Useful quick commands

Useful_commands.txt

#Nmap open ports:
Linux:  grep -i ".*/tcp.*open.*" filename.nmap | cut -d "/" -f1 | sort -u -n | tr "\n" "," | sed 's/,$//'
Windows:  grep -i ".*/tcp.*open.*" filename.nmap | cut -d "/" -f1 | sort2 -u -n | tr -s "\r\n" "," | sed "s/,$//"
Powershell: Select-String -Path .\filename.nmap -Pattern ".*/tcp.*open.*" | Select-Object -ExpandProperty Line | %{$_.Split('/')[0]} | Sort-Object -Unique | %{$_.replace("`r","a")}


#Linux ping check:
for ip in `cat TARGETS.txt`; do data=`ping $ip -c 1 | grep -i "packet loss" | cut -d "," -f3`; echo "$ip,$data"; done


#SSLScans:
for data in `cat targets.txt`; do target=`echo $data | cut -d "," -f1`; port=`echo $data | cut -d "," -f2`; date; echo "[*] Scanning: $target:$port"; sslscan --no-failed --no-colour $target:$port > sslscan-$target-$port; done

For more better output of grep add this:  | sed "s/sslscan-//" | sed "s/-/,/"

#SSLv3 enabled:
grep -i -l "sslv3" sslscan-*

#SSLv2 enabled:
grep -i -l "sslv2" sslscan-*

#Weak/Medium strength ciphers:
grep -i -l " 112 bits" sslscan-*
grep -i -l " 56 bits" sslscan-*
grep -i -l " 40 bits" sslscan-*

#RC4 ciphers:
grep -i -l "RC4" sslscan-*

#CBC ciphers:
grep -i -l "CBC" sslscan-*

#Weak hashing algorithm:
grep -i -l "sha1withrsaencryption" sslscan-*
grep -i -l "md5withrsaencryption" sslscan-*
grep -i -l "dsaencryption" sslscan-*

#SSL certificate details:
grep -i "Subject:" sslscan-*
grep -i "Issuer:" sslscan-*
grep -i -l "Key Strength.*1024" sslscan-*


#HP System Management Homepage Version Detection:
for ip in `cat hp-sys-home-targets.txt`; do dt=`date`; echo "[*] $dt - $ip:2381"; curl -i -s -k "https://$ip:2381/cpqlogin.htm?RedirectUrl=/&RedirectQueryString=" | grep -i smhversion | head -n 1; done


#TCPDump capture:
tcpdump -n -A -i eth0 port 21 and src ip_address or dst ip_address



Plink to forward internal Windows ports:

plink.exe YOUR_KALI_IP -P 22 -l root -pw toor -v -R 9090:127.0.0.1:8080 -T