- Always start logging terminal history before running any commands:
script -f ./history-<tab_number>.log- Google:
site:*.<domain> - Sublist3r (better use VPN in case of blocks):
python ~/sublist3r/sublist3r.py -d <domain> -o domains.txt -t 1- Scan common TCP ports of domains listed in the file:
nmap -v -sV -sC -iL ./domains.txt -oN nmap.txt- Scan common TCP ports:
nmap -v -sV -sC <single_ip_or_range> - Aggressively SYN scan all TCP ports:
sudo nmap -v -p- -sS -A <single_ip_or_range>- Scan all TCP ports for known vulnerabilities:
sudo nmap -v -p- --script vuln <single_ip_or_range>- Aggressively scan common UDP ports:
sudo nmap -v --top-ports 20 -A -sU <single_ip_or_range>- TCP 20, 21 - File Transfer Protocol (FTP)
- TCP 22 - Secure Shell (SSH)
- TCP 23 - Telnet
- TCP 25, 465, 578 - Simple Mail Transfer Protocol (SMTP)
- TCP 53 - Domain Name System (DNS)
- TCP 80, 443 - HTTP
- TCP 135, 539 - Microsoft Remote Procedure Call (MSRPC)
- TCP 139, 445 - Server Message Block (SMB)
- TCP 873 - Rsync
- TCP 1433 - Microsoft SQL Server (MSSQL)
- TCP 1521 - Oracle DB
- TCP 2049 - Network File System (NFS)
- TCP 3306 - MySQL
- TCP 3389 - Remote Desktop Protocol (RDP)
- TCP 5432 - PostgreSQL
- TCP 5985, 5986 - Windows Remote Management (WinRM)
- TCP 6379 - Redis
- TCP 8082, 9092 - H2
- TCP 27017 - MongoDB
- UDP 161 - Simple Network Management Protocol (SNMP)
- Sqlite
- Buffer Overflow
- Linux Privesc
- Windows Privesc
- Utilities