Mapping the Network

RunFinger.py

Gather information about the Domain name and windows machine running in the network

bash$ cd /usr/share/Responder/tools
bash$ sudo python RunFinger.py -i 192.168.1.1/24

or

bash$ responder-RunFinger

Nbtscan

Scanning IP networks for NetBIOS name information.

bash$ sudo nbtscan -v -s : 192.168.1.0/24

Crackmapexec v 4.0

Scan the network range based on the SMB information

bash$ cme smb 192.168.1.1/24

Nmap scan

Scan all the machine networks and save the outputs.

  • -oA options: Means output with all format
  • -T4: Fast scan

Fast Scan

bash$ nmap -p 1-65535 -sV -sS -T4 -oA output target_IP

Intensive Scan (Note recommended):

bash$ nmap -p 1-65535 -Pn -A -oA output target_IP

Scan with enumeration of the running services version :

  • -sC: default scripts Equivalent to –script=default
  • -sV: Get the service version
bash$ nmap -sC -sV -oA output target

Angry IP scanner

Download the tool from this link: Angry IP Scanner

  • Change the preferences settings

Go to : Preferences -> Ports -> add 80,445,554,21 ,22 in the port selection
Go to : Preferences -> Display -> select Alive Hosts
Go to : Preferences -> Pinging -> select Combained (UDP/TCP)

Comments are closed, but trackbacks and pingbacks are open.

SignupSubscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.

Subscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.