Network Scanning and Enumeration

Network Scans

1. Nmap Commands:

Perform a TCP SYN scan on a target:

nmap -sS <target>

Perform a UDP scan on common ports:

nmap -sU -p  53,67,68,123 <target>

Perform a version detection scan:

nmap -sV <target>

Perform an aggressive scan with OS detection and version detection:

`nmap -A <target>`

Save the scan results to a file:

nmap -oN scan_results.txt <target>

2. DNS Enumeration: Perform a basic DNS zone transfer:

nslookup 
> server <DNS_Server_IP>  
> ls -d <target_domain>

Enumerate subdomains using a tool like Sublist3r:

sublist3r -d <target_domain>

3. SNMP Enumeration: Enumerate SNMP information using snmpwalk:

snmpwalk -c <community_string> -v1 <target>

4. SMB Enumeration: Enumerate shares using smbclient:

smbclient -L //<target_IP> -U <username>

Enumerate user accounts using enum4linux:

enum4linux -U <target_IP>

5. SMTP Enumeration: Enumerate SMTP information using Telnet:

telnet <target_IP> 25
VRFY <username>

7. Web Application Enumeration:

Enumerate web directories using gobuster:

gobuster dir -u http://<target_IP> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Identify hidden files and directories using wfuzz:

wfuzz -c -z file,/usr/share/wordlists/dirb/common.txt --hc 404 http://<target_IP>/FUZZ

8. SSH Enum:

OpenSSH 7.2.p2 users enumeration python - https://github.com/sodomak/sshenum

Last updated 1 year ago