Recon General Notes - TheGetch/Penetration-Testing-Methodology GitHub Wiki

Recon General Notes

"PCAP IT OR IT DIDNT HAPPEN...its up to you if you need to"

tcpdump:

  • tcpdump -i eth0
  • tcpdump -c -i eth0
  • tcpdump -A -i eth0
  • tcpdump -w 0001.pcap -i eth0
  • tcpdump -r 0001.pcap
  • tcpdump -n -i eth0
  • tcpdump -i eth0 port 22
  • tcpdump -i eth0 -src 172.21.10.X
  • tcpdump -i eth0 -dst 172.21.10.X

Other tools:

Tshark (Command Line Wireshark) Wireshark

Host Scanning

DNSRecon:

  • dnsrecon -d www.example.com -a
  • dnsrecon -d www.example.com -t axfr
  • dnsrecon -d <startIP-endIP>
  • dnsrecon -d www.example.com -D <namelist> -t brt

Dig:

  • dig www.example.com + short
  • dig www.example.com MX
  • dig www.example.com NS
  • dig www.example.com> SOA
  • dig www.example.com ANY +noall +answer
  • dig -x www.example.com
  • dig -4 www.example.com (For IPv4)
  • dig -6 www.example.com (For IPv6)
  • dig www.example.com mx +noall +answer example.com ns +noall +answer
  • dig -t AXFR www.example.com

Sublis3r:

  • Sublist3r -d www.example.com
  • Sublist3r -v -d www.example.com -p 80,443

OWASP AMASS:

  • amass enum -d www.example.com
  • amass intel -whois -d www.example.com
  • amass intel -active 172.21.0.0-64 -p 80,443,8080,8443
  • amass intel -ipv4 -whois -d www.example.com
  • amass intel -ipv6 -whois -d www.example.com
⚠️ **GitHub.com Fallback** ⚠️