Edit

NMap

External

  • Full Scan:

sudo nmap -sS -Pn -sV --open -iL targets.txt -p- -vv --min-hostgroup 255 --initial-rtt-timeout 150ms --max-rtt-timeout 300ms --max-scan-delay 0 -oA FULL

  • UDP:

sudo nmap -Pn -sU -iL targets.txt -p 1-1024,5353,1900 -vvv | grep "/open" | awk '{ print $2 }' > UDP.txt

  • LDAP:

sudo nmap --open -p 389 -iL targets.txt -oG - | grep "/open" | awk '{ print $2 }' > 389.txt

  • HTTP:

sudo nmap --open -p 80 -iL targets.txt -oG - | grep "/open" | awk '{ print $2 }' > 80.txt

  • HTTPS:

sudo nmap --open -p 443 -iL targets.txt -oG - | grep "/open" | awk '{ print $2 }' > 443.txt

  • Alt HTTP:

sudo nmap --open -p 8080 -iL targets.txt -oG - | grep "/open" | awk '{ print $2 }' > 8080.txt

  • Alt HTTPS:

sudo nmap --open -p 8443 -iL targets.txt -oG - | grep "/open" | awk '{ print $2 }' > 8443.txt

  • FTP:

sudo nmap --open -p 21 -iL targets.txt -oG - | grep "/open" | awk '{ print $2 }' > 21.txt

  • SSH:

  • RDP:

  • All in one:

Internal

Linux

  • Full Scan:

  • Online Hosts(ICMP):

  • LDAP:

  • HTTP:

  • Alt HTTP:

  • HTTPS:

  • Alt HTTPS:

  • FTP:

  • SMB

  • Determine Which hosts don't have signing

  • SSH:

  • SMB

  • RDP:

  • If RDP is open

  • UDP:

  • Scan for shares that allow anonymous login

  • All In one:

Windows

  • Find Uphosts:

  • Scan and output to file:

  • SMB Signing Not Required:

  • SNMP Info (default community name)

  • Puts saved output into just list of IPs:

Last updated