Menu
Home
About
Our Role
Goals
The Team
Roadmap
Tokenomics
How To Buy
Knowledge Base
Contacts
Sitemap & Links
A.I.
Chart
Shop
IMMORTALITY
🏠
⬇️
Enumerate
New name
B
I
U
S
link
image
code
HTML
list
Show page
Syntax
* DNS Enumeration whois hostname whois ipaddress host ipaddress dig hostname A dig hostname MX dig hostname NS dig hostname TXT dig hostname CNAME dig hostname SOA dig axfr @nameserver hostname dig -x ipaddress dig +dnssec hostname python sublist3r.py -d hostname amass enum -d hostname subfinder -d hostname -o subfinder_output.txt assetfinder --subs-only hostname | tee assetfinder_output.txt gobuster dns -d hostname -w /usr/share/wordlists/dns/subdomains-top1million-5000.txt -o gobuster_dns_output.txt * Network Scanning nmap -sS -p- -A -T4 hostname nmap -sS -p- -A -T4 --script vuln,smb-enum-shares,smb-enum-users,dns-brute,http-title,http-headers,snmp-info,mysql-info hostname nmap -sU -p- -T4 hostname nmap -O hostname nmap -sV hostname nmap -A hostname nmap -sn ipaddress/24 Other tools: # hping3 # loic # slowloris * Web Application Scanning nikto -h http://hostname -output nikto_report.txt dirb http://hostname /usr/share/dirb/wordlists/common.txt wapiti -u http://hostname -f html -o wapiti_report.html arachni http://hostname --output-only-positives --report-save-path=arachni_report.afr zap.sh -cmd -quickurl http://hostname -quickout report.html -port 8190 * SSL/TLS Analysis sslscan hostname ./testssl.sh --html --outprefix testssl_report hostname sslyze --regular hostname * SMB Enumeration smbmap -H ipaddress enum4linux -a ipaddress * SNMP Enumeration snmpwalk -c public -v1 ipaddress snmpcheck -t ipaddress -c public * SMTP Enumeration smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t hostname * HTTP Header Analysis curl -v http://hostname http -v http://hostname * Banner Grabbing nc -v hostname port telnet hostname port * OSINT Tools theHarvester -d hostname -b all -f theharvester_report.html recon-ng marketplace install all modules load recon/domains-hosts/hackertarget options set SOURCE hostname run * Cloud Enumeration python3 cloud_enum.py -k keyword * Email Harvesting python SimplyEmail.py -all -e domain.com * Additional Tools and Commands nessuscli agent link --key=your_key --groups=your_group --name=your_name --url=https://your_nessus_server:8834 openvasmd --create-task --name "Scan Task" --comment "Scan Task" --target your_target_id openvasmd --start-task your_task_id msfconsole use auxiliary/scanner/http/http_version set RHOSTS hostname run Others * hping3 * loic * slowloris * Metasploit Framework * Wireshark * Burp Suite Most of this textbook type of enumeration is easily identified, IP address identified and blocked, especially a port scan. Instead move straight to email attacks, ransomware, phishing attacks. For example if you are scammed by a website, they will post their payment providers and that sets the stage for both ransonware and phishing attacks.
Password
Summary of changes
📜
⏱️
⬆️