πŸ₯·
Red
  • πŸŸ₯Overview
  • πŸ“šEducation
    • 🧐Guides
    • πŸ‹οΈTraining
    • πŸ“•Books
    • πŸ₯³Conventions
    • πŸ“°News
    • πŸ—οΈPhysical Tools
    • πŸ—£οΈPodcasts
    • πŸ“ΉYT Channels
  • Setup
    • ctf setup
    • Exploitation Frameworks
    • Learning Offense
    • rando
  • β­•Attacker Lifecycle
    • Steps
      • Engagement
      • πŸ”¬Recon
        • OSINT
        • Active Recon / footprinting
      • πŸ‘€Initial Access
        • Exploit
          • SMB
        • Internal Recon
        • Linux Custom Enum Script
        • enumerate Script
        • Windows Privilege Escalation
      • 🧞Privilege Escalation
        • Ways To Privelege Escalate
      • Data Exfil
        • Data Exfil 1
      • Reporting
  • Bug Bounty
    • Bug Bounty Sites
    • OWASP Top 10
      • Injection
      • Broken Authentication
      • Sensitive Data Exposure
      • XML External Entities (XXE)
      • Broken Access Control
      • Security Misconfigurations
      • Cross-Site Scripting (XSS)
      • Insecure Deserialization
      • Using Components with Known Vulnerabilities
      • Insufficient Logging and Monitoring
Powered by GitBook
On this page
  1. Attacker Lifecycle
  2. Steps
  3. Recon

Active Recon / footprinting

PreviousOSINTNextInitial Access

Last updated 1 year ago

Active Recon

nmap

nping

metasploit nmap

unicornscan

netcat

rustscan

netdiscover

dmitry

hping3

massscan

enum4linux

------------SNMP------------

onsixtyone

snmpwalk

NULL SESSIONs

rpcclient

net use

SMB---------------------------------------

nbtscan

smbclient

nmblookup

CISCO -----------------------------------

CGE

CISCO-TORCH

WEB--------------------------------------

WFUZZ

DIRB

Gobuster

metasploit

dirsearch

wpscan

recon-ng

lynis

skipfish

oscanner

sidguess (oracle)

nikto

golismero

WIFI-------------------------------

Pyrit

reaver

cowpatty

airmon

kismet

β­•
πŸ”¬
LogoGitHub - laramies/theHarvester: E-mails, subdomains and names Harvester - OSINTGitHub
Logodmitry | Kali Linux ToolsKali Linux
LogoHow to use BIND’s Domain Information Groper (dig) ToolDyn Help Center
LogoGitHub - fwaeytens/dnsenum: dnsenum is a perl script that enumerates DNS informationGitHub
LogoGitHub - alsotang/nslookupGitHub
Logodnsrecon | Kali Linux ToolsKali Linux
LogoGitHub - Porchetta-Industries/CrackMapExec: A swiss army knife for pentesting networksGitHub
LogoGitHub - jpillora/chisel: A fast TCP/UDP tunnel over HTTPGitHub
LogoGitHub - cddmp/enum4linux-ng: A next generation version of enum4linux (a Windows/Samba enumeration tool) with additional features like JSON/YAML export. Aimed for security professionals and CTF players.GitHub
LogoGitHub - ffuf/ffuf: Fast web fuzzer written in GoGitHub
LogoGitHub - rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation ChecksGitHub
LogoGitHub - carlospolop/PEASS-ng: PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)GitHub