Show Menu
Cheatography

Enumeration Cheat Sheet by

This should get you up and running and start your enumeration journey

Nmap

Switch
Example
Descri­ption
 
nmap 192.16­8.1.1
Scan a single IP
 
nmap 192.16­8.1.1-254
Scan IP range
 
nmap 192.16­8.1.0/24
Scan a network
-sV
nmap 192.16­8.1.1 -sV
Attempts to determine the version of the service running on port
-A
nmap 192.16­8.1.1 -A
Enables OS detection, version detection, script scanning, and traceroute
-sT
nmap 192.16­8.1.1 -sT
TCP connect port scan (Default without root privilege)
-sU
nmap 192.16­8.1.1 -sU
UDP port scan
 

Gobuster

Gobuster is a tool used to brute-­force:
 ­ ­-URIs (direc­tories and files) in web sites.
 ­ -DNS subdomains (with wildcard support).
 ­ ­-Vi­rtual Host names on target web servers.
DIR mode
To find direct­ories and files.
gobuster dir -u <ur­l> -w <wo­rdl­ist­_fi­le.t­xt> -x <fi­le_­ext­ens­ion­s>
vhost mode
Check if subdomain exists by visiting url and verifying the IP address.
gobuster vhost -v -w <wo­rdl­ist.tx­t> -u <ur­l> -o <ou­tpu­t_f­ile.tx­t>
DNS mode
To find subdomains in a specific domain.
gobuster dns -d <do­mai­n> -w <wo­rd_­lis­t.t­xt> -i
-k to skip SSL verifi­cation
 

Linux

helpfull linux commands
connect to remote host
 ssh userna­me@­server Ex. ssh root@1­92.1­68.1.250
search for files in a directory hierarchy
find file in the current directory
 find . -name test
find files with certain permission
 find . -perm 664
search words in file
 grep "­lit­era­l_s­tri­ng" filename
pipe
you can redirect the output of a command to the input of an other command
 cat file | wc -l get number of lines in file
output redire­ction
you can redirect the output to file
 echo 'hello there' > file
 

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.