Reconnaissance

Nmap

Initial scan

nmap -sT -p- <IP> -T4

nmap -sC -sV -sT -p <ports> <IP> -T4

NMAP cheat sheet

Vulnerability Scan

Basic:

nmap -Pn --script vuln <IP>

More:

• Article

Web Directory Discovery

gobuster dir -w <wordlist.txt> -u <url> -x <file_extensions>

Gobuster Cheat Sheet

Vhost Search

ffuf -w <wordlist> -u <url> -H "Host: FUZZ.example.com"

FFUF Cheat Sheet