Scribd Logo
Upload

Welcome to Scribd!

  • Linux Cheatsheet

    Uploaded by

    rjkojas
    8 views2 pages
    This document provides a cheat sheet for network reconnaissance using Nmap. It summarizes the main Nmap syntax including target specification, scan types, output options, and scripting options. Additional sections cover DNS enumeration, service enumeration techniques using tools like Nmap, SNMPwalk, and nc. The cheat sheet is intended to serve as a quick reference for common Nmap commands and reconnaissance techniques.

    Original Description:

    basic commands

    Original Title

    linux cheatsheet

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a cheat sheet for network reconnaissance using Nmap. It summarizes the main Nmap syntax including target specification, scan types, output options, and scripting options. Additional sections cover DNS enumeration, service enumeration techniques using tools like Nmap, SNMPwalk, and nc. The cheat sheet is intended to serve as a quick reference for common Nmap commands and reconnaissance techniques.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views2 pages

    Linux Cheatsheet

    Uploaded by

    rjkojas
    This document provides a cheat sheet for network reconnaissance using Nmap. It summarizes the main Nmap syntax including target specification, scan types, output options, and scripting options. Additional sections cover DNS enumeration, service enumeration techniques using tools like Nmap, SNMPwalk, and nc. The cheat sheet is intended to serve as a quick reference for common Nmap commands and reconnaissance techniques.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Network Recon Cheat Sheet

    by coffeefueled via cheatography.com/25996/cs/7096/

    Nmap Base Syntax Scan Options (cont) Output Options

    # nmap [Scan Type] [Options] UDP Scan -v|vv​|vvv verbosity


    {targets} UDP
    -sU -d<0-​9> debugging

    SCTP Scan Types --reason explain port and host


    Target Specif​ication
    states
    -sY INIT
    Single IPv4: 192.1​68.1.1 File Outputs
    -sZ COOKIE ECHO
    Single IPv6: AAAA::FF -oN <fi​le> normal
    Protocol Scan
    FQDN: host.l​ocal oX <fi​le> XML
    -sO IP Protocol Scan
    IPv4 Range: 192.1​68.1.2​7-78 -oS <fi​le> script kiddie

    CIDR Block: 192.1​68.1.0/16 -p - Port Options -oG <fi​le> grepable

    File: -iL target​s.txt Exclude ports -oA all

    --exclude ports <port ranges​> <ba​sen​ame​>


    Host Discovery Options
    Protocol specif​ication
    -sL list hosts and reverse DNS Scripting Engine Options
    T21-25 - TCP ports 21 to 25
    -sn discovery probes only U53,111,137 - UDP ports 53, 111, 137 Use default scripts

    -Pn skip discovery stage S22 - SCTP port 22 -sC

    P - IP Protocol --script=default
    -n disable reverse DNS resolution
    Fast port scan Run scripts (indiv​idual or list)
    -R force reverse DNS resolution
    -F - scan top 100 ports (default 1000) --script
    --dns-servers <list>
    <filename> - script filename
    Sequential port scan
    <category> - category of scripts
    Scan Options -r - sequential scan (default random)
    <directory> - scripts in directory
    TCP Scan Types Ports in nmap-s​ervices file <expression> - boolean expression

    -sS SYN [1-65​535] - ports in nmap-services [,...] - continue comma separated list

    -sT Connect --port-ratio - ports with greater ratio Script arguments


    --top-ports <n> - n highest ratio
    -sN NULL --script-args
    <n1>=<v1>
    -sF FIN
    -o - OS Detection Options <n2>={<n3>=<v3>}
    -sX Xmas (FIN, PSH, URG)
    --oss​can​-limit only live machines <n4>={<v4>,<v5>}
    -sA ACK
    --fuzzy low-pr​oba​bility guesses Load script args from a file
    -sW Window
    --scr​ipt​-ar​gs-file <fi​len​ame​>
    -sM FIN/ACK
    Debug inform​ation
    -sI <zombie use zombie
    --scr​ipt​-trace
    host>
    Update script database
    --sca​nflags URG/A​CK/​PSH​/RS​T/S​Y
    --scr​ipt​-up​datedb
    [flags] N/FIN

    By coffeefueled Published 11th February, 2016. Sponsored by Readability-Score.com


    cheatography.com/coffeefueled/ Last updated 13th May, 2016. Measure your website readability!
    Page 1 of 2. https://readability-score.com
    Network Recon Cheat Sheet
    by coffeefueled via cheatography.com/25996/cs/7096/

    -sV - Version Detection Options DNS Enumer​ation Service Enumer​ation (cont)

    send less common probes (default 7) dnsr​econ ​ ​ ​ -a all simple


    enumer​ation
    --version intensity <0-​9> --domain domain to target
    ​ ​ ​ -u user -p authen​ticated
    light version scanning (intensity 2) --range IP range for reverse
    pass
    lookup
    --version light
    --nam​e_s​erver DNS server SMTP TCP 25, 110
    full version scanning (intensity 9)
    --dic​tionary dictionary of targets nc -nv <ad​dre​ss> 25
    --ver​sio​n-all
    <fi​le> ​ ​ ​ ​VRFY verify address
    debug inform​ation
    --type type of enumeration ​ ​ ​ ​EXPN query mail list
    --ver​sio​n-t​race
    std standard
    SNMP UDP 161
    Google sub-
    goo
    Miscel​laneous Options domains one​six​tyo​ne
    axfr
    test for zone
    tld ​ ​ ​ -c <fi​le> community strings
    -6 IPv6 transfers
    test against IANA ​ ​ ​ -i <fi​le> targets
    -A Aggressive -O -sV -sC --
    TLDs ​ ​ ​ -o <fi​le> output file
    trac​ero​ute
    -w deep whois analysis
    snm​pwalk [opt] agent [OID]
    -T Timing options
    slowest scan --csv export to CSV
    paranoid|0 ​ ​ ​ -c <st​rin​g> community string
    sneaky|1 slower scan dnsenum
    ​ ​ ​ ​-v​{1|​2c|3} version
    slow scan
    polite|2 --dns​server target dns server
    default snmpcheck enumer​ation tool
    normal|3 <se​rve​r>
    faster scan -t <address> target
    aggressive|4 fastest scan community string
    --subfile output file -c
    insane|5 detect write access
    <fi​le> -w
    Runtime Commands
    SQL TCP 1433,3306
    v|V +|- verbosity Service Enumer​ation
    sql​map
    d|D +|- debugging Useful command lines
    ​ ​ ​ ​--​url​="ur​l" target
    p|P on|off packet tracing nmap -v -p <po​rts> -oG <fi​le>
    ​ ​ ​ ​--​dbm​s=<​DBM​S> force dbms
    <ad​dress range>
    ​ ​ ​ -a retrieve all
    ls -l
    /usr/s​har​e/n​map​/sc​rip​ts/​<pr​oto​col​>* ​ ​ ​ ​--​dump dump data

    SMB TCP 139,445 ​ ​ ​ ​--​os-​shell retrieve shell

    nbt​scan ​ ​ ​ ​--​crawl crawl site


    <de​pth​>
    ​ ​ ​ -r use port 137

    ​ ​ ​ ​<a​ddress range> targets

    enu​m4l​inux

    By coffeefueled Published 11th February, 2016. Sponsored by Readability-Score.com


    cheatography.com/coffeefueled/ Last updated 13th May, 2016. Measure your website readability!
    Page 2 of 2. https://readability-score.com

    You might also like