{"id":13539892,"url":"https://github.com/pownjs/recon","last_synced_at":"2025-04-02T06:31:42.544Z","repository":{"id":47428740,"uuid":"166210415","full_name":"pownjs/recon","owner":"pownjs","description":"A powerful target reconnaissance framework powered by graph theory.","archived":true,"fork":false,"pushed_at":"2022-10-21T21:52:11.000Z","size":1536,"stargazers_count":420,"open_issues_count":15,"forks_count":83,"subscribers_count":27,"default_branch":"master","last_synced_at":"2024-08-11T17:10:12.643Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pownjs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-01-17T10:53:59.000Z","updated_at":"2024-05-31T11:57:18.000Z","dependencies_parsed_at":"2022-08-23T07:10:40.381Z","dependency_job_id":null,"html_url":"https://github.com/pownjs/recon","commit_stats":null,"previous_names":["pownjs/pown-recon"],"tags_count":294,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pownjs%2Frecon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pownjs%2Frecon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pownjs%2Frecon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pownjs%2Frecon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pownjs","download_url":"https://codeload.github.com/pownjs/recon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246768142,"owners_count":20830613,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:33.552Z","updated_at":"2025-04-02T06:31:37.535Z","avatar_url":"https://github.com/pownjs.png","language":"JavaScript","funding_links":[],"categories":["\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具","JavaScript"],"sub_categories":["\u003ca id=\"05ab1b75266fddafc7195f5b395e4d99\"\u003e\u003c/a\u003e未分类-OSINT"],"readme":"\u003e The project has moved to monorepo. See https://github.com/pownjs/pown for more information.\n\n[![License](https://img.shields.io/badge/license-MIT-_red.svg)](https://opensource.org/licenses/MIT)\n[![Follow on Twitter](https://img.shields.io/twitter/follow/pownjs.svg?logo=twitter)](https://twitter.com/pownjs)\n[![NPM](https://img.shields.io/npm/v/@pown/recon.svg)](https://www.npmjs.com/package/@pown/recon)\n[![Fury](https://img.shields.io/badge/version-2x%20Fury-red.svg)](https://github.com/pownjs/lobby)\n![default workflow](https://github.com/pownjs/git/actions/workflows/default.yaml/badge.svg)\n[![SecApps](https://img.shields.io/badge/credits-SecApps-black.svg)](https://secapps.com)\n\n# Recon\n\nRecon is a target reconnaissance framework powered by knowledge graphs. Using knowledge graphs instead of flat table representation is easier to find the relationships between different types of information, which comes quite handy in many situations. Knowledge graphs algorithms also help with diffing, searching, finding the shortest path, and many other helpful tasks to aid information discovery and intelligence gathering.\n\n## Credits\n\nThis tool is part of [secapps.com](https://secapps.com) open-source initiative.\n\n```\n ___ ___ ___ _ ___ ___ ___\n / __| __/ __| /_\\ | _ \\ _ \\/ __|\n \\__ \\ _| (__ / _ \\| _/ _/\\__ \\\n |___/___\\___/_/ \\_\\_| |_| |___/\n https://secapps.com\n```\n\n\u003e **NB**: Recon is the result of an almost direct copy of SecApps' excellent [Recon](https://recon.secapps.com) tool.\n\n## Quickstart\n\nThis tool is meant to be used as part of [Pown.js](https://github.com/pownjs/pown) but it can be invoked separately as an independent tool.\n\nInstall Pown first as usual:\n\n```sh\n$ npm install -g pown@latest\n```\n\nInstall recon:\n\n```sh\n$ pown modules install @pown/recon\n```\n\nInvoke directly from Pown:\n\n```sh\n$ pown recon\n```\n\n## Standalone Use\n\nInstall this module locally from the root of your project:\n\n```sh\n$ npm install @pown/recon --save\n```\n\nOnce done, invoke pown cli:\n\n```sh\n$ POWN_ROOT=. ./node_modules/.bin/pown-cli recon\n```\n\nYou can also use the global pown to invoke the tool locally:\n\n```sh\n$ POWN_ROOT=. pown recon\n```\n\n## Library Use\n\nThe module is also a library. Check out the code and examples for idea how to use. Documentation is coming soon.