my recon cheat-sheet

Itis always under development...because I will daily add something to it as I learn..

=================AutoRecon : 
>>> python3 autorecon.py -ct 4 -cs 10 $IP
>>> python3 autorecon.py $IP

=================Nmap Automator : 
>>> ./nmapAutomator.sh $IP All  

=================onetwopunch : 
>>> /onetwopunch.sh -t targets.txt -p all -n "-sV -O --version-intensity=9" 

=================reconnoitre : 
>>> reconnoitre -t $IP -o /root/machine/  --services
>>> reconnoitre -t ip --services --quick -o /root/machine/
>>> reconnoitre -t ip -o /root/machine/

=================nikto : 
>>> nikto -host $IP
>>> nikto -h $IP

=================For port knocking : 
>>> for x in 7000 8000 9000; do nmap -Pn --host_timeout 201 --max-retries 0 -p $x $IP; done

=================<<SNMP>>=============================
=====SNMP-Check : 
>>> snmp-check $IP
>>> snmpcheck -t $IP -c public

=====onesixtyone : 
>>> onesixtyone -c names -i hosts

=====SNMPWALK : 
>>> snmpwalk -c public -v1 $IP

=====SNMPENUM : 
>>> perl snmpenum.pl $IP public windows.txt

=====NMAP SCRIPTS : 
>>> nmap -p 88 --script krb5-enum-users --script-args krb5-enum-users.realm='domain.local',userdb=/usr/share/wordlists/SecLists/Usernames/top_shortlist.txt $IP
>>> nmap -vv -sV -sU -Pn -p 161,162 --script=snmp-netstat,snmp-processes $IP
>>> nmap -sU -p 161 --script /usr/share/nmap/scripts/snmp-win32-users.nse $IP

==============================================================================


===============================Web Fuzzing=====================
=================[Gobuster]==============
======export URL : 
>>> export URL="https://example.com/"                                                                      

======Bust Directories : 
>>> gobuster dir -u $URL -w /opt/secLists/Discovery/Web-Content/raft-medium-directories.txt -k -t 30

======Bust Files : 
>>> gobuster dir -u $URL -w /opt/SecLists/Discovery/Web-Content/raft-medium-files.txt -k -t 30

======Bust DNS : 
>>> gobuster dns -d someDomain.com -w /opt/SecLists/Discovery/DNS/subdomains-top1million-110000.txt -t 30

=================[WFUZZ]=================
======export URL : 
>>> export URL="https://example.com/FUZZ"																			['/' at the end for directories ]

======Bust Directories :
>>> wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-medium-directories.txt --hc 404 "$URL"

======Bust Files :
>>> wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/raft-medium-files.txt --hc 404 "$URL"

======AUTHENTICATED FUZZING ( e.g. ):
>>> wfuzz -c -b "<SESSIONVARIABLE>=<SESSIONVALUE>" -z file,/opt/SecLists/Discovery/Web-Content/raft-medium-files.txt --hc 404 "$URL"

======FUZZ DATA AND CHECK FOR PARAMETERS :
>>> export URL="https://example.com/?parameter=FUZZ
--> and/or some combination of...
>>> export URL="https://example.com/?FUZZ=data
>>> wfuzz -c -z file,/opt/SecLists/Discovery/Web-Content/burp-parameter-names.txt "$URL"

======Can I FUZZ Post Data??? :  
--> Yup.
--> Example of Command Injection POST Checks:
>>> wfuzz -c -z file,/usr/share/wordlists/Fuzzing/command-injection.txt -d "postParameter=FUZZ" "$URL"

=================================================================

====================For The Web By The Web : 
>>> cewl http://example.com/
>>> cewl -d 2 -m 5 -w thatsCewl.txt https://exampledomain.com/
>>> cewl http://example.com --depth=4 --write=output.txt

===================WafW00F : 
>>> wafw00f -i websites.txt
>>> wafw00f -a $URL

============================Curl Time===============================
=====Check HTTP options:
>>> curl -v -k -X OPTIONS $URL
 
=====If put enabled, upload:
>>> curl -v -X PUT -d '' http://$IP/test/shell.php

================================================================

===================Arjun : 
Link :  https://github.com/s0md3v/Arjun
>>> python3 arjun.py -u https://url.com --get 
>>> python3 arjun.py -u https://url.com --post

===================ReconDog : 
Link : https://github.com/s0md3v/ReconDog
>>> python ./dog.py
Previousbrute forcing the web NextComman
Last updated 2 years ago