General Enumeration
SSH Version
If the machine allows SSH, then looking at the OpenSSH version will give you an idea of when the machine was last updated.
Also, if the machine was never updated (like in HackTheBox), then you can match the release date of the OpenSSH version to a Linux version. For example, if the machine is an Ubuntu machine, then you can look at which version of Ubuntu was latest when that release of OpenSSH was latest.
Port Scanning
Port scanning is an important part of enumerating the services that are running on a network machine.
Nmap
Normal TCP scan:
UDP scan
Common flags:
-p-
: Scan all ports-vvv
: Maximum verbosity-sV
: Service detection-A
: Detect all things, including services and OS-sC
: Scan using default safe scripts-Pn
: Scan a host even if it doesn't respond to pings-6
: Scan an IPv6 address
Stealth scans:
Finding nmap scripts:
AutoRecon
Autorecon is a script for automating your network enumeration activities. It can save you a lot of time and make sure you don't forget to enumerate anything you should.
Installation:
Simple usage:
I have customized AutoRecon to my needs. I host my custom AutoRecon plugins here. When I run AutoRecon, I separately scan for directories using a huge wordlist, and then scan for files with a smaller wordlist and a few manually selected file extensions:
Last updated