\n\n## Usage\n\n\u003e **WARNING**: This pown command is currently under development and as a result will be subject to breaking changes.\n\n```\npown-cli recon \u003ccommand\u003e\n\nTarget recon\n\nCommands:\n pown-cli recon transform \u003ctransform\u003e Perform inline transformation [aliases: t]\n pown-cli recon template \u003ccommand\u003e Recon template commands [aliases: p, templates]\n pown-cli recon select \u003cexpressions...\u003e Select nodes [aliases: s]\n pown-cli recon traverse \u003cexpressions...\u003e Traverse nodes [aliases: v]\n pown-cli recon options \u003ccommand\u003e Manage options [aliases: option]\n pown-cli recon cache \u003ccommand\u003e Manage cache\n pown-cli recon add \u003cnodes...\u003e Add nodes [aliases: a]\n pown-cli recon remove \u003cexpressions...\u003e Remove nodes [aliases: r]\n pown-cli recon edit \u003cexpressions...\u003e Edit nodes [aliases: e]\n pown-cli recon merge \u003cfiles...\u003e Perform a merge between at least two recon files [aliases: m]\n pown-cli recon diff \u003cfileA\u003e \u003cfileB\u003e Perform a diff between two recon files [aliases: d]\n pown-cli recon group \u003cname\u003e \u003cexpressions...\u003e Group nodes [aliases: g]\n pown-cli recon ungroup \u003cexpressions...\u003e Ungroup nodes [aliases: u]\n pown-cli recon load \u003cfile\u003e Load a file [aliases: l]\n pown-cli recon save \u003cfile\u003e Save to file [aliases: o]\n pown-cli recon import \u003cfile\u003e Import file [aliases: i]\n pown-cli recon export \u003cfile\u003e Export to file [aliases: x]\n pown-cli recon remote \u003ccommand\u003e Remote managment [aliases: remotes, f]\n pown-cli recon layout \u003cname\u003e Layout the graph [aliases: k]\n pown-cli recon summary [options] Create a summary [aliases: y]\n pown-cli recon exec \u003cfiles...\u003e Execute js file [aliases: c]\n\nOptions:\n --version Show version number [boolean]\n --help Show help [boolean]\n\npown-cli recon transform \u003ctransform\u003e\n\nPerform inline transformation\n\nCommands:\n pown-cli recon transform bitbucketlistrepos [options] \u003cnodes...\u003e List Bitbucket repositories [aliases: bitbucket_list_repos, bblr]\n pown-cli recon transform bitbucketlistsnippets [options] \u003cnodes...\u003e List Bitbucket snippets [aliases: bitbucket_list_snippets, bbls]\n pown-cli recon transform bitbucketlistteamrepos [options] \u003cnodes...\u003e List Bitbucket team repos [aliases: bitbucket_list_team_repos, bbltr]\n pown-cli recon transform bitbucketlistteammembers [options] \u003cnodes...\u003e List Bitbucket team members [aliases: bitbucket_list_team_members, bbltm]\n pown-cli recon transform bufferoverrunsubdomainsearch [options] \u003cnodes...\u003e Obtain a list of subdomains using bufferover.run DNS service [aliases: bufferoverrun_subdomain_search, brss]\n pown-cli recon transform certspotterissuances [options] \u003cnodes...\u003e Obtain issuances from Certspotter [aliases: certspotter_issuances, csi]\n pown-cli recon transform cloudflarednsquery [options] \u003cnodes...\u003e Query CloudFlare DNS API [aliases: cloudflare_dns_query, cfdq]\n pown-cli recon transform crtshcndomainreport [options] \u003cnodes...\u003e Obtain crt.sh domain report which helps enumerating potential target subdomains [aliases: crtsh_cn_domain_report, crtshcdr]\n pown-cli recon transform crtshsandomainreport [options] \u003cnodes...\u003e Obtain crt.sh domain report which helps enumerating potential target subdomains [aliases: crtsh_san_domain_report, crtshsdr]\n pown-cli recon transform dnsresolve [options] \u003cnodes...\u003e Performs DNS resolution [aliases: dns_resolve, dr, dns]\n pown-cli recon transform dockerhublistrepos [options] \u003cnodes...\u003e List DockerHub repositories for a given member or org [aliases: dockerhub_list_repos, dhlr]\n pown-cli recon transform gravatar [options] \u003cnodes...\u003e Get gravatar\n pown-cli recon transform hackertargetreverseiplookup [options] \u003cnodes...\u003e Obtain reverse IP information from hackertarget.com [aliases: hackertarget_reverse_ip_lookup, htril]\n pown-cli recon transform hackertargetonlineportscan [options] \u003cnodes...