☕
My OSCP Journey: Tips, Tricks, and Cheat Sheets
  • Introduction
  • Network Scan
  • Services Exploitation
    • 21 - FTP
    • 25, 465, 587 - SMTP
    • 53 - DNS
    • 88 - Kerberos
    • 80, 443 - HTTP/S
    • 110, 995 - POP
    • 111 - NFS/RPC
    • 135, 593 - MSRPC
    • 139, 445 - SMB
    • 143, 993 - IMAP
    • 161 - SNMP
    • 389, 636, 3268, 3269 - LDAP
    • 3306 - Mysql
    • 5432 - Postgres
    • 27017 - MongoDB
  • Web Application Attacks
    • SQL Injection
    • File Inclusion Vulnerabilty
    • Command Injection
    • Client-Side Attacks
  • Brute Forcing
  • Privilege Escalation
    • Manual Enumeration
      • Windows Enumeration
      • Linux Enumeration
    • Windows Privesc
    • Linux Privesc
  • Active Directory
    • AD Manual Enumeration
    • AD Automatic Enumeration
    • AD Authentication
    • AD Lateral Movement
    • AD Attacking Kerberos
    • Hash Cracking Techniques
  • Transfer Files
    • Windows Downloads
    • Windows Uploads
  • Shells
    • Reverse/Bind Shells
    • Web Shells
Powered by GitBook
On this page
  • Automatic Network Scan
  • Mynmap
  • NmapAutomator
  • Manual Network Scan
  • Nmap
  • Netcat
  • Masscan

Was this helpful?

Edit on GitHub

Network Scan

PreviousIntroductionNextServices Exploitation

Last updated 2 years ago

Was this helpful?

Automatic Network Scan

Mynmap

Here's a very simple bash script I made myself. It is designed to automate the configuration and execution of port scans on a specified domain or IP address. The code is written to be run on Linux systems and requires the Nmap package to function correctly.

Usage

Mandatory arguments:

-t, --target <TARGET_IP>     #The IP address of the target to scan.
-d, --domain <DOMAIN_NAME>   #The domain name of the target to scan.

Optional arguments:

-nc, --no-colors             #Disable console coloring.

Examples:

./port-scan.sh -t 192.168.1.1 -d mydomain.com
./port-scan.sh -t 10.0.0.2 -d mydomain.com --no-colors

NmapAutomator

The main goal for this script is to automate the process of enumeration and recon that is run every time, and instead focus our attention on real pentesting.

Manual Network Scan

Nmap

Nmap large scan

nmap -sVC -sS -sU -T4 -p- <IP_RANGE> -oG output.txt

Grep nmap output to search for live hosts

grep Up ping-sweep.txt | cut -d " " -f 2

Search for nse script for nmap:

cd /usr/share/nmap/scripts/
head -n 5 script.db
cat script.db  | grep '"vuln"\|"exploit"'

Use --script vuln to run all scripts in the "vuln" category against a target in the PWK labs:

sudo nmap --script vuln 10.11.1.10

Netcat

Netcat UDP scan

nc -nv -u -z -w 1 10.11.1.0/24 1-65535

Netcat TCP scan

nc -nvv -w 1 -z 10.11.1.0/24 1-65535

Masscan

Masscan 

sudo masscan -p80 10.11.1.0/24 --rate=1000 -e tap0 --router-ip 10.11.0.1
LogoGitHub - Astaruf/mynmap: A bash script to automate nmap scans for HTB/CTFs/OSCP.GitHub
LogoGitHub - 21y4d/nmapAutomator: A script that you can run in the background!GitHub