Recon

#common vulnerable ports to scan 

UDP Ports: 53,69,111,161,500,623,2049

TCP Ports: 21,22,23,25,53,80,81,88,110,111,123,137-139,161,389,443,445,500,512,513,548,623-624,1099,1241,1433-1434,1521,2049,2483-2484,3268,3269,3306,3389,4333,4786,4848,5432,5800,5900,5901,6000,6001,7001,8000,8080,8181,8443,10000,16992-16993,27017,32764

#masscan against targets

masscan -p <ports> --open --banners -oG output.txt -iL targets.txt

#Nmap on:

  1. TCP + UDP

  2. Common ports first --> then ALL ports

  3. Enumerate versions

  4. Enumerate OSs

  5. Vuln scan

  6. NSE scans

  7. Run nmapAutomator in the background with "all" flag

#Enumerate HTTP-HTTPS with nmap and Aquatone

cat scans/nmap-tcp.xml | aquatone -nmap -ports xlarge -out aquatone

#wafw00f | check if WebApp is behind a firewall

wafw00f countrygarden.com.cn

#host,whois,dig,nslookup....

#Sn1p3r

#Nuclei

#OWASP ZAP

#TCPDump save packet capture

#DNS enum

#Responder LLMNR / NBTNS

#Enumerate AD naming context

#Locate AD domain controllers

#Null session enum

#ASREPRoasting

#Kerberoasting

PreviousRules of engagementNextSocial Engineering

Last updated