\u003e Obtain port information from hackertarget.com [aliases: hackertarget_online_port_scan, htps]\n pown-cli recon transform httpfingerprint [options] \u003cnodes...\u003e Performs a fingerprint on the HTTP server and application [aliases: http_fingerprint, hf]\n pown-cli recon transform ipinfoiowidgetsearch [options] \u003cnodes...\u003e Obtain ipinfo.io whois report via the web widget [aliases: ipinfoio_widget_search, iiiows]\n pown-cli recon transform omnisintsubdomainreport [options] \u003cnodes...\u003e Obtain omnisint domain report which helps enumerating target subdomains [aliases: omnisint_subdomain_report]\n pown-cli recon transform pkslookupkeys [options] \u003cnodes...\u003e Look the the PKS database at pool.sks-keyservers.net which pgp.mit.edu is part of [aliases: pks_lookup_keys, pkslk]\n pown-cli recon transform pwndbsearch [options] \u003cnodes...\u003e Searching the PwnDB database [aliases: pwndb_search, pds]\n pown-cli recon transform riddleripsearch [options] \u003cnodes...\u003e Searches for IP references using F-Secure riddler.io [aliases: riddler_ip_search, rdis]\n pown-cli recon transform riddlerdomainsearch [options] \u003cnodes...\u003e Searches for Domain references using F-Secure riddler.io [aliases: riddler_domain_search, rdds]\n pown-cli recon transform script [options] \u003cnodes...\u003e Perform transformation with external script [aliases: script]\n pown-cli recon transform scyllasearch [options] \u003cnodes...\u003e Searching the Scylla database [aliases: scylla_search, scys]\n pown-cli recon transform securitytrailssuggestions [options] \u003cnodes...\u003e Get a list of domain suggestions from securitytrails.com [aliases: securitytrails_domain_suggestions, stds]\n pown-cli recon transform shodanorgsearch [options] \u003cnodes...\u003e Performs search using ORG filter [aliases: shodan_org_search, sos]\n pown-cli recon transform shodansslsearch [options] \u003cnodes...\u003e Performs search using SSL filter [aliases: shodan_ssl_search, sss]\n pown-cli recon transform spysesubdomains [options] \u003cnodes...\u003e Performs subdomain searching with Spyse [aliases: spyse_subdomains, ssds]\n pown-cli recon transform tcpportscan [options] \u003cnodes...\u003e Simple, full-handshake TCP port scanner (very slow and sometimes inaccurate) [aliases: tcp_port_scan, tps]\n pown-cli recon transform threatcrowddomainreport [options] \u003cnodes...\u003e Obtain threatcrowd domain report which helps enumerating potential target subdomains and email addresses [aliases: threatcrowd_domain_report, tcdr]\n pown-cli recon transform threatcrowdipreport [options] \u003cnodes...\u003e Obtain threatcrowd ip report which helps enumerating virtual hosts [aliases: threatcrowd_ip_report, tcir]\n pown-cli recon transform urlscanliveshot [options] \u003cnodes...\u003e Generates a liveshot of any public site via urlscan [aliases: urlscan_liveshot, usls]\n pown-cli recon transform urlscansubdomains [options] \u003cnodes...\u003e Find subdomains via urlscan [aliases: urlscan_subdomains, uss]\n pown-cli recon transform noop [options] \u003cnodes...\u003e Does not do anything [aliases: nop]\n pown-cli recon transform sleep [options] \u003cnodes...\u003e Sleeps for predefined time [aliases: sleep, wait]\n pown-cli recon transform duplicate [options] \u003cnodes...\u003e Duplicate node [aliases: dup]\n pown-cli recon transform extract [options] \u003cnodes...\u003e Extract property [aliases: excavate]\n pown-cli recon transform prefix [options] \u003cnodes...\u003e Creates a new node with a prefix [aliases: prepand]\n pown-cli recon transform suffix [options] \u003cnodes...\u003e Creates a new node with a suffix [aliases: append]\n pown-cli recon transform augment [options] \u003cnodes...\u003e Update node with prefix or suffix\n pown-cli recon transform splitemail [options] \u003cnodes...\u003e Split email at the @ sign [aliases: split_email]\n pown-cli recon transform buildemail [options] \u003cnodes...\u003e Build email from node label [aliases: build_email]\n pown-cli recon transform splitdomain [options] \u003cnodes...