Skip to content

Recon General Notes

Jump to bottom
TheGetch edited this page May 14, 2021 · 2 revisions

Recon General Notes

"PCAP IT OR IT DIDNT HAPPEN...its up to you if you need to"

tcpdump:

  • tcpdump -i eth0
  • tcpdump -c -i eth0
  • tcpdump -A -i eth0
  • tcpdump -w 0001.pcap -i eth0
  • tcpdump -r 0001.pcap
  • tcpdump -n -i eth0
  • tcpdump -i eth0 port 22
  • tcpdump -i eth0 -src 172.21.10.X
  • tcpdump -i eth0 -dst 172.21.10.X

Other tools:

Tshark (Command Line Wireshark) Wireshark

Host Scanning

DNSRecon:

  • dnsrecon -d www.example.com -a
  • dnsrecon -d www.example.com -t axfr
  • dnsrecon -d <startIP-endIP>
  • dnsrecon -d www.example.com -D <namelist> -t brt

Dig:

  • dig www.example.com + short
  • dig www.example.com MX
  • dig www.example.com NS
  • dig www.example.com> SOA
  • dig www.example.com ANY +noall +answer
  • dig -x www.example.com
  • dig -4 www.example.com (For IPv4)
  • dig -6 www.example.com (For IPv6)
  • dig www.example.com mx +noall +answer example.com ns +noall +answer
  • dig -t AXFR www.example.com

Sublis3r:

  • Sublist3r -d www.example.com
  • Sublist3r -v -d www.example.com -p 80,443

OWASP AMASS:

  • amass enum -d www.example.com
  • amass intel -whois -d www.example.com
  • amass intel -active 172.21.0.0-64 -p 80,443,8080,8443
  • amass intel -ipv4 -whois -d www.example.com
  • amass intel -ipv6 -whois -d www.example.com

_Sidebar

Home

1. Recon

Ping Sweep

CIDR to IP

2. Enumeration

Enumeration General Notes

Host/Port Scanning

Services

01. FTP (21)

02. SSH (22)

03. SMTP (25)

04. DNS (53)

05. HTTP (80,443,8080,8443,etc.)

06. POP3 (110)

07. SMB (139,445)

08. SNMP (161,162)

09. LDAP (389)

10. MS-SQL or MySQL (1433,3306)

11. RDP (3389)

12. Winrm (5985)

13. Memcache (11221)

3. Exploitation

Exploitation General Notes

4. Post Exploiation

Post Exploitation General Notes

Editable Service

Privilege Escalation

Scheduled Jobs/Tasks

5. High Value Information

Hashes

6. Reporting

7. Random Notes/Useful Tidbits

Clone this wiki locally