Linux
nc -nv -w 1 -z 192.168.220.151 1-100
nmap -sV -p- -vvv -iL ips.txt
nmap -sV -p- --script "vuln" -iL ips.txt
ls /usr/share/nmap/scripts/
locate *.nse
Windows
nc.exe -nv -w 1 -z 192.168.220.151 1-100
1..1024 | % {echo ((New-Object Net.Sockets.TcpClient).Connect("192.168.50.151", $_)) "TCP port $_ is open"} 2>$null
Linux
nc -nv -u -z -w 1 192.168.220.151 1-100
nmap -sU -iL ips.txt
Windows
nc.exe -nv -u -z -w 1 192.168.220.151 1-100
1..1024 | % {echo ((New-Object Net.Sockets.UdpClient).Connect("192.168.50.151", $_)) "UDP port $_ is open"} 2>$null
https://book.hacktricks.xyz/network-services-pentesting/pentesting-dns
Linux
host www.megacorpone.com
host -t mx megacorpone.com
host -t txt megacorpone.com
dnsrecon -d megacorpone.com -t std
dnsenum megacorpone.com
dig any megacorpone.com @192.168.220.151
nslookup -type=ANY info.megacorptwo.com 192.168.220.151
Windows
nslookup -type=ANY info.megacorptwo.com 192.168.220.151
feroxbuster -u http://'<IP>'/ -x html,php -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
ffuf -c -w /usr/share/wfuzz/wordlist/general/megabeast.txt -u http://'<IP>'/FUZZ
ffuf -c -w /usr/share/seclists/Discovery/DNS/n0kovo_subdomains.txt -u <http://fqdn.com/> -H "Host: FUZZ.fqdn.com" -fw 6
#To apis
/users/v1
/v2
...
https://book.hacktricks.xyz/network-services-pentesting/pentesting-smb
nmap -v -p 139,445 --script smb-os-discovery '<IP>'
enum4linux -a '<IP>'
smbclient -L '<IP>'
smbclient -L '<IP>' -U '%'
smbclient -L '<IP>' -U 'user'
net view \\\\'<IP>' /all
https://book.hacktricks.xyz/network-services-pentesting/pentesting-smtp