virtualenv env
. venv/bin/activate
pip install -r requirements.txt

# lxml on debian:
sudo apt-get install libxml2-dev libxslt-dev

# mongodb on debian:
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/debian-sysvinit dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
sudo apt-get update
sudo apt-get install mongodb-10gen
echo "bind_ip = 127.0.0.1" | sudo tee -a /etc/mongodb.conf
sudo /etc/init.d/mongodb restart

help # list all cmds
help [cmd] # show usage
modules # list all modules
status # show modules status
output [all|[number]] # output from module
watch # interactive output
^C # exit interactive ouput
load [name] # load session named [name]
saveas [name] # save session under name [name]
delete [name] # delete session under name [name]
use [module] # enter module menu
^D # stop using module or quit if not using any module
options # show set options (from module menu)
options [cmd] # show option description
set [key] [value] # set option
unset [key] # unset option
info [module]# show info about module

target domain.tld
run recon::subdomains
watch
^C
output all
run report::hosts

target domain.tld
run recon::dnslookup
run recon::reverseip
use recon::subnets
set maxdepth 128
run
watch
^C
output all
run report::hosts

target domain.tld
use recon::cohost
run
watch
^C
output all
run report::hosts

# gather hostnames..
use auxiliary::oscmd
options cmd
set cmd 'path/to/whatweb -a 3 %DOMAIN% >> ~/enum.txt'
run
# ignore garbage on screen & when done grep enum.txt for results