Identify Scope
Last updated
Last updated
Identification (Domain)
Scan and Vulnerabilities
NMAP Command
Using Ping sweep for the network:
Scan and display open ports:
Determine open services:
Scan http and https (tcp) ports:
Scan DNS (udp):
Scan UDP and TCP together, be verbose on a single host and include optional skip ping:
NESSUS Command
Basic Nessus Scan:
Batch-mode Scan:
Get the report:
OPENVAS Command
Step 1: Install server, client, and plugins:
Step 2: Update the vulnerability database:
Step 3: Add a user to the client:
Step 4: Log in: sysadm
Step 5: Authenticate (pass/cert) [pass]: [HIT ENTER]
Step 6: Enter password: Based on the added user policies
Step 7: Allow the user to scan networks requiring authentication:
Step 8: Use Ctrl+D key combination to exit.
Step 9: Start the server:
Step 10: Choose the target for the scan: Create a file containing the targets.
Step 11: Add various hosts on each line:
Step 12: Begin scan:
Step 13: (Optional) Start the scan in HTML format:
Windows
Network Identification
Basic Network Identification:
Using ping to scan and save the result in a file:
Basic nbtstat scan:
Hashing all executable files in a specific path:
DNS reporting start and viewing DNS reports:
View DHCP reports on Red Hat 3 and Ubuntu:
Network Identification:
Linux
Commands to list all OUs, workstations, servers, domain controllers, and more:
Active Directory Inventory
Basic scans for target IP, IP range, domain, and names within a text file:
Microsoft Baseline Security Analyzer (MBSA)
Guess or check password:
Passwords
Loop scan script:
Display logged-on user:
User Activities
Basic nbtstat scan and loop scan script:
NETBIOS
And other hash, file verification, and checksum operations with commands such as:
Using the File Checksum Integrity Verifier (FCIV) software:
Hashing
Log path setup, log file size configuration, etc.:
Enabling DNS Logging:
Default paths for various Windows versions:
DNS
Default paths for various Windows versions:
Enabling DHCP Reports:
DHCP
Enabling DHCP Reports:
Default paths for various Windows versions:
DNS
Default paths for various Windows versions:
Enabling DNS Logging:
Log path setup, log file size configuration, etc.:
Hashing
Using the File Checksum Integrity Verifier (FCIV) software:
And other hash, file verification, and checksum operations with commands such as:
NETBIOS
Basic nbtstat scan and loop scan script:
User Activities
Display logged-on user:
Loop scan script:
Passwords
Guess or check password:
Microsoft Baseline Security Analyzer (MBSA)
Basic scans for target IP, IP range, domain, and names within a text file:
Active Directory Inventory
Commands to list all OUs, workstations, servers, domain controllers, and more:
Linux
Network Identification:
View DHCP reports on Red Hat 3 and Ubuntu:
DNS reporting start and viewing DNS reports:
Hashing all executable files in a specific path:
Basic nbtstat scan:
Guess Passwords: