NMap
Nmap is one of the most feature rich scanning tools which perform both host discovery (determine if the system is alive) and port-scanning (determine which services are running or listening) functionality.
Command Syntax
nmap [Scan Type(s)] [Options] <target>
Host Discovery
-sn: Ping scan (no-port scan) - Sends an icmp echo request;
-PE/PP/PM: ICMP echo, timestamp, and netmask request discovery probes.
Scan Techniques
-sT: TCP Connect scan;
-sS: TCP SYN scan; (half open)
-sU: UDP scan;
-sA: ACK scan;
Options
-f: fragment packets - to bypass simple packet filter firewall;
-sV: get the versions of services running on the target machine;
-O: detect the operating system on the target machine;
--reason: display the reason a port is in a particular state;
-p <port ranges>: Only scan specified ports;
-v: Enable verbosity;
Script Scan
-sC: equivalent to --script=default;
--script=<Lua scripts>: <Lua scripts> is a comma separated list of
directories, script-files or script-categories;
Examples:
--script=-vulners: detect CVEs, with exploits (based on banners);
--script=-http-php-version:identify PHP version;
--script=-smb-*:various SMB enumeration and brute forcing;
Netcat
Netcat is a networking utility which reads and write data from the command line. It has TCP and UDP port-scanning capabilities
which are useful in some scenario when you need to minimize your footprint on a system.
Command Syntax
nc [options] <host> <port>
Host Discovery
-u: UDP scanning;
-z: zero mode I/O - Report connection status without estabilish a connection;
Banner Grabbing
nc -v www.example.com 80
Metasploit
Metasploit is an exploit framework used to modularize exploits and payloads.
Command Syntax
msfconsole [Options]
Basic Commands
db_connect: connect to the database;
db_nmap: allows you ro run Nmap scan and import data directly into the database;
db_import: import external result into the database;
host: list all hosts in the database;
services: show all available open port and services on the identified hosts;
