Scanning

Scanning tools Cheatsheat

  1. Nmap

Scan all ports

nmap 192.168.1.1 -p-

Enumerate running services

nmap 192.168.1.1 -sV

Faster scan with aggressive scan and on all ports (best of CTFs)

nmap -T5 -A -p- --min-rate=500 10.129.187.71

Useful Flags

  • -v to show the current results with scan

  • -A Enables OS detection, version detection, script scanning, and traceroute

  • -sV Probe open ports to determine service/version info

  • -sC Default script sets

  • --script vuln To test for vulnerabilities

  • -sU UDP scan

2. Nmap scripts

Enumerating OS details with nmap script over smb

sudo nmap --script smb-os-discovery.nse 192.168.18.110

Enumerate NetBios

nmap -sV -v --script nbstat.nse 192.168.18.110

DNS service discovery

nmap --script=broadcast-dns-service-discovery zonetransfer.me

DNS brute force

nmap -T5 -p 53 --script dns-brute zonetransfer.me

common services DNS records

nmap --script dns-srv-enum --script-args "dns-srv-enum.domain='zonetransfer.me'"
PreviousHost DiscoveryNextVulnerability assessment

Last updated