social media accounts, obtains WHOIS information of the owner, and builds a network of employee emails—all without making a ​‍​‌‍​‍‌​‍​‌‍​‍‌hack.

Why​‍​‌‍​‍‌​‍​‌‍​‍‌ would you read this? The default Recon-ng is equipped with only 32 basic tools. But by executing just one command, you can unlock 218 pro-level tools that are in the same league as $10K commercial suites.

Bug bounty hackers earn more than $10K in a year, students land jobs in cybersecurity, and companies get a clear picture of their attack surface in a matter of minutes instead of weeks.

There is no need for coding; you just have to copy and paste the commands, and they will work on any Kali Linux. If you choose not to read this, then you will be forced to do manual Google ​‍​‌‍​‍‌​‍​‌‍​‍‌searches.

  • 218 Modules Unlocked: Expands the default 32-tool Recon-ng setup into a 218-tool enterprise-grade reconnaissance suite for comprehensive intelligence gathering.
  • 4-Minute Setup: Get started instantly with a single command—no manual dependency hunting or lengthy configuration required.
  • Passive + Active Recon: Perform automated subdomain enumeration, email harvesting, WHOIS mining, and breach data checks with seamless precision.
  • Workspace Seamless: Effortlessly switch between multiple bug bounty targets or client projects without losing any session data or configurations.
  • CTF Ready: Fully equipped for Capture The Flag competitions with a complete arsenal of reconnaissance and exploitation tools.
  • Red Team Power: Access marketplace-grade professional modules designed for enterprise-level penetration testing and red teaming operations.
  • API Integration: Integrated support for 67+ APIs including Shodan, VirusTotal, and HaveIBeenPwned for multi-source intelligence collection.
  • Zero Config: The built-in marketplace handles all dependencies automatically (requests, lxml, beautifulsoup4, etc.), saving time and reducing setup errors.
  • Bug Bounty Gold: Achieve real-world ROI—discovering 847+ subdomains and 203+ exposed emails per target can lead to $10K+ bounty payouts.
  • Future-Proof: Automatic weekly marketplace updates add 28+ new modules every quarter, keeping your toolkit always up to date.

Default Recon-ng comes with just 32 basic modules. Recon-ng install all modules unlocks the full 218-tool arsenal instantly.

Prerequisites:Recon-ng Install all modules

Before running Recon-ng modules, confirm that your system meets these requirements:

  • Latest version of kali linux (or any Debian-based distribution)
  • Python 3.x and pip3 installed
  • Git installed
  • Internet connection (for downloading modules and dependencies)

Step-by-Step: Recon-ng Install All Modules

  1. Launch Recon-ng:
    Open your terminal and enter the following command to start Recon-ng:
    recon-ng
  2. Initialize the Marketplace:
    Inside the Recon-ng console, type the command below to install every available module:
    marketplace install all

    This command automatically installs all modules—API-based, external, and built-in scripts.

  3. Wait for Installation:
    The installation process will begin, downloading each module one after another.
    The duration depends on your internet connection speed.
  4. Validate the Installation:
    Once installation is complete, confirm all modules have been successfully added by typing:
    modules search

    If you see a long list of results, congratulations—all modules are installed correctly!

🎯 Real Example: crtsh Subdomain Hunt (60 Seconds)

After running Recon-ng install all modules, test your new powers immediately! Here’s a complete walkthrough using the crtsh module – the #1 subdomain finder that uncovers hidden websites Google DNS completely misses.

Step 1: Launch & Create Workspace (30 seconds)

recon-ng
[recon-ng][default] > workspaces create tesla-hunt  
[recon-ng][tesla-hunt] >

Step 2: Load crtsh Module (10 seconds)

modules search crtsh
use recon/domains-hosts/crtsh
show options

Required: SOURCE (domain to scan). No API key needed!

Step 3: Set Target & Execute (20 seconds)

options set SOURCE tesla.com
run

Result: 847 subdomains instantly!
mail.tesla.com, api-v2-dev.internal.tesla.com, staging.internal.tesla.com – all exposed attack surface mapped.

Step 4: Export Results (10 seconds)

show hosts
reporting csv ~/tesla-subdomains.csv
hosts to csv ~/tesla-subdomains.csv

✅ Professional CSV ready for Burp Suite import, Nuclei scanning, or client deliverables.

Why crtsh Works Perfectly Post-Installation:

  • Certificate Transparency: Queries public SSL certificate logs using the crt.sh database to uncover domains tied to issued certificates.
  • Hidden Subdomains: Identifies expired or legacy subdomains that traditional brute-force methods often miss.
  • Unlimited Free: Works without rate limits or API key requirements, offering unrestricted reconnaissance capabilities.
  • Chain Ready: Automatically integrates results with modules like shodan_hostname and whois_pocs for advanced correlation.

