Veilcat

Latest

01_service_enumeration

1 min read

๐Ÿ” Recon and Enumeration

This section includes commands for host discovery, port scanning, and service enumeration.

โžก๏ธ Environment: See 00_environment_setup

๐Ÿ”Ž Nmap

Fast scan:

Quickly discover open ports to expedite future scans

nmap --min-rate 4500 --max-rtt-timeout 1500ms -p- $IP

Full TCP scan + scripts:

nmap -sC -sV -T4 -Pn -p- -oA full_tcp $IP

๐Ÿง  SMB Enumeration

nmap --script=smb-enum* -p 139,445 $IP
smbclient -L \\$IP\ -N
enum4linux-ng -A $IP
smbmap -H $IP

๐ŸŒ HTTP/HTTPS

whatweb $URL
nikto -h $URL
ffuf -u $URL/FUZZ -w /usr/share/wordlists/dirb/common.txt -fs 4242

SSL Enum:

sslscan $IP

๐Ÿ”‘ FTP/SSH

ftp $IP
hydra -l $USERNAME -P /usr/share/wordlists/rockyou.txt ftp://$IP
hydra -l $USERNAME -P /usr/share/wordlists/rockyou.txt ssh://$IP

๐Ÿงช Misc

nc -nv $IP $RPORT         # Check open port manually
curl -I $URL              # HTTP header check

Next: 02_web_02_WebExploitationexploitation

Graph View

Backlinks