Scanning Port

Fastest way:

Make sure that the rustscan tool is installed.

First, create a .txt file that lists all the IP addresses you want to scan. Then, run the command below in Kali Linux.

For TCP:

sudo rustscan -a $ip --range 1-65535 -- -sV -sC --open -oN nmap_tcp.txt

xargs -a ips.txt -I {} sudo rustscan -a {} --range 1-65535 -- -sV -sC --open -oN nmap_tcp_{}.txt

Sometimes rustscan may give false results. So, Use Nmap tool.

nmap --min-rate 4500 --max-rtt-timeout 1500ms $ip -p- 
nmap --min-rate 4500 --max-rtt-timeout 1500ms $ip -p- -sV -sC --open

For UDP:

sudo rustscan -a $ip --udp --range 1-65535 -- -sU --open -oN nmap_udp.txt

xargs -a my_target.txt -I {} sudo rustscan -a {} --udp --range 1-65535 --ulimit 5000 -- -sU -p- -oN nmap_udp_{}.txt

--udp Tells that it is scanning for UDP Port to rustscaner.

If you see DATABASE in Nmap result then there can be possibility of SQLi

-Pn To skip host discovery.

If Nmap is not there !!!

If there is no Nmap available inside the internal network, but you want to find the open ports, you can try the command below:

Using Nmap with a proxy chain and its slow !!!

You can try the below command if you are trying to run Nmap through a proxy.

If you prefer not to use a proxy chain due to its slowness, consider trying the ligolo-ng tool.

Logoligolo-ng for pivoting, Reverse shell and file transfer | Tools | Tips To Securehacking.tipstosecure.com
Guide on how to use it.

Want to make list of all ip address available in a subnet ??

This will save all the avaialble IP Address in targets.txt file

Sometimes not works !! try netexec

DNS Enumeration

LogoDNSenum: A command-line Information Gathering ToolMedium
Command for DNSenum

NextSMB Enumeration

Last updated