Added netdiscover

README.md

@@ -5,11 +5,6 @@
 
 ### enumeration
 
-* Passive Recon
-  * Shodan
-  * Wayback Machine
-  * The Harvester
-
 * Active Recon
   * Nmap
   * Masscan
@@ -17,6 +12,11 @@
   * RPCClient
   * Enum4all
 
+* Passive Recon
+  * Shodan
+  * Wayback Machine
+  * The Harvester
+
 * List all the subdirectories and files
   * Gobuster
   * Backup File Artifacts Checker
@@ -30,46 +30,49 @@
   
 
 
-* Basic Scan
-```
-sudo nmap -sSV -p- IP -oA nmap/initial -T4
-sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv
-```
-  * -sSV defines the type of packet to send to the server and tells Nmap to try and determine any service on open ports
-  * -p- tells Nmap to check all 65,535 ports (by default it will only check the most popular 1,000)
-  * -oA OUTPUTFILE tells Nmap to output the findings in its three major formats at once using the filename "OUTPUTFILE"
-  * -iL INPUTFILE tells Nmap to use the provided file as inputs
+##### Nmap
 
-
-* CTF Scan
 ```
 nmap -sV -sC -oA nmap/basic IP
-```
-  * -sV : Probe open ports to determine service/version info
-  * -sC : to enable the script
-  * -oA : to save the results
 
-After this quick command you can add "-p-" to run a full scan while you work with the previous result
-```
-nmap -sV -sC -oA -p- nmap/initial IP
+nmap [Scan Type] [Options] {target specification}
 ```
 
-* Aggressive Nmap
-```
-nmap -A -T4 scanme.nmap.org
-```
-  * -A: Enable OS detection, version detection, script scanning, and traceroute
-  * -T4: Defines the timing for the task (options are 0-5 and higher is faster)
+* HOST DISCOVERY:
+ - -sL: List Scan - simply list targets to scan
+ - -sn/-sP: Ping Scan - disable port scan
+ - -Pn: Treat all hosts as online -- skip host discovery
 
+* SCAN TECHNIQUES:
+ - -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans
+ - -sU: UDP Scan -sN/sF/sX: TCP Null, FIN, and Xmas scans
 
-* Masscan
+* PORT SPECIFICATION:
+ - -p : Only scan specified ports
+ - Ex: -p22; -p1-65535; -p U:53,111,137,T:21-25,80,139,8080,S:9
+
+* SERVICE/VERSION DETECTION:
+-sV: Probe open ports to determine service/version info
+
+* OUTPUT:
+-oN/-oX/-oS/-oG : Output scan in normal, XML,Output in the three major formats at once
+-v: Increase verbosity level (use -vv or more for greater effect)
+
+* MISC: -6: Enable IPv6 scanning -A: Enable OS detection, version detection, script scanning, and traceroute
+
+##### Masscan
 
 ```bash
 masscan IP -p 1-65535 --rate 100 -oX masscan.xml
 ```
 
+##### Netdiscover
 
-* Using DirBuster or GoBuster
+````
+netdiscover -i <INTERFACE>
+```
+
+#####  DirBuster / GoBuster
 
 ```bash
   ./gobuster -u http://buffered.io/ -w /secondary/wordlists/more-lists/dirb/ -t 10
@@ -328,6 +331,7 @@ This is the most popular method for spawnings a tty shell. The target server sho
  | * From within vi:  | :!bash , :set shell=/bin/bash:shell |
  | * From within nmap:  |   !sh  |
  
+ - To make the Shell Usable:
 ```
 Ctrl+Z
 stty raw -echo
@@ -335,7 +339,7 @@ fg
 export TERM=xterm
 ```
 
-## Stage 3
+## Stage 3 - Post Exploitation 
 
 ### Lets Have a Look Around
 
@@ -348,12 +352,14 @@ export TERM=xterm
 |Windows x86 | https://github.com/carlospolop/PEASS-ng/raw/master/winPEAS/winPEASexe/binaries/x86/Release/winPEASx86.exe |
 
 * GTFObins
+
 > https://gtfobins.github.io/
 
+
 * Linux Tools
 |   | Command|
 |---|--------|
-| SUID   | find / -type f -user root -perm -4000 2>/dev/null|
+| SUID   | find / -type f -user root -perm -4000 2>/dev/null |