search

Scanning Port

hashtag
Fastest way:

circle-info

Make sure that the rustscan tool is installed.

circle-info

First, create a .txt file that lists all the IP addresses you want to scan. Then, run the command below in Kali Linux.

For TCP:

sudo rustscan -a $ip --range 1-65535 -- -sV -sC --open -oN nmap_tcp.txt

xargs -a ips.txt -I {} sudo rustscan -a {} --range 1-65535 -- -sV -sC --open -oN nmap_tcp_{}.txt
triangle-exclamation

Sometimes rustscan may give false results. So, Use Nmap tool.

nmap --min-rate 4500 --max-rtt-timeout 1500ms $ip -p- 
nmap --min-rate 4500 --max-rtt-timeout 1500ms $ip -p- -sV -sC --open

For UDP:

sudo rustscan -a $ip --udp --range 1-65535 -- -sU --open -oN nmap_udp.txt

xargs -a my_target.txt -I {} sudo rustscan -a {} --udp --range 1-65535 --ulimit 5000 -- -sU -p- -oN nmap_udp_{}.txt

--udp Tells that it is scanning for UDP Port to rustscaner.

triangle-exclamation

If you see DATABASE in Nmap result then there can be possibility of SQLi

-Pn To skip host discovery.

hashtag
If Nmap is not there !!!

If there is no Nmap available inside the internal network, but you want to find the open ports, you can try the command below:

hashtag
Using Nmap with a proxy chain and its slow !!!

You can try the below command if you are trying to run Nmap through a proxy.

hashtag
If you prefer not to use a proxy chain due to its slowness, consider trying the ligolo-ng tool.

Logoligolo-ng for pivoting, Reverse shell and file transfer | Tools | Tips To Securehacking.tipstosecure.comchevron-right
Guide on how to use it.

hashtag
Want to make list of all ip address available in a subnet ??

This will save all the avaialble IP Address in targets.txt file

triangle-exclamation

Sometimes not works !! try netexec

hashtag
DNS Enumeration

LogoDNSenum: A command-line Information Gathering ToolMediumchevron-right
Command for DNSenum

NextSMB Enumeration

Last updated