Enumerate

This revision is from 2024/10/21 04:15. You can Restore it.

whois hostname

whois ipadress

host ipaddress

nikto -h hostname

nmap -sS -p- -A -T4 hostname

nmap -sS -p- -A -T4 --script vuln,smb-enum-shares,smb-enum-users,dns-brute,http-title,http-headers,snmp-info,mysql-info hostname

dig hostname A

dig hostname MX

dig hostname NS

dig hostname TXT

dig hostname CNAME

dig hostname SOA

python sublist3r.py -d hostname

amass enum -d smmlaboratory.com

sslscan hostname

zap.sh -cmd -quickurl http://hostname -quickout report.html -port 8190

  • DNS Enumeration

dig axfr @nameserver hostname

dig -x ipaddress

dig +dnssec hostname

  • Network Scanning

nmap -sU -p- -T4 hostname

nmap -O hostname

nmap -sV hostname

nmap -A hostname

nmap -sn ipaddress/24

  • Web Application Scanning

dirb http://hostname /usr/share/dirb/wordlists/common.txt

nikto -h http://hostname -output nikto_report.txt

wapiti -u http://hostname -f html -o wapiti_report.html

arachni http://hostname --output-only-positives --report-save-path=arachni_report.afr

  • SSL/TLS Analysis

./testssl.sh --html --outprefix testssl_report hostname

sslyze --regular hostname

  • Subdomain Enumeration

subfinder -d hostname -o subfinder_output.txt

assetfinder --subs-only hostname | tee assetfinder_output.txt

gobuster dns -d hostname -w /usr/share/wordlists/dns/subdomains-top1million-5000.txt -o gobuster_dns_output.txt

  • SMB Enumeration

smbmap -H ipaddress

enum4linux -a ipaddress

  • SNMP Enumeration

snmpwalk -c public -v1 ipaddress

snmpcheck -t ipaddress -c public

  • SMTP Enumeration

smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t hostname

  • HTTP Header Analysis

curl -v http://hostname

http -v http://hostname

  • Banner Grabbing

nc -v hostname port

telnet hostname port

  • OSINT Tools

theHarvester -d hostname -b all -f theharvester_report.html

recon-ng

marketplace install all

modules load recon/domains-hosts/hackertarget

options set SOURCE hostname

run

  • Cloud Enumeration

python3 cloud_enum.py -k keyword

  • Email Harvesting

python SimplyEmail.py -all -e domain.com

  

📝 📜 ⏱️ ⬆️