-
Nmap has it’s own scripting language with which complex or recurring tasks can be automatized. See the manpage. And share/nmap/scripts. Vulnerability scan # nmap -sV -T5 -F $victim --script vuln | tee nmap-vuln.txt Better vulnerability scans (thanks to this source) cd /usr/share/nmap/scripts/vulscan/utilities/updater/ && ./updateFiles.sh nmap --script nmap-vulners -sV -sC -p22 $victim nmap --script vulscan -sV…
-
Brute force is possible with nmap: # nmap --script vnc-brute -p 5900 localhost For TightVNC, use vncpwd to break passwords. A password can be obtained via reg query HKLM\Software\TightVNC\Server\ /v Password
-
General notes NC / Netcat Try netcat first on interesting ports or narrow port ranges to be more silent Network scan Choose a port which is probably open on systems on this network. E.g. 445 for Windows hosts or 22 for Linux hosts. for i in $(seq 1 254); do nc -zv -w 1 10.10.10.$i 445;…