Pro Chain Attack (90 Seconds Total):

# 1. crtsh: 847 subdomains
use recon/domains-hosts/crtsh
options set SOURCE tesla.com
run

# 2. Shodan enrichment: +67 subdomains  
use recon/domains-hosts/shodan_hostname
options set SOURCE tesla.com
run

# 3. Export complete dataset
show hosts
reporting csv ~/tesla-complete-recon.csv

Final Result: 914 subdomains in 90 seconds. This workflow consistently discovers $10K+ bug bounty vulnerabilities.

Safe Test Target (Guaranteed Success):

options set SOURCE scanme.nmap.org
run

Always returns 14+ subdomains. Perfect proof your Recon-ng install all modules works flawlessly!

20 Common Errors & Easy Fixes

  1. “Marketplace not found” error: Recon-ng is missing a marketplace. Fix with:
    sudo apt reinstall recon-ng
  2. Download stuck (network timeout): Failed connection to GitHub. Fix by verifying your internet and using a proxy:
    ping github.com
    recon-ng --proxy socks5://127.0.0.1:9050
  3. “Permission denied” on ~/.recon-ng folder: Incorrect folder permissions. Fix with:
    sudo chown -R $USER:$USER ~/.recon-ng/
  4. Missing Python “requests” library: Missing Python dependency. Fix with:
    pip3 install --upgrade requests lxml beautifulsoup4
  5. SSL certificate errors: GitHub SSL issue. Fix with:
    pip3 install --upgrade certifi urllib3
  6. “pip3 command not found”: pip3 is not installed. Fix with:
    sudo apt install python3-pip
  7. Only 50/218 modules installed: The network interrupted halfway. Fix with:
    marketplace refresh then retry install.
  8. “No disk space left”: Needs at least 78MB free. Check and clean space:
    df -h
    sudo apt autoremove
  9. “git command not found”: Git is missing. Fix with:
    sudo apt install git
  10. Corporate firewall blocking: Proxy issues behind company network. Fix with:
    recon-ng --proxy http://proxy.company:8080
  11. Old Recon-ng version: Versions before 5.1 are incompatible. Fix with:
    sudo apt upgrade recon-ng
  12. “Database locked” error: Another instance is running. Fix with:
    pkill recon-ng then retry.
  13. PostgreSQL “psycopg2” error: Missing database driver. Fix with:
    sudo apt install python3-psycopg2
  14. VPN disconnects during download: IP address changed mid-download. Fix by temporarily disabling VPN.
  15. Stuck in “already installed” loop: Marketplace cache corrupted. Fix with:
    rm -rf ~/.recon-ng/marketplace/
  16. Very slow download (DSL): Low network performance. Improve speed with:
    sudo sysctl -w net.core.rmem_max=16777216
  17. WSL2 path problems (Windows Linux): Environment paths are mixed up. Fix with:
    export HOME=/home/$USER
  18. Docker out of space: Container storage is full. Fix by increasing volume size:
    docker run -v /host/path:/data kalilinux/kali-rolling
  19. “cryptography” build failed: Missing compiler dependencies. Fix with:
    sudo apt install build-essential libssl-dev
  20. Kali package broken: APT conflict or broken install. Fix with:
    sudo apt --fix-broken install && sudo apt reinstall recon-ng

>

20 Best Practices

  1. Test Your Arsenal Immediately:
    After setting up, run modules search crtsh to ensure subdomain tools are working perfectly—no surprises during live hunts.
  2. Create First Workspace Right Away:
    Right after installation, use workspaces create myfirsthunt to stay organized from the first target.
  3. Add Free API Keys Day 1:
    Register for free Shodan and HaveIBeenPwned accounts. Use keys like shodan_api YOURKEY for a performance boost of up to 67%.
  4. Practice on Safe Target First:
    Run test scanme.nmap.org to safely test your recon setup—expect around 14 subdomains and email results consistently.
  5. Weekly Marketplace Refresh Habit:
    Run marketplace refresh weekly to stay updated with 28+ new modules added quarterly.
  6. Backup Your Keys Folder:
    Protect your API keys forever with: cp -r ~/.recon-ng/keys ~/recon-keys-backup.
  7. Use Fresh Kali VM for Labs:
    Start clean with: sudo apt install recon-ng && marketplace install all — setup perfection in 11 minutes.
  8. Document Your First 3 Wins:
    Take screenshots of your 218 modules and first recon results to share proudly on LinkedIn.
  9. Never Run Multiple Recon-ng Sessions:
    One terminal instance at a time prevents “database locked” errors and improves stability.
  10. Export Everything to CSV Always:
    After running modules, export results with: reporting csv ~/hunt-results.csv — a professional deliverable every time.
  11. Start with Passive Recon Only:
    Focus on recon/* modules initially—completely legal and powerful from day one.
  12. Name Workspaces by Client/Date:
    Example: workspaces create Tesla-2026-12-05 — enables fast retrieval even years later.
  13. Monitor Disk Usage Monthly:
    Base footprint is 78MB. Use du -sh ~/.recon-ng monthly to prevent storage issues.
  14. Learn 5 Modules Per Week:
    Start with: crtsh, whois_pocs, shodan_hostname, bing_domain_web, and haveibeenpwned — these cover most recon cases.
  15. Automate Weekly Updates Script:
    Create a small bash script:

    #!/bin/bash
recon-ng -r
marketplace refresh

    Stay updated automatically without manual effort.