\u003e Split domain at the first dot [aliases: split_domain]\n pown-cli recon transform builddomain [options] \u003cnodes...\u003e Build domain from node label [aliases: build_domain]\n pown-cli recon transform splituri [options] \u003cnodes...\u003e Split URI to corresponding parts [aliases: split_uri]\n pown-cli recon transform builduri [options] \u003cnodes...\u003e Build URI from node label [aliases: build_uri]\n pown-cli recon transform bakeimages [options] \u003cnodes...\u003e Convert external image into data URIs for self-embedding purposes [aliases: bake_images, bes]\n pown-cli recon transform virustotalsubdomains [options] \u003cnodes...\u003e Obtain subdomains from Virustotal [aliases: virustotal_subdomains, vtsd]\n pown-cli recon transform vulnerssearch [options] \u003cnodes...\u003e Obtain vulnerability information via vulners.com [aliases: vulners_search, vs]\n pown-cli recon transform wappalyzerprofile [options] \u003cnodes...\u003e Enumerate technologies with api.wappalyzer.com [aliases: wappalyzer_profile, wzp]\n pown-cli recon transform worker [options] \u003cnodes...\u003e Perform transformation with external worker [aliases: worker]\n pown-cli recon transform zonecrunchersubdomains [options] \u003cnodes...\u003e Performs subdomain searching with Zonecruncher [aliases: zonecruncher_subdomains, zcss]\n pown-cli recon transform auto [options] \u003cnodes...\u003e Select the most appropriate methods of transformation\n\nOptions:\n --version Show version number [boolean]\n --help Show help [boolean]\n -r, --read Read file [string]\n -w, --write Write file [string]\n```\n\n## Preview\n\nGenerated graphs can be previewed in [SecApps Recon](https://recon.secapps.com) for convenience, which this tool is based on. You can access SecApps Recon from your browser but you can also invoke it from the command line.\n\nFirst you need `@pown/apps` installed:\n\n```sh\n$ pown modules install @pown/apps\n```\n\nThis will install the optional apps command package.\n\nGenerate your graph using the write options:\n\n```sh\n$ pown recon transform auto -w path/to/file.network --node-type brand target\n```\n\nOnce the recon is complete, open the graph for preview in SecApps Recon:\n\n```sh\n$ pown apps recon \u003c path/to/file.network\n```\n\n## Scripting\n\nPown recon is designed to be scripted either via your favorite shell environment, [Pown Script](https://github.com/pownjs/script), [Pown Engine Templates](https://github.com/pownjs/engine) and JavaScript. Scripts benefit from preserved context between each command execution. This means that you can build a graph without then need to save and restore into intermediate files.\n\nUsing your favourite editor create a file called `example.pown` with the following contents:\n\n```sh\necho This is script\nrecon add --node-type brand target\nrecon t auto\n```\n\nExecute the script from pown:\n\n```sh\n$ pown script path/to/example.pown\n```\n\nFor more information, see the `./examples` for more ideas how to use scripts.\n\n## Selectors\n\n\u003e Some commands expect graph selectors. The rest of the documentation is copy of cytoscape.js selectors manual with some minor differences.\n\nA selector functions similar to a CSS selector on DOM elements, but selectors in Recon instead work on collections of graph elements. This mechanism is provided by the powerful cytoscape.js.\n\nThe selectors can be combined together to make powerful queries, for example:\n\n```\npown select 'node[weight \u003e= 50][height \u003c 180]'\n```\n\nSelectors can be joined together (effectively creating a logical OR) with commas:\n\n```\npown select 'node#j, edge[source = \"j\"]'\n```\n\nIt is important to note that strings need to be enclosed by quotation marks:\n\n```\npown select 'node[type = \"domain\"]'\n```\n\nNote that metacharacters `( ^ $ \\ / ( ) | ? + * [ ] { } , . )` need to be escaped:\n\npown select '#some\\\\$funky\\\\@id'\n\n### Group, class, \u0026 ID\n\n* `node`, `edge`, or `*` (group selector) Matches elements based on group (node for nodes, edge for edges, * for all).