Port scanning – alternative

Alternative port scanning tools. Portscan with netcat Scans specific IP between tcp port 20 – 65000.

Check open ports outbound from host with Wget Check outbound rules from specific host. If TCP SYN is received on tcpdump the outbound

SMB Enumeration

SMB Enumeration and recon notes. SMB null sessions are unauthenticated sessions against smb shares, and anonymous access to hidden shares is available. Connect and Enumerate Shares



Command Execution via smbclient

Start nc listener from

Monitor bandwidth consumption with iptables

A method to measure how much bandwidth is consumed for e.g. a nmap scan against a specific host can be done with iptables in Linux. Run following to monitor bandwidth to and from

Then run command against host,

SNMP Enumeration

  Scan for SNMP and filter out IP addresses that runs SNMP:

or generate IP hosts with following command :

Run onesixtyone to grab SNMP info on all hosts from input file:

Enumerate installed software on SNMP

Linux Enum

Useful tools and methods to do Linux Enumeration. LinEnum.sh Collect Linux info – exploit suggest and priv escalation https://github.com/rebootuser/LinEnum.git

Linux-smart-enumeration https://github.com/diego-treitos/linux-smart-enumeration

Linuxprivchecker.py https://gist.github.com/sh1n0b1/e2e1a5f63fbec3706123

Linux Exploit Suggester https://github.com/jondonas/linux-exploit-suggester-2 https://github.com/mzet-/linux-exploit-suggester

Linux Soft Exploit Suggester https://github.com/belane/linux-soft-exploit-suggester

pspy Enum

XXE/XML Attack

Malicious DTD Following snippet can be used to get Local File Inclusion or Remote Command Execution on vulnerable XML.