Pentest Book
Pentest Book
/home/six2dez/.pentest-book
Contribute/Donate
Recon
Public info gathering
AIO Recon Tools
Domain Enum
Subdomain Enum
Network Scanning
Host Scanning
Packet Scanning
Enumeration
Files
SSL/TLS
Ports
Web Attacks
Web Technologies
Cloud
Exploitation
Payloads
Reverse Shells
File transfer
Post Exploitation
Linux
Pivoting
Windows
Mobile
General
Android
iOS
Others
Burp Suite
VirtualBox
Code review
Pentesting Web checklist
Web fuzzers review
Recon suites review
Subdomain tools review
Random
Master assessment mindmaps
BugBounty
Exploiting
tools everywhere
Powered by GitBook

Host Scanning

nmap

# Fast simple scan
nmap 10.11.1.111
​
# Nmap ultra fast
nmap 10.11.1.111 --max-retries 1 --min-rate 1000
​
# Get open ports
nmap -p - -Pn -n 10.10.10.10
​
# Get sV from ports
nmap -pXX,XX,XX,XX,XX -Pn -sV -n 10.10.10.10
​
# Full complete slow scan with output
nmap -v -A -p- -Pn --script vuln -oA full 10.11.1.111
​
# Network filtering evasion
nmap --source-port 53 -p 5555 10.11.1.111
    # If work, set IPTABLES to bind this port
    iptables -t nat -A POSTROUTING -d 10.11.1.111 -p tcp -j SNAT --to :53
​
# Scan for UDP
nmap 10.11.1.111 -sU
nmap -sU -F -Pn -v -d -sC -sV --open --reason -T5 10.11.1.111
​
# With naabu
naabu -top-ports 1000 -silent -exclude-cdn -nmap-cli 'nmap -sV --min-rate 40000 -T4 --open --max-retries 2 -oN -' 10.10.10.10
Recon - Previous
Network Scanning
Next - Recon
Packet Scanning
Last updated 2 weeks ago
Edit on GitHub