Network / Hosts discovery

Network / Hosts discovery

Nmap - Services discovery

Hosts discovery

nmap -v --privileged -n -PE  -PS21-23,25,53,80,88,110-111,113,115,135,139,143,220,264,389,443,445,449,524,585,636,993,995,1433,1521,1723,3306,3389,5900,8080,9100 -PU53,67-69,111,123,135,137-139,161-162,445,500,514,520,631,1434,1701,1900,4500,5353,49152 -sS -sU -p T:21-23,25,80,110,113,115,139,143,220,264,443,445,449,524,585,993,995,1433,1521,1723,8080,9100,U:123,2049,69,161,500,1900,5353  --max-retries 3 --min-rtt-timeout 100ms --max-rtt-timeout 1250ms --initial-rtt-timeout 100ms --defeat-rst-ratelimit --open -O --osscan-guess --max-os-tries 1 -oA discover -iL target.txt

Alive Hosts

cat discover.gnmap | grep "/open/" | cut -d " " -f 2 | sort -u > alive.txt

Top 7000 TCP

nmap -Pn -n -T4 --open -v -A --version-all --max-retries 2 --max-os-tries 1 --top-ports 7000 -oA nmap_top7000 -iL alive.txt

NXC - Computers

nxc ldap [DC_IP] -u '' -p '' --computers
nxc smb [DC_IP] -u '' -p '' --computers

nxc ldap [DC_IP] -u '' -p '' --computers | awk '{print $5}' > hosts.txt

If null sessions are not allowed use valid credentials

Resolve IP:

while read -r line; do host "$line" | grep "has address" | awk '{print $4}'; done < hosts.txt | sort -u > ips.txt

Earn Free Crypto / BTC with Cointiply

Play Games Earn Cash Rewards