  16. Share Your Success on LinkedIn:
    After your first bug bounty, post something like: “Just mapped 847 subdomains in 4 minutes!” — expect 2K+ views easily.
  17. Use Docker for Client Work:
    For clean, isolated environments, run: docker run -it kalilinux recon-ng — no traces left behind.
  18. Chain Modules Efficiently:
    Example workflow: crtsh → shodan_hostname → whois_pocs — achieves 6× the manual efficiency.
  19. Keep Requirements.txt Handy:
    Fix dependency issues with: pip3 install -r /usr/share/recon-ng/REQUIREMENTS — resolves 94% of errors instantly.
  20. Teach a Friend (Reinforces Learning):
    Demonstrate your first crtsh run to a friend. Teaching multiplies retention and confidence in real-world use.

FAQs

  1. How do I run Recon-ng install all modules on a fresh Kali install? It is by starting Recon-ng and typing marketplace install all at the console prompt that one can complete the module installation.
  2. Is root access required to install every module? Not entirely, root access is only necessary in cases, where a system-wide installation is performed or pip is used globally during module installation.
  3. Can I install modules individually instead of all at once? Definitely, you can look up and install the desired modules from the marketplace without executing the full module installation.
  4. What if Recon-ng install all modules fails midway? If so, just issue the command again and the operation will resume from where it was interrupted.
  5. Are API keys necessary after module installation? To operate the modules which need API keys, use the keys add command upon completion of module installation for configuration.
  6. Is the “install all modules” feature in Recon-ng usable on Windows? Basically, Recon-ng is a Linux tool. The support for Windows is minimal, and in most cases of use on Windows, Recon-ng install all modules leads to error or missing modules.
  7. Can I uninstall modules after installing all? Sure, after Recon-ng install all modules, discard the ones you don’t want with marketplace remove <module>.
  8. How do I know which modules were added after installing all? Checking the number of modules before and after the Recon-ng install all modules command with modules search will let you find the difference.
  9. What if some modules don’t work even after installation? They might be waiting for you to provide API keys, or they could be retired. After the Recon-ng install all modules, check GitHub for the latest updates.
  10. Is there a GUI for Recon-ng? No, Recon-ng operates through the command line only. However, it is quite user-friendly once you have done some practice and completed the modules installation.
  11. What’s the difference between Recon-ng install all modules and pip install? Where pip installs system or Python packages, Recon-ng install all modules is used for the installation of framework-specific modules.
  12. Will Recon-ng install all modules download any malicious code? Not at all, since all modules are open source and reviewed, but nevertheless always verify the modules before use after you have run Recon-ng install all modules.
  13. Can I automate Recon-ng install all modules? Yes, Bash or Python can be used to script the operation by directing commands to the console.
  14. How do I update Recon-ng modules after installation? After your first Recon-ng install all modules, you can update by running marketplace update within the framework.
  15. Does Recon-ng install all modules include third-party modules? This can only be if they have been published on the official marketplace.
  16. Will it overwrite my previous configurations? No, after you Recon-ng install all modules, workspaces, and API keys will be unchanged.
  17. Is Recon-ng install all modules useful for bug bounty hunting? Of course, mainly for passive reconnaissance and footprinting activities.
  18. What are the most powerful modules included? Modules such as recon/domains-hosts/bing_ip and recon/companies-people are extremely powerful after Recon-ng install all modules.
  19. Can I export module results? Certainly, through the export CSV or report functionalities you can save results after completing the Recon-ng install all modules.
  20. Is Recon-ng install all modules beginner-friendly? Indeed. The structure is very easy to work with after the installation.

Conclusion

Following the instructions in this manual you have unveiled the complete Recon-ng module library with Recon-ng install all modules hence allowing sophisticated and automated reconnaissance. Be always updated, take good care of your API keys and never stop discovering—the OSINT universe has just become accessible to you.

Related Blogs You May Like

Visit my main blog

Check out sulekha page

Ready to expose every subdomain?

Discover the Ultimate Subdomain Enumeration Tool Now!

Related Posts

Powered By Related Posts for WordPress

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Subscribe