Information Gathering

DNS Enumeration:

host $target

Using host to find the A host record for target

host -t mx $target

Using host to find the MX records for target

host -t txt $target

Using host to find the TXT records for target

dnsrecon -d $target -t std

Using dnsrecon to perform a standard scan

dnsrecon -d $target -D ~/list.txt -t brt

Brute forcing hostnames using dnsrecon

dnsenum $target

Using dnsenum to automate DNS enumeration

nslookup mail.target.com

Using nslookup to perform a simple host enumeration

masscan -p20,21-23,25,53,80,110,111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 $iptarget/24

#Using masscan to scan top20ports of nmap in a /24 range (less than 5min)

nmap -v -p 139,445 -oG smb.txt $ip_target

Using nmap to scan for the NetBIOS service

sudo nbtscan -r $ip_target/24

Using nbtscan to collect additional NetBIOS information

nmap -v -p 139,445 --script smb-os-discovery $ip_target

Using the nmap scripting engine to perform OS discovery

Last updated 3 months ago