*Favorites

Commands

nmap -v -sn $IP                    ..Pings
nmap -v -sn 10.0.0.0/24            ..Pings
nmap -sV -A -oA nmap -p 22,80 $IP  ..Version Scripts Outs
nmap -p0-65535 -Pn -sT $IP         ..All TCP NoPing
nmap -p0-65535 -Pn -sU $IP         ..All UDP NoPing
nmap -A -sT -T4 -Pn -oA nmap $IP   ..NSE/Def TCP Fast Outs NoPing
nmap -Pn --script vuln $IP         ..vul/cve NoPing

wget -q --server-response https://$IP

dirb $IP
dirb http://$IP/admin -w      ..to follow other paths

gobuster dir -u http://$IP -w ..directory-list-2.3-medium.txt
gobuster dir -u https://$IP --noprogress --wordlist ..medium.txt -k
gobuster dir -u https://$IP -w ..medium.txt -k -x php,txt,bak,conf
gobuster dir -u http://$IP/cgi-bin/ -x sh,cgi,pl,py,php -w ..
gobuster -e -u 10.x.x.x:443 -w ..medium.txt -t 50 -o gobuster.log
gobuster dir -u http://$IP/admin -w ..

nikto -host http://$IP    ..might find LFI
nikto -host http://$IP/mypage/index.php

python cmsmap.py -t https://$IP -f W -F --noedb    ..try this!!

wpscan --url https://$IP
wpscan --url https://$IP --disable-tls-checks
wpscan --url https://$IP/wp/ --enumerate p
wpscan --url https://$IP -U elliot --passwords pw.dic

searchsploit linux kernel 2.6.32 priv esc 
searchsploit -x 41006.txt ..read/explain docs/poc 
searchsploit -m 40839.c   ..download the exploit

LFI Scans:
python fi-cyberscan.py -t http://$IP/cyber.php?page= -m1
fimap -u $IP  ..in kali

logme

  • script - works like a new shell

  • Writes all output to a script file, and preserves formatting

  • Even logs reverse shell locally.

  • Could save this to ~/.bashrc

  • Usage:

    • logme - start

    • scriptfile - view current file/save

    • cat myscriptfile - view data

logme () { export SCRIPTFILE="$(date +%s)-${$}" echo "Starting tty logging to ~/scripts/${SCRIPTFILE}..." script -c /bin/bash -q "~/scripts/${SCRIPTFILE}" } scriptfile () { echo "${SCRIPTFILE}"; }

Autorecon - try this!

sudo python3 autorecon.py $IP -o /home/beep/
Previous02 ScanNextBurp

Last updated