\n* `.className` Matches elements that have the specified class (e.g. use .foo for a class named \"foo\").\n* The `#id` Matches element with the matching ID (e.g. `#foo` is the same as `[id = 'foo']`)\n\n### Data\n\n* `[name]` Matches elements if they have the specified data attribute defined, i.e. not undefined (e.g. `[foo]` for an attribute named “foo”). Here, null is considered a defined value.\n* `[^name]` Matches elements if the specified data attribute is not defined, i.e. undefined (e.g `[^foo]`). Here, null is considered a defined value.\n* `[?name]` Matches elements if the specified data attribute is a truthy value (e.g. `[?foo]`).\n* `[!name]` Matches elements if the specified data attribute is a falsey value (e.g. `[!foo]`).\n* `[name = value]` Matches elements if their data attribute matches a specified value (e.g. `[foo = 'bar']` or `[num = 2]`).\n* `[name != value]` Matches elements if their data attribute doesn’t match a specified value (e.g. `[foo != 'bar']` or `[num != 2]`).\n* `[name \u003e value]` Matches elements if their data attribute is greater than a specified value (e.g. `[foo \u003e 'bar']` or `[num \u003e 2]`).\n* `[name \u003e= value]` Matches elements if their data attribute is greater than or equal to a specified value (e.g. `[foo \u003e= 'bar']` or `[num \u003e= 2]`).\n* `[name \u003c value]` Matches elements if their data attribute is less than a specified value (e.g. `[foo \u003c 'bar']` or `[num \u003c 2]`).\n* `[name \u003c= value]` Matches elements if their data attribute is less than or equal to a specified value (e.g. `[foo \u003c= 'bar']` or `[num \u003c= 2]`).\n* `[name *= value]` Matches elements if their data attribute contains the specified value as a substring (e.g. `[foo *= 'bar']`).\n* `[name ^= value]` Matches elements if their data attribute starts with the specified value (e.g. `[foo ^= 'bar']`).\n* `[name $= value]` Matches elements if their data attribute ends with the specified value (e.g. `[foo $= 'bar']`).\n* `@` (data attribute operator modifier) Prepended to an operator so that is case insensitive (e.g. `[foo @$= 'ar']`, `[foo @\u003e= 'a']`, `[foo @= 'bar']`)\n* `!` (data attribute operator modifier) Prepended to an operator so that it is negated (e.g. `[foo !$= 'ar']`, `[foo !\u003e= 'a']`)\n* `[[]]` (metadata brackets) Use double square brackets in place of square ones to match against metadata instead of data (e.g. `[[degree \u003e 2]]` matches elements of degree greater than 2). The properties that are supported include `degree`, `indegree`, and `outdegree`.\n\n### Compound nodes\n\n* `\u003e` (child selector) Matches direct children of the parent node (e.g. `node \u003e node`).\n* ` ` (descendant selector) Matches descendants of the parent node (e.g. `node node`).\n* `$` (subject selector) Sets the subject of the selector (e.g. `$node \u003e node` to select the parent nodes instead of the children).\n\n## Traversals\n\nA complex type of selection is known as traversal.\n\n## Transforms\n\nHere are some of the transforms available in Recon. Additional transforms are available in optional pown modules.\n\n* GitHub Search of Repos, Gists and Members (via @pown/github)\n* Bitbucket Search of Repos, Snippets and Members\n* CloudFlare 1.1.1.1 DNS API\n* CRTSH (CN \u0026 SAN)\n* DockerHub Repo Search\n* Gravatar URLs\n* Hacker Target Reverse IP Lookup\n* PKS Lookup\n* Bufferover.run\n* Urlscan\n* Threatcrowd\n* Wappalyzer\n* Riddler\n* Shodan\n* WhoAreThey(via @pown/whoarethey)\n* Certspotter\n* Virustotal\n* Security Trails\n* Utility Transforms\n* Auto Recon\n\n## Tutorial\n\nTo demonstrate the power of Recon and graph-based OSINT (Open Source Intelligence), let's have a look at the following trivial example.\n\nLet's start by querying everyone who is a member of Google's engineering team and contributes to their GitHub account.