Scribd
Upload
34 views

Linux Cheatsheet

This document provides a cheat sheet for network reconnaissance using Nmap. It summarizes the main Nmap syntax including target specification, scan types, output options, and scripting options. Additional sections cover DNS enumeration, service enumeration techniques using tools like Nmap, SNMPwalk, and nc. The cheat sheet is intended to serve as a quick reference for common Nmap commands and reconnaissance techniques.

Uploaded by

rjkojas
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
34 views

Linux Cheatsheet

This document provides a cheat sheet for network reconnaissance using Nmap. It summarizes the main Nmap syntax including target specification, scan types, output options, and scripting options. Additional sections cover DNS enumeration, service enumeration techniques using tools like Nmap, SNMPwalk, and nc. The cheat sheet is intended to serve as a quick reference for common Nmap commands and reconnaissance techniques.

Uploaded by

rjkojas
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Network Recon Cheat Sheet

by coffeefueled via cheatography.com/25996/cs/7096/

Nmap Base Syntax Scan Options (cont) Output Options

# nmap [Scan Type] [Options] UDP Scan -v|vv​|vvv verbosity


{targets} UDP
-sU -d<0-​9> debugging

SCTP Scan Types --reason explain port and host


Target Specif​ication
states
-sY INIT
Single IPv4: 192.1​68.1.1 File Outputs
-sZ COOKIE ECHO
Single IPv6: AAAA::FF -oN <fi​le> normal
Protocol Scan
FQDN: host.l​ocal oX <fi​le> XML
-sO IP Protocol Scan
IPv4 Range: 192.1​68.1.2​7-78 -oS <fi​le> script kiddie

CIDR Block: 192.1​68.1.0/16 -p - Port Options -oG <fi​le> grepable

File: -iL target​s.txt Exclude ports -oA all

--exclude ports <port ranges​> <ba​sen​ame​>


Host Discovery Options
Protocol specif​ication
-sL list hosts and reverse DNS Scripting Engine Options
T21-25 - TCP ports 21 to 25
-sn discovery probes only U53,111,137 - UDP ports 53, 111, 137 Use default scripts

-Pn skip discovery stage S22 - SCTP port 22 -sC

P - IP Protocol --script=default
-n disable reverse DNS resolution
Fast port scan Run scripts (indiv​idual or list)
-R force reverse DNS resolution
-F - scan top 100 ports (default 1000) --script
--dns-servers <list>
<filename> - script filename
Sequential port scan
<category> - category of scripts
Scan Options -r - sequential scan (default random)
<directory> - scripts in directory
TCP Scan Types Ports in nmap-s​ervices file <expression> - boolean expression

-sS SYN [1-65​535] - ports in nmap-services [,...] - continue comma separated list

-sT Connect --port-ratio - ports with greater ratio Script arguments


--top-ports <n> - n highest ratio
-sN NULL --script-args
<n1>=<v1>
-sF FIN
-o - OS Detection Options <n2>={<n3>=<v3>}
-sX Xmas (FIN, PSH, URG)
--oss​can​-limit only live machines <n4>={<v4>,<v5>}
-sA ACK
--fuzzy low-pr​oba​bility guesses Load script args from a file
-sW Window
--scr​ipt​-ar​gs-file <fi​len​ame​>
-sM FIN/ACK
Debug inform​ation
-sI <zombie use zombie
--scr​ipt​-trace
host>
Update script database
--sca​nflags URG/A​CK/​PSH​/RS​T/S​Y
--scr​ipt​-up​datedb
[flags] N/FIN

By coffeefueled Published 11th February, 2016. Sponsored by Readability-Score.com


cheatography.com/coffeefueled/ Last updated 13th May, 2016. Measure your website readability!
Page 1 of 2. https://readability-score.com
Network Recon Cheat Sheet
by coffeefueled via cheatography.com/25996/cs/7096/

-sV - Version Detection Options DNS Enumer​ation Service Enumer​ation (cont)

send less common probes (default 7) dnsr​econ ​ ​ ​ -a all simple


enumer​ation
--version intensity <0-​9> --domain domain to target
​ ​ ​ -u user -p authen​ticated
light version scanning (intensity 2) --range IP range for reverse
pass
lookup
--version light
--nam​e_s​erver DNS server SMTP TCP 25, 110
full version scanning (intensity 9)
--dic​tionary dictionary of targets nc -nv <ad​dre​ss> 25
--ver​sio​n-all
<fi​le> ​ ​ ​ ​VRFY verify address
debug inform​ation
--type type of enumeration ​ ​ ​ ​EXPN query mail list
--ver​sio​n-t​race
std standard
SNMP UDP 161
Google sub-
goo
Miscel​laneous Options domains one​six​tyo​ne
axfr
test for zone
tld ​ ​ ​ -c <fi​le> community strings
-6 IPv6 transfers
test against IANA ​ ​ ​ -i <fi​le> targets
-A Aggressive -O -sV -sC --
TLDs ​ ​ ​ -o <fi​le> output file
trac​ero​ute
-w deep whois analysis
snm​pwalk [opt] agent [OID]
-T Timing options
slowest scan --csv export to CSV
paranoid|0 ​ ​ ​ -c <st​rin​g> community string
sneaky|1 slower scan dnsenum
​ ​ ​ ​-v​{1|​2c|3} version
slow scan
polite|2 --dns​server target dns server
default snmpcheck enumer​ation tool
normal|3 <se​rve​r>
faster scan -t <address> target
aggressive|4 fastest scan community string
--subfile output file -c
insane|5 detect write access
<fi​le> -w
Runtime Commands
SQL TCP 1433,3306
v|V +|- verbosity Service Enumer​ation
sql​map
d|D +|- debugging Useful command lines
​ ​ ​ ​--​url​="ur​l" target
p|P on|off packet tracing nmap -v -p <po​rts> -oG <fi​le>
​ ​ ​ ​--​dbm​s=<​DBM​S> force dbms
<ad​dress range>
​ ​ ​ -a retrieve all
ls -l
/usr/s​har​e/n​map​/sc​rip​ts/​<pr​oto​col​>* ​ ​ ​ ​--​dump dump data

SMB TCP 139,445 ​ ​ ​ ​--​os-​shell retrieve shell

nbt​scan ​ ​ ​ ​--​crawl crawl site


<de​pth​>
​ ​ ​ -r use port 137

​ ​ ​ ​<a​ddress range> targets

enu​m4l​inux

By coffeefueled Published 11th February, 2016. Sponsored by Readability-Score.com


cheatography.com/coffeefueled/ Last updated 13th May, 2016. Measure your website readability!
Page 2 of 2. https://readability-score.com

You might also like