logo

PenTest Hub

Your Ultimate Pentesting Arsenal

Pentesting Cheatsheets

40
Total Commands
9
Categories
0
Favorites
32
Tools

Categories

Filter

Nmap
scanning
reconnaissance
tcp
Basic TCP SYN scan with version and OS detection
Requires root privileges for SYN scan and OS detection
Command:
nmap -sS -sV -O {target}
Example:
nmap -sS -sV -O 192.168.1.1
Parameters:
5 params
-sS

TCP SYN scan (stealth scan)

Default: enabled

-sV

Version detection

-O

OS detection

-p

Port specification

specific ports: 80,443,8080
port ranges: 1-1000
all ports: -p-
-T

Timing template (0-5)

Default: 3

0 (paranoid)
1 (sneaky)
2 (polite)
3 (normal)
4 (aggressive)
5 (insane)
Nmap
udp
scanning
ports
UDP scan on top 1000 ports
UDP scans are slower than TCP scans
Command:
nmap -sU --top-ports 1000 {target}
Example:
nmap -sU --top-ports 1000 192.168.1.0/24
Parameters:
3 params
-sU
required

UDP scan

--top-ports

Scan top N most common ports

Default: 1000

100
1000
5000
-T

Timing template

Default: 3

0
1
2
3
4
5
Nmap
vulnerability
scripts
detection
Run vulnerability detection scripts
Command:
nmap --script vuln {target}
Example:
nmap --script vuln 192.168.1.100
Parameters:
3 params
--script
required

NSE script categories or specific scripts

vuln
default
discovery
safe
intrusive
auth
broadcast
-sV

Version detection (recommended with scripts)

--script-args

Arguments to pass to scripts

Masscan
fast
scanning
ports
Fast port scan with Masscan
Command:
masscan -p1-65535 {target} --rate=1000
Example:
masscan -p1-65535 192.168.1.0/24 --rate=1000
Parameters:
3 params
-p
required

Port range to scan

1-65535
1-1000
80,443,8080
--rate

Packets per second

Default: 1000

100
1000
10000
--banners

Grab banners from services

Netcat
banner
grabbing
reconnaissance
Banner grabbing with Netcat
Command:
nc -nv {target} {port}
Example:
nc -nv 192.168.1.100 80
Parameters:
3 params
-n

Do not resolve hostnames

Default: enabled

-v

Verbose output

Default: enabled

-w

Timeout for connections

1
5
10