❓Enumeration

Nmap

nmap IP -sV -A -p- #Scan all ports. -sU for UDP scans.

Rustscan

rustscan -a IP # Faster than Nmap but only scans TCP. Run this first then scan service versions with Nmap.
rustscan -b 10 -a IP # This slows down rustscan because it scans 3000 ports per second which can damage a server or raise flags.

SSH Banner Grab

nc IP 22

Nikto

nikto -h IP -p ports # Good for scanner web apps.

FTP Banner Grab

nc -v IP Port

Gobuster

gobuster dir -k -u http://192.168.234.87:80 -x txt,html,php -t 100 -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
#Web Enumeration. Different file extensions can be added.
# Gobuster will not recursively enumerate directories, so it's a good idea to run Gobuster again on any discovered directories.

ffuf

ffuf -u http://10.10.210.116/FUZZ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt

You could also use any custom keyword instead of FUZZ, you just need to define it like this wordlist.txt:KEYWORD.

ffuf -u http://10.10.10.10/KEYWORD -w /usr/share/seclists/Discovery/Web-Content/big.txt:KEYWORD

Fuzzing Webpage Extensions

ffuf -u http://10.10.10.10/indexFUZZ -w /usr/share/seclists/Discovery/Web-Content/web-extensions.txt

PreviouseJPT NextLinux

Last updated 2 years ago

Was this helpful?