TCP Scan :​nmap -Pn -v -sS -A -T4 XXIPXXXnmap -Pn -sS --stats-every 3m --max-retries 1 --max-scan-delay 20 --defeat-rst-ratelimit -T4 -p1-65535 -oA /root/Documents/XXXX XXIPXXXnmap -sC -sV -vv -oA quick ipnmap -sV -sC -T4 -p- -oA nmap ipnmap -sS -p4555 -sV --reason ipnmap -sS -T4 -sV -oA 00-tcp-top100/top-100 --stats-every 60s --max-retries 3 --defeat-rst-ratelimit --top-ports 100 --script banner --reason solidstate.htbnmap -sS --min-rate 5000 --max-retries 1 -p- ipnmap -sT -p- --min-rate 10000 -oA nmap/alltcp ip
masscan -p1-65535 ip --rate=1000 -e tun0 > portsports=$(cat ports | awk -F " " '{print $4}' | awk -F "/" '{print $1}' | sort -n | tr '\n' ',' | sed 's/,$//')nmap -Pn -sV -sC -p$ports ip
nmap -sC -sV -p- -vv -oA full ipnmap -sT -p- --min-rate 10000 -oA nmap/alltcp ip​
nmap -sU -sV -p- XXIPXXXnmap -Pn --top-ports 1000 -sU --stats-every 3m --max-retries 1 -T3 -oA /root/Documents/XXXX XXIPXXXnmap -sU -sV -vv -oA quick_udp ip
for x in 7000 8000 9000; do nmap -Pn --host_timeout 201 --max-retries 0 -p $x ip; done​
nmap -p445 --script smb-protocols $IPnmap -p445 --script smb-vuln-ms17-010 $IPnmap $IP -sV -Pn -vv -p 139,445 --script=smb-vuln* --script-args=unsafe=1nmap $IP --script=msrpc-enumnmap --script smb-vuln* -p 445 -oA nmap/smb_vulns ipnmap --script vuln -p445 ip​python usermap_script.py ip 445 ip 1234python usermap_script.py ip 139 ip 1234https://github.com/amriunix/CVE-2007-2447
nmap –script ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221,tftp-enum -p 21 $IP
nmap -vv -sV -sU -Pn -p 161,162 --script=snmp-netstat,snmp-processes $IPnmap -sU -p 161 --script /usr/share/nmap/scripts/snmp-win32-users.nse $IPnmap -p 88 --script krb5-enum-users --script-args krb5-enum-users.realm='domain.local',userdb=/usr/share/wordlists/SecLists/Usernames/top_shortlist.txt x.x.x.x
nmap -sV -Pn -vv $IP -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122
nmap --script=oracle-sid-brute $IPnmap --script=oracle-brute $IPtnscmd10g version -h $IP
finger-user-enumfinger-user-enum.pl -U /usr/share/seclist/username/name/name.txt -t​
telnet INSERTIPADDRESS 110USER [username]PASS [password]To list messagesRETR [message number]​telnet ipuser userpass pwRETR 2​
SSH PORT 22
nmap -p22 -n -sV --script ssh2-enum-algos ip