alexandercastillo1 · August 10, 2018 20:37
diff --git a/PortScanThatWorks.txt b/PortScanThatWorks.txt
 Finding Hosts
 nmap -v -sn X.X.X.X -oG /root/Desktop/hosts.txt
 grep Up /root/Desktop/hosts.txt | cut -d " " -f 2

 Scan
 unicornscan -i tap0 -mU X.X.X.X:1-65535 | tee /root/Desktop/victim/udp.txt 
 unicornscan -i tap0 X.X.X.X:1-65535 | tee /root/Desktop/victim/tcp.txt 
 nmap -A -sV -vvvvv -Pn X.X.X.X -oX /root/Desktop/victim/nmapports.xml -oN /root/Desktop/victim/nmapports.txt
 nmap  -A -sV -v3 -O -Pn -pU:x,xx,xxx,T:x,xx,xxx --script vuln X.X.X.X -oX /root/Desktop/victim/nmapvulns.xml -oN /root/Desktop/victim/nmapvulns.txt

 Upload xml nmap to Searchsploit
 searchsploit -v -nmap /root/Desktop/victim/nmapvulns.xml

 Connect to every single service using ncat or telnet trying to find anonymous access to ftp or open access to SSH

 Identify HTTP ports with amap
 amap -bqv victimip x xx xxx xxxx | tee /root/Desktop/victim/amap.txt
	Finding Hosts
	nmap -v -sn X.X.X.X -oG /root/Desktop/hosts.txt
	grep Up /root/Desktop/hosts.txt \| cut -d " " -f 2

	Scan
	unicornscan -i tap0 -mU X.X.X.X:1-65535 \| tee /root/Desktop/victim/udp.txt
	unicornscan -i tap0 X.X.X.X:1-65535 \| tee /root/Desktop/victim/tcp.txt
	nmap -A -sV -vvvvv -Pn X.X.X.X -oX /root/Desktop/victim/nmapports.xml -oN /root/Desktop/victim/nmapports.txt
	nmap -A -sV -v3 -O -Pn -pU:x,xx,xxx,T:x,xx,xxx --script vuln X.X.X.X -oX /root/Desktop/victim/nmapvulns.xml -oN /root/Desktop/victim/nmapvulns.txt

	Upload xml nmap to Searchsploit
	searchsploit -v -nmap /root/Desktop/victim/nmapvulns.xml

	Connect to every single service using ncat or telnet trying to find anonymous access to ftp or open access to SSH

	Identify HTTP ports with amap
	amap -bqv victimip x xx xxx xxxx \| tee /root/Desktop/victim/amap.txt