Passive Reconnaissance
Using Whois Lookup
whois example.comChecking DNS Records
dig example.com ANYActive Reconnaissance with Nmap
Discovering Live Hosts in a Network
nmap -sn 192.168.1.0/24Detecting Firewalls and IDS
nmap -sA 192.168.1.1Evading IDS/IPS with Fragmentation
nmap -f 192.168.1.1Spoofing the Source IP
nmap -S 192.168.1.100 192.168.1.1Using Decoy Scans
nmap -D RND:10 192.168.1.1Exploiting Open Ports and Vulnerabilities
Checking for Vulnerabilities with Nmap Scripts (NSE)
nmap --script=vuln 192.168.1.1Enumerating SMB Shares on Windows
nmap --script=smb-enum-shares -p 445 192.168.1.1Brute Force Attack on SSH
nmap --script=ssh-brute -p 22 192.168.1.1