Active Reconnaissance

Nmap

nmap -sP 192.168.1.0/24 -oN scan-alive-hosts.txt
nmap -sP 192.168.1.1,5,100,150 -oN scan-alive-hosts.txt

Default script, All ports, Version + OS Discovery, TCP scan

nmap -sC -A -T4 -oN nmap-tcp-initial.txt 192.168.1.1 -p-

UDP Scan:

nmap -sU --top-ports 100 -oN nmap-udp-initial.txt 192.168.1.1

nmap <ip> -p 80,443 --script=http-shellshock --script-args uri=/cgi-bin/xx.cgi

dig @<dns_server> <domain_name> -t AXFR +nocookie

Build for doing large scale but fast scanning

scanner/portscan

post/windows/gather/arp_scanner RHOST=<ip_range>

To use a session as a route:

post/multi/manage/autoroute

Find known exploit. Usage:

searchsploit <keyword>

To copy the exploit script:

searchsploit <EDB-ID> -m <Output_Location>

Last updated 4 years ago

Was this helpful?