Scanning

Nmap Scans

1. nmap -T4 -p- -A <IP> # T0 -> slowest but covert, T4 -> aggressive but noisy.

2. nmap -sU --top-ports 100 -vvv <IP> # UDP Ports

3. nmap --top-ports 100 -F # Top 100 Ports

4. nmap -p1-1023 <IP> # Port Range

5. nmap -p22,80,443 <IP> # Specific Ports

6. nmap <IP>/24 # Subnet

7. nmap -sT -p- --min-rate 5000 --max-retries 1 <IP> # TCP Ports

8. nmap -sU -p- --min-rate 5000 --max-retries 1 <IP> # UDP Ports

RustScan & Autorecon

1. RustScan: docker run -it --rm --name rustscan rustscan/rustscan:2.0.0 -a <IP> range 0-65535 -- -A

2. Autorecon: autorecon <IP>

Directory Busting

1. dirb http:///<IP>/ # If port -> 443, Do HTTPS

2. gobuster dir -x php,txt,xml,asp,aspx --url http://<IP>/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -b 404 -f

3. feroxbuster --url http://<IP>/ --filter-status 401,402,403,404 -x txt,cgi,sh,pl,asp,aspx,php --depth 2 --output ferox.result -k --wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -f

4. ffuf -c -u http://<IP>/FUZZ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt

Vulnerability Scanner - Nikto

1. nikto -host http://<IP>/ # If port -> 443, Do HTTPS