Show Menu
Cheatography

Enumeration Cheat Sheet by

This should get you up and running and start your enumeration journey

Nmap

Switch
Example
Descri­ption
 
nmap 192.16­8.1.1
Scan a single IP
 
nmap 192.16­8.1.1-254
Scan IP range
 
nmap 192.16­8.1.0/24
Scan a network
-sV
nmap 192.16­8.1.1 -sV
Attempts to determine the version of the service running on port
-A
nmap 192.16­8.1.1 -A
Enables OS detection, version detection, script scanning, and traceroute
-sT
nmap 192.16­8.1.1 -sT
TCP connect port scan (Default without root privilege)
-sU
nmap 192.16­8.1.1 -sU
UDP port scan
 

Gobuster

Gobuster is a tool used to brute-­force:
 ­ ­-URIs (direc­tories and files) in web sites.
 ­ -DNS subdomains (with wildcard support).
 ­ ­-Vi­rtual Host names on target web servers.
DIR mode
To find direct­ories and files.
gobuster dir -u <ur­l> -w <wo­rdl­ist­_fi­le.t­xt> -x <fi­le_­ext­ens­ion­s>
vhost mode
Check if subdomain exists by visiting url and verifying the IP address.
gobuster vhost -v -w <wo­rdl­ist.tx­t> -u <ur­l> -o <ou­tpu­t_f­ile.tx­t>
DNS mode
To find subdomains in a specific domain.
gobuster dns -d <do­mai­n> -w <wo­rd_­lis­t.t­xt> -i
-k to skip SSL verifi­cation
 

Linux

helpfull linux commands
connect to remote host
 ssh userna­me@­server Ex. ssh root@1­92.1­68.1.250
search for files in a directory hierar­chy
find file in the current directory
 ­find . -name test
find files with certain permission
 ­find . -perm 664
search words in file
 ­grep "­lit­era­l_s­tri­ng" filename
pipe
you can redirect the output of a command to the input of an other command
 cat file | wc -l get number of lines in file
output redire­ction
you can redirect the output to file
 ­echo 'hello there' > file

Help Us Go Positive!

We offset our carbon usage with Ecologi. Click the link below to help us!

We offset our carbon footprint via Ecologi
 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.