Nmap Technique

  • Quick commands
  • -sC means connect scan
  • -sV means do version dection of port service
  • -oA means ouput to .nmap .gnmap and .xml formats to specified file
  • –top-ports you can specify 100,1000,10000
  • -oN <filename> export to a normal file(like nmaps normal output)
  • -sS syn scan

http://wisteriagrove.com/?p=529 Initial Scan

nmap -oN scan.nmap -v -sS -sU -T5 –top-ports 1000

nmap -sC -sV -oA fighter

http://knockonwoodcustom.com/).css Scan top 10,000 ports

  • avg 134.74 seconds

nmap -oN scan.nmap -v -sS -sV –top-ports 1000

Using Vulners nse script

nmap -oN vulners.nmap -sV –version-intensity 9 –script vulners -p 80

Scan All ports

nmap -p- -T5 -oN all.nmap

Grep open ports

  • need nmap gerppable file

grep -oP ‘\d{1,5}/open’ scan.grep

Awk Open ports and pipe to new NMAP scan

  • -F ” |/” sets the field separator ie; 22/open
  • /open/ on any line that has “open” in it
  • {print $1} print the first field of that line ie; “22” if the line started with 22/open
  • {print \$NF”:”\$4} this would print the last field in the line followed by a colon and then the 4th field
  • ORS=”,” this replaces the newline chars with a comma putting all ports from an nmap scan into one line separated by commas
  • {print substr(\$1, 1, length(\$1)-1)} choose the line “\$1, 1,” and make it’s length the line itself minus one char “length(\$1)-1)}”
  • -I ‘{}’ Finally pipe to xargs with these params to store the line with now comma separated ports and feed into nmap

awk -F” |/” ‘/open/ {print $1}’ ORS=”,” scan.nmap | awk ‘{print substr($1, 1, length($1)-1)}’ | xargs -I ‘{}’ nmap -v -sV –version-intensity 9 –script vulners -p {}

GoBuster Using Multiple Lists

One issue I had with Gobuster and any of the site brute forcing tools like dirbuster/dirb is that they only take one list at a time per command.
So to run several lists through them is extremely tedious.

I instead opted to create a wrapper script in Python to call gobuster on multiple lists for me.  I used lists that come with the newer Kali upgrades/distros and make for a good start when attacking boxes for practice in labs or CTFs.

In case it isn’t installed the only non Python basic module needed is “sh”

“pip install sh”


Gist from my Github: