-f: fragment packets — bypass simple packet filter firewalls -sV: get versions of services running on target -O: detect operating system on target --reason: display why a port is in a particular state -p <port ranges>: only scan specified ports -v: enable verbosity
Script Scan
-sC: equivalent to --script=default --script=<Lua scripts>: comma-separated list of directories, script-files or script-categories
Examples: --script=vulners: detect CVEs with exploits (based on banners) --script=http-php-version: identify PHP version --script=smb-*: SMB enumeration and brute forcing
NETCAT
Networking utility that reads and writes data from the command line. Useful when you need to minimize your footprint on a system.
Command Syntax
nc [options] <host> <port>
Host Discovery
-u: UDP scanning -z: zero mode I/O — report connection status without establishing a connection
Banner Grabbing
nc -v www.example.com 80
METASPLOIT
Exploit framework used to modularize exploits and payloads.
Command Syntax
msfconsole [Options]
Basic Commands
db_connect: connect to the database db_nmap: run Nmap scan and import data directly into the database db_import: import external results into the database hosts: list all hosts in the database services: show open ports and services on identified hosts
WORK IN PROGRESS
More tools and techniques coming soon — this cheatsheet is actively updated.
