# \*Favorites

## Commands

```
nmap -v -sn $IP                    ..Pings
nmap -v -sn 10.0.0.0/24            ..Pings
nmap -sV -A -oA nmap -p 22,80 $IP  ..Version Scripts Outs
nmap -p0-65535 -Pn -sT $IP         ..All TCP NoPing
nmap -p0-65535 -Pn -sU $IP         ..All UDP NoPing
nmap -A -sT -T4 -Pn -oA nmap $IP   ..NSE/Def TCP Fast Outs NoPing
nmap -Pn --script vuln $IP         ..vul/cve NoPing

wget -q --server-response https://$IP

dirb $IP
dirb http://$IP/admin -w      ..to follow other paths

gobuster dir -u http://$IP -w ..directory-list-2.3-medium.txt
gobuster dir -u https://$IP --noprogress --wordlist ..medium.txt -k
gobuster dir -u https://$IP -w ..medium.txt -k -x php,txt,bak,conf
gobuster dir -u http://$IP/cgi-bin/ -x sh,cgi,pl,py,php -w ..
gobuster -e -u 10.x.x.x:443 -w ..medium.txt -t 50 -o gobuster.log
gobuster dir -u http://$IP/admin -w ..

nikto -host http://$IP    ..might find LFI
nikto -host http://$IP/mypage/index.php

python cmsmap.py -t https://$IP -f W -F --noedb    ..try this!!

wpscan --url https://$IP
wpscan --url https://$IP --disable-tls-checks
wpscan --url https://$IP/wp/ --enumerate p
wpscan --url https://$IP -U elliot --passwords pw.dic

searchsploit linux kernel 2.6.32 priv esc 
searchsploit -x 41006.txt ..read/explain docs/poc 
searchsploit -m 40839.c   ..download the exploit

LFI Scans:
python fi-cyberscan.py -t http://$IP/cyber.php?page= -m1
fimap -u $IP  ..in kali
```

## logme

* **script** - works like a new shell
* Writes all output to a script file, and preserves formatting
* Even logs reverse shell locally.
* Could save this to \~/.bashrc
* Usage:
  * logme - start
  * scriptfile - view current file/save
  * cat myscriptfile - view data

```
logme () { export SCRIPTFILE="$(date +%s)-${$}" echo "Starting tty logging to ~/scripts/${SCRIPTFILE}..." script -c /bin/bash -q "~/scripts/${SCRIPTFILE}" } scriptfile () { echo "${SCRIPTFILE}"; }
```

## Autorecon - try this!

```
sudo python3 autorecon.py $IP -o /home/beep/
```