Added More 2

2021-12-15 16:00:50 +00:00 · 2021-12-15 16:00:50 +00:00 · ac1ca41383
commit ac1ca41383
parent 1b90ff351d
1 changed files with 47 additions and 26 deletions
--- a/README.md
+++ b/README.md
@ -3,21 +3,34 @@

 ## Stage 1 - Lay of the Land

-### Scans
+### enumeration

-#### Nmap
+* Passive Recon
+  * Shodan
+  * Wayback Machine
+  * The Harvester
+
+* Active Recon
+  * Nmap
+  * Masscan
+  * Network discovery
+  * RPCClient
+  * Enum4all
+
+* List all the subdirectories and files
+  * Gobuster
+  * Backup File Artifacts Checker
+
+* Web Vulnerabilities
+  * Repository Github
+  * Burp
+  * Web Checklist
+  * Nikto
+  * Payment functionality
+  


-##### Powershell
-```
-nmap -sn -n --disable-arp-ping IP | grep -v "host down"
-```
-sn : Disable port scanning. Host discovery only.
-n : Never do DNS resolution
-
-
-##### Bash
-> Basic Scan
+* Basic Scan
 ```
 sudo nmap -sSV -p- IP -oA nmap/initial -T4
 sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv
@ -27,38 +40,46 @@ sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv
 • -oA OUTPUTFILE tells Nmap to output the findings in its three major formats at once using the filename "OUTPUTFILE"
 • -iL INPUTFILE tells Nmap to use the provided file as inputs

-> This configuration is enough to do a basic check for a CTF VM
+* CTF Scan
 ```
 nmap -sV -sC -oA nmap/initial IP
+
+• -sV : Probe open ports to determine service/version info
+• -sC : to enable the script
+• -oA : to save the results
 ```
-sV : Probe open ports to determine service/version info
-sC : to enable the script
-oA : to save the results
-
 After this quick command you can add "-p-" to run a full scan while you work with the previous result
+```
+nmap -sV -sC -oA -p- nmap/initial IP
+```

-
-
-> Aggressive Nmap
+* Aggressive Nmap
 ```
 nmap -A -T4 scanme.nmap.org
+
 • -A: Enable OS detection, version detection, script scanning, and traceroute
 • -T4: Defines the timing for the task (options are 0-5 and higher is faster)
 ```

-#### Masscan
+* Masscan

 ```bash
 masscan IP -p 1-65535 --rate 100 -oX masscan.xml
 ```

-### enumeration

-#### GoBuster
+* Using DirBuster or GoBuster

-> Dir Mode
-```
-gobuster dir -u URL -w /secondary/wordlists/more-lists/dirb/
+```bash
+  ./gobuster -u http://buffered.io/ -w /secondary/wordlists/more-lists/dirb/ -t 10
+  -u url
+  -w wordlist
+  -t threads
+
+  More subdomain :
+  ./gobuster -m dns -w subdomains.txt -u google.com -i
+
+  gobuster -w wordlist -u URL -r -e /secondary/wordlists/more-lists/dirb/
 ```