Basic Start - Run in Parallel¶

While nmap is running, execute these scans in parallel.

Directory Brute Force¶

# Using gobuster
gobuster dir -u http://10.129.34.145 -w /usr/share/wordlists/dirb/common.txt

# Or feroxbuster (recursive)
feroxbuster -u http://10.129.34.145

Subdomain Enumeration¶

gobuster vhost -u http://10.129.34.145 -w /usr/share/wordlists/SecLists/Discovery/DNS/subdomains-top1million-5000.txt

Check Ports Manually¶

Web Servers¶

curl -I http://10.129.34.145
curl -I https://10.129.34.145

FTP¶

nc -zv 10.129.34.145 21

nc 10.129.34.145 22

SMB¶

smbclient -L 10.129.34.145 -N

Vulnerability Scanning¶

Nikto (if web)¶

nikto -h http://10.129.34.145

Nuclei¶

nuclei -u http://10.129.34.145

Check Nmap Progress¶

Let it run in background, check partial results.

Search Exploits¶

# Search exploits for services you know exist
searchsploit apache 2.4

Screenshot Tools¶

Eyewitness¶

eyewitness --web --single http://10.129.34.145

Manual Browse¶

firefox http://10.129.34.145

Check UDP Ports¶

# Common UDP ports
sudo nmap -sU --top-ports 20 10.129.34.145

Network Analysis¶

Check Route¶

traceroute 10.129.34.145

Check What's Actually Responding¶

hping3 -S 10.129.34.145 -p 80

Basic Start - Run in Parallel¶

Directory Brute Force¶

Subdomain Enumeration¶

Check Ports Manually¶

Web Servers¶

FTP¶

SSH Banner¶

SMB¶

Vulnerability Scanning¶

Nikto (if web)¶

Nuclei¶

Check Nmap Progress¶

Search Exploits¶

Screenshot Tools¶

Eyewitness¶

Manual Browse¶

Check UDP Ports¶

Network Analysis¶

Check Route¶

Check What's Actually Responding¶