Enumerate

This revision is from 2024/10/21 04:14. You can Restore it.

whois hostname

whois ipadress

host ipaddress

nikto -h hostname

nmap -sS -p- -A -T4 hostname

nmap -sS -p- -A -T4 --script vuln,smb-enum-shares,smb-enum-users,dns-brute,http-title,http-headers,snmp-info,mysql-info hostname

dig hostname A

dig hostname MX

dig hostname NS

dig hostname TXT

dig hostname CNAME

dig hostname SOA

python sublist3r.py -d hostname

amass enum -d smmlaboratory.com

sslscan hostname

zap.sh -cmd -quickurl http://hostname -quickout report.html -port 8190

  1. DNS Enumeration

dig axfr @nameserver hostname

dig -x ipaddress

dig +dnssec hostname

  1. Network Scanning

nmap -sU -p- -T4 hostname

nmap -O hostname

nmap -sV hostname

nmap -A hostname

nmap -sn ipaddress/24

  1. Web Application Scanning

dirb http://hostname /usr/share/dirb/wordlists/common.txt

nikto -h http://hostname -output nikto_report.txt

wapiti -u http://hostname -f html -o wapiti_report.html

arachni http://hostname --output-only-positives --report-save-path=arachni_report.afr

  1. SSL/TLS Analysis

./testssl.sh --html --outprefix testssl_report hostname

sslyze --regular hostname

  1. Subdomain Enumeration

subfinder -d hostname -o subfinder_output.txt

assetfinder --subs-only hostname | tee assetfinder_output.txt

gobuster dns -d hostname -w /usr/share/wordlists/dns/subdomains-top1million-5000.txt -o gobuster_dns_output.txt

  1. SMB Enumeration

smbmap -H ipaddress

enum4linux -a ipaddress

  1. SNMP Enumeration

snmpwalk -c public -v1 ipaddress

snmpcheck -t ipaddress -c public

  1. SMTP Enumeration

smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t hostname

  1. HTTP Header Analysis

curl -v http://hostname

http -v http://hostname

  1. Banner Grabbing

nc -v hostname port

telnet hostname port

  1. OSINT Tools

theHarvester -d hostname -b all -f theharvester_report.html

recon-ng

marketplace install all

modules load recon/domains-hosts/hackertarget

options set SOURCE hostname

run

  1. Cloud Enumeration

python3 cloud_enum.py -k keyword

  1. Email Harvesting

python SimplyEmail.py -all -e domain.com

  

📝 📜 ⏱️ ⬆️