\n\n```sh\npown recon t -w google.network ghlm google\n```\n\nThis command will generate a table similar to this:\n\n```\n github:member\n┌─────────────────────────────────────────────────────────┬─────────────────────────────────────────────────────────┬─────────────────────────────────────────────────────────┐\n│ uri │ login │ avatar │\n├─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤\n│ https://github.com/3rf │ 3rf │ https://avatars1.githubusercontent.com/u/1242478?v=4 │\n├─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤\n│ https://github.com/aaroey │ aaroey │ https://avatars0.githubusercontent.com/u/31743510?v=4 │\n├─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤\n│ https://github.com/aarongable │ aarongable │ https://avatars3.githubusercontent.com/u/2474926?v=4 │\n...\n...\n...\n│ https://github.com/alexpennace │ alexpennace │ https://avatars1.githubusercontent.com/u/2506548?v=4 │\n├─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤\n│ https://github.com/alexv │ alexv │ https://avatars0.githubusercontent.com/u/30807372?v=4 │\n├─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┼─────────────────────────────────────────────────────────┤\n│ https://github.com/alexwhouse │ alexwhouse │ https://avatars3.githubusercontent.com/u/1448490?v=4 │\n└─────────────────────────────────────────────────────────┴─────────────────────────────────────────────────────────┴─────────────────────────────────────────────────────────┘\n```\n\nYou just created your first network!\n\nThe representation is tabular for convenience but underneath we've got a model which consists of nodes connected by edges.\n\nIf you are wondering what that looks like you can use [SecApps Recon](https://recon.secapps.com). The command line does not have the necessary level of interactivity to present the complexity of graphs.\n\nThe `-w google.network` command line option exported the network to a file. You can load the file directly into SecApps Recon with the file open feature. The result will look like this:\n\nNow imagine that we want to query what repositories these Google engineers are working on. This is easy. First, we need to select the nodes in the graph and then transform them with the \"GitHub List Repositories\" transformation. This is how we do it from the command line:\n\n```sh\npown recon t ghlr -r google.network -w google2.nework -s 'node[type=\"github:member\"]'\n```\n\nIf you don't hit GitHub API rate limits, you will be presented with this:\n\n```\n github:repo\n┌──────────────────────────────────────────────────────────────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────────┐\n│ uri │ fullName │\n├──────────────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────┤\n│ https://github.com/3rf/2015-talks │ 3rf/2015-talks │\n├──────────────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────┤\n│ https://github.com/3rf/codecoroner │ 3rf/codecoroner │\n├──────────────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────┤\n│ https://github.com/3rf/DefinitelyTyped │ 3rf/DefinitelyTyped │\n...\n...\n...\n│ https://github.com/agau4779/ultimate-tic-tac-toe │ agau4779/ultimate-tic-tac-toe │\n├──────────────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────┤\n│ https://github.com/agau4779/worm_scraper │ agau4779/worm_scraper │\n├──────────────────────────────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────┤\n│ https://github.com/agau4779/zsearch │ agau4779/zsearch │\n└──────────────────────────────────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────────┘\n```\n\nSince now we have two files `google.network` and `google2.network` you might be wondering what is the difference between them. Well, we have a tool for doing just that.\n\n```sh\npown recon diff google.network google2.network\n```\n\nNow we know! This feature is quite useful if you are building large recon maps and you would like to know what are the key differences. Imagine your cron job performs the same recon every day and you would like to know if something new just appeared which might be worth exploring further. Hello, bug bounty hunters!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpownjs%2Frecon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpownjs%2Frecon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpownjs%2Frecon/lists"}