search

General Enumeration

hashtag
SSH Version

If the machine allows SSH, then looking at the OpenSSH version will give you an idea of when the machine was last updated.

Also, if the machine was never updated (like in HackTheBox), then you can match the release date of the OpenSSH version to a Linux version. For example, if the machine is an Ubuntu machine, then you can look at which version of Ubuntu was latest when that release of OpenSSH was latest.

hashtag
Port Scanning

Port scanning is an important part of enumerating the services that are running on a network machine.

hashtag
Nmap

Normal TCP scan:

nmap -sC -sV -p- -vvv hostname_here

UDP scan 

nmap -sU -sC -sV -p- -vvv hostname_here
LogoNmap Cheat Sheet and Pro Tips | HackerTarget.comHackerTarget.comchevron-right

Common flags:

  • -p- : Scan all ports

  • -vvv : Maximum verbosity

  • -sV : Service detection

  • -A : Detect all things, including services and OS

  • -sC : Scan using default safe scripts

  • -Pn : Scan a host even if it doesn't respond to pings

  • -6: Scan an IPv6 address

Stealth scans:

LogoArchived content - Nmap tutorialnmap.orgchevron-right

Finding nmap scripts:

hashtag
AutoRecon

Autorecon is a script for automating your network enumeration activities. It can save you a lot of time and make sure you don't forget to enumerate anything you should.

Installation:

Simple usage:

I have customized AutoRecon to my needs. I host my custom AutoRecon plugins herearrow-up-right. When I run AutoRecon, I separately scan for directories using a huge wordlist, and then scan for files with a smaller wordlist and a few manually selected file extensions:

PreviousSQL TruncationNextRPC

Last updated