👾
Rootkid - Cyber Journal
Portfolio
  • 👩‍🚀Introduction
    • 🤖About Cyber Journal & Rootkid
    • 📜License Agreement
    • ⚠️Disclaimer
  • 📚Exam Prep Notes
    • 🗒️KLCP Exam (PEN-103) - Notes
      • 1. Linux Fundamentals
      • 2. Introduction
      • 3. About Kali Linux
      • 4. Getting Started with Kali Linux
      • 5. Installing Kali Linux
      • 6. Configuring Kali Linux
      • 7. Helping Yourself and Getting Help
      • 8. Securing and Monitoring Kali Linux
      • 9. Debian Package Management
      • 10. Advanced Usage
      • 11. Kali Linux in the Enterprise
      • 12. Introduction to Security Assessments
      • 13. Conclusion: The Road Ahead
    • 📒ISO/IEC 27001:2022 Lead Auditor - Notes
      • ISO - Training - Day - 1
      • ISO - Training - Day - 2
      • ISO - Training - Day - 3
      • ISO - Training - Day - 4
      • Practice Questions - Notes
      • Other PDF References
    • 📑Junior Penetration Tester (eJPTv2) - Notes
      • 💡Assessment Methodologies
        • 🔍Information Gathering
          • 🌏Passive Information Gathering
          • 🧐Active Information Gathering
        • 👣Footprinting & Scanning
          • 🗺️Mapping a Network
          • 🎛️Port Scanning
        • 🕵️Enumeration
          • 📜SMB Enumeration
          • 📂FTP Enumeration
          • 🐚SSH Enumeration
          • 🕸️HTTP Enumeration
          • 🗄️MySQL & MSSQL Enumeration
        • 🐛Vulnerability Assessment
          • 🩸Case Study: Heartbleed Vulnerability (CVE-2014-0160)
          • 🔵Case Study: EternalBlue Vulnerability (CVE-2017-0143)
          • 👨‍💻Case Study: Log4J Vulnerability (CVE-2021-44228)
      • 🧰Assessment Methodologies: Auditing Fundamentals
      • 📶Host & Network Penetration Testing
        • 💻System/Host Based Attacks
          • 🪟Overview Of Windows Vulnerabilities
          • 💣Exploiting Windows Vulnerabilities
            • 🧨Exploiting Microsoft IIS WebDAV
            • 🧨Exploiting WebDAV With Metasploit
            • 🧨Exploiting SMB With PsExec
            • 🧨Exploiting Windows MS17-010 SMB Vulnerability (EternalBlue)
            • 🧨Exploiting RDP - Brute Force
            • 🧨Exploiting Windows CVE-2019-0708 RDP Vulnerability (BlueKeep)
            • 🧨Exploiting WinRM
          • 📈Windows Privilege Escalation
            • 🔥Windows Kernel Exploits
            • 🔥Bypassing UAC With UACMe
            • 🔥Access Token Impersonation
          • 🗃️Windows File System Vulnerability - Alternate Data Streams
          • 💳Windows Credential Dumping
            • 🔑Searching For Passwords In Windows Configuration Files
            • 🔑Dumping Hashes With Mimikatz
            • 🔑Pass-The-Hash Attacks
          • 💎Linux Vulnerabilities
          • 🎰Exploiting Linux Vulnerabilities
            • 🐚Exploiting Bash CVE-2014-6271 Vulnerability (Shellshock)
            • 🗄️Exploiting FTP - Linux
            • 🔐Exploiting SSH - Linux
            • 📭Exploiting SAMBA - Linux
          • ‼️Linux Privilege Escalation
            • 💥Linux Kernel Exploits
            • 💥Exploiting Misconfigured Cron Jobs
            • 💥Exploiting SUID Binaries
          • 🔐Linux Credential Dumping
        • 📶Network-Based Attacks
          • 📦Tshark & Filtering Basics
          • 🕷️Arp Poisoning
        • 💣The Metasploit Framework (MSF)
        • 💥Exploitation
          • 🖲️Vulnerability Scanning
          • ⚠️Searching For Exploits
          • 🐚Bind & Reverse Shells
          • 👾Exploitation Frameworks
          • 🪟Windows Exploitation
          • 🥌Linux Exploitation
          • ☣️AV Evasion & Obfuscation
        • 🚩Post-Exploitation
          • 🌬️Windows Local Enumeration
          • 📟Linux Local Enumeration
          • 🚜Transferring Files To Windows & Linux Targets
          • 🔼Upgrading Shells
          • 👀Windows Privilege Escalation
          • ⚒️Linux Privilege Escalation
          • 🔮Windows Persistence
          • 🧙Linux Persistence
          • 〰️Dumping & Cracking Windows Hashes (NTLM Hashes)
          • 🍘Dumping & Cracking Linux Password Hashes
          • ➿Pivoting Overview
          • 🧹Clearing Your Tracks On Windows & Linux
        • 🧑‍🔬Social Engineering Fundamentals
      • 🕸️Web Application Penetration Testing
        • ℹ️Intro to Web
        • 🎯Directory Enumeration
        • 🧰BurpSuite and ZAP-Proxy Overview
        • 🛠️Nikto, SQLMap, XSSer & Hydra Overview
      • 👽Extra Resources
        • ➕CIDR Conversion Table
        • 📦Machines or Lab Solved to Practice
    • 📓Certified in Cybersecurity - (ISC)2 - Notes
      • 📝Chapter-1 Security Controls - Notes
      • 📝Chapter-2 Incident Response, Business Continuity & Disaster Recovery - Notes
      • 📝Chapter 3: Access Control Concepts - Notes
      • 📝Chapter 4: Network Security - Notes
      • 📝Chapter 5: Security Operations - Notes
    • 📕Certified Ethical Hacker v12 - Practical - Notes
      • 👣Module 02: Footprinting and Reconnaissance
      • 🔎Module 03: Enumeration
      • Module 04: Scanning Networks
      • Module 05: Vulnerability Analysis
      • 💻Module 06: System Hacking
      • 🐛Module 07: Malware Threats
      • 🧙Module 08: Sniffing
      • 🐧Module 09: Social Engineering
      • ⚠️Module 10: Denial-of-Service
      • 🪝Module 11: Session Hijacking
      • Module 12: Evading IDS, Firewalls, and Honeypots
      • 🗄️Module 13: Hacking Web Servers
      • Module 14: Hacking Web Applications
      • 💉Module 15: SQL Injection
      • Module 16: Hacking Wireless Networks
      • Module 17: Hacking Mobile Platforms
      • Module 18: IoT and OT Hacking
      • Module 19: Cloud Computing
      • Module 20: Cryptography
      • Extra Resources
        • 📚Helpful Resources
        • 📜Cheat Sheet
  • ✍️Blogs
    • Mastering the Art of Logic Flaws: Unraveling Cyber Mysteries !!!
    • How to write a Detailed Vulnerability Report
    • Payment Gateway Bypass on Government Domain.
Powered by GitBook
On this page
  • Nmap/Zenmap Tool
  • NMAP Automator
  • Masscan
  • Rustscan
  • Autorecon

