My Network Recon Checklist
Network Scan
# my preference
nmap -sV -sC -v -oA output <targetip>
nmap -p- -v <targetip>
#full tcp scan
nmap -sC -sV -p- -vv -oA full ip
nmap -sT -p- --min-rate 10000 -oA nmap/alltcp ip
nmap -sV -sC -O -T4 -n -Pn -oA fastscan <IP>
nmap -sV -sC -O -T4 -n -Pn -p- -oA fullfastscan <IP>
nmap -p- --min-rate 10000 -oA scans/nmap-alltcp ip
nmap -vvv -A --reason --script="+(safe or default) and not broadcast" -p <port> <host
nmap -p80 $ip –script http-put –script-args http-put.url=’/test/sicpwn.php’,httpput.le=’/var/www/html/sicpwn.php
#AutoRecon
ar -ct 4 -cs 10 -t examip.txt -o /root/oscp/exam/
ar -ct 4 -cs 10 ip
ar -ct 4 -cs 10 -t file.txt
python3 autorecon.py -ct 4 -cs 10
#Nmap Automator
na ip All
./nmapAutomator.sh ip All
#onetwopunch
/onetwopunch.sh -t targets -p all -n "-sV -O --version-intensity=9"
#reconnoitre
reconnoitre -t ip -o ~/oscp/practice/oscp1/tools-techniques/Reconnoitre/ --services
reconnoitre -t ip --services --quick -o /root
reconnoitre -t ip -o /root/oscp/exam/
#nikto
nikto -host ip
nikto -h ip
For port knocking
for x in 7000 8000 9000; do nmap -Pn --host_timeout 201 --max-retries 0 -p $x ip; done
#SNMP
#SNMP-Check
snmp-check ip
snmp-check $IP
snmpcheck -t $IP -c public
snmpcheck -t ip.X -c public
#onesixtyone
onesixtyone -c names -i hosts
#SNMPWALK
snmpwalk -c public -v1 $IP
#SNMPENUM
perl snmpenum.pl $IP public windows.txt
#NMAP SCRIPTS
nmap -p 88 --script krb5-enum-users --script-args krb5-enum-users.realm='domain.local',userdb=/usr/share/wordlists/SecLists/Usernames/top_shortlist.txt x.x.x.x
nmap -vv -sV -sU -Pn -p 161,162 --script=snmp-netstat,snmp-processes $IP
nmap -sU -p 161 --script /usr/share/nmap/scripts/snmp-win32-users.nse $IP
#port knock
for x in 7000 8000 9000; do nmap -Pn –host_timeout 201 –max-retries 0 -p $x server_ip_address; done
Port Knocking
Last updated
Was this helpful?