Pentest Tips
  • ABOUT
  • Information Shares
  • CTF
    • Stego
    • Memory
  • Blue Team
    • Tools/Resources
    • One Liners
    • Threat Hunting
    • Scripts
    • Intrusion
  • Web
    • Resources
    • General Web
    • Subdomain Discovery
    • Content Discovery
    • MYSQL
    • Burpsuite
  • Network Exploitation
    • Resources
    • Kerberos
    • Network Based
    • Phishing
    • Metasploit
    • Weaponization
    • Password Cracking
    • Shell Upgrades
    • Linux PrivEsc
    • Windows PrivEsc
    • Windows Persistence
    • Exfiltration
  • Windows Internals
    • Kernal
  • Recon
    • Nmap
    • OSINT
    • SMB Enumeration
    • LDAP
    • Physical
  • Malware
    • Obfuscation
  • Scripting
    • Bash Basics
    • Powershell Basics
  • Cloud
    • AWS
  • Game Hacking
    • Resources
Powered by GitBook
On this page
  • Nmap
  • Good opsec
  • Port Scans
  • Host Discovery (ping sweep)
  • Aggressive Scan a single port
  • Syn Scan for all open ports
  • Fuck you tell me scans (can be loud)
  • Threader3000
  • Enumeration
  • SMB Enumeration
  • RPC Enumeration
Edit on GitHub
  1. Recon

Nmap

Nmap

Nmap is a very useful and effective port-scanner / network enumeration tool. Here are some fun things you can do with it:

Good opsec

Do not forget to use the following flag when stealth is important.

--script-args http.useragent="CUSTOM_AGENT"

Port Scans

Host Discovery (ping sweep)

nmap -sn <ip>/<cidr>

Aggressive Scan a single port

nmap -p<port> -A <ip>

Syn Scan for all open ports

nmap -p- -sS <ip>

Fuck you tell me scans (can be loud)

nmap -p- -v -T4 <ip>
nmap -p<ports> -sV -sC -T4 -Pn -oA <ip> <ip>

Threader3000

Threader3000 has quickly became my go to port scanning tool. It can be used to quickly scan all ports on a host, then perform a verbose Nmap scan on only the discovered ports. The speed and thoroughness of this tool just cant be beat 

pip install threader3000
threader3000

Enumeration

SMB Enumeration

nmap -p445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>

RPC Enumeration

nmap -p 111 --script=nds-la,nfs-statfs,nfs-showmount <ip>
PreviousKernalNextOSINT

Last updated 3 years ago

https://github.com/dievus/threader3000