Was this helpful?

  1. Exam Prep Notes
  2. Junior Penetration Tester (eJPTv2) - Notes
  3. Assessment Methodologies
  4. Footprinting & Scanning

Port Scanning

PreviousMapping a NetworkNextEnumeration

Last updated 11 months ago

Was this helpful?

Port scanning is a technique used in cybersecurity to identify open ports and services on a networked system. It involves sending packets to specific ports on a target device and analyzing the responses to determine which ports are open, closed, or filtered. This process helps in identifying potential entry points for attacks and is commonly used in vulnerability assessments and penetration testing.

Nmap/Zenmap Tool

Nmap is a powerful network scanning tool used to discover hosts and services on a computer network. Zenmap serves as its graphical user interface (GUI), offering an intuitive way to visualize and interact with Nmap's scanning and mapping capabilities. Below, we will explore some Nmap flags that can be used for mapping the network or conducting network discovery in the .

Other Nmap Flag’s:

  • -iL flag in Nmap is used to specify a list of target IP addresses or hostnames from a text file for scanning.

  • The -sU flag in Nmap is used to perform UDP port scanning. It scans for open UDP ports on a target host.

  • The tftp command in Linux is used to interact with TFTP servers for file transfers, supporting both downloading and uploading files.

NMAP Automator

is a tool designed to automate the process of running Nmap scans, streamlining the workflow for penetration testers and network administrators. It provides a simplified way to perform various types of scans, such as quick, full, and vulnerability scans, by combining Nmap with other tools and scripts to enhance efficiency and effectiveness in network reconnaissance and vulnerability assessment.

Features

Scans

  1. Network : Shows all live hosts in the host's network (~15 seconds)

  2. Port : Shows all open ports (~15 seconds)

  3. Script : Runs a script scan on found ports (~5 minutes)

  4. Full : Runs a full range port scan, then runs a thorough scan on new ports (~5-10 minutes)

  5. UDP : Runs a UDP scan "requires sudo" (~5 minutes)

  6. Vulns : Runs CVE scan and nmap Vulns scan on all found ports (~5-15 minutes)

  7. Recon : Suggests recon commands, then prompts to automatically run them

  8. All : Runs all the scans (~20-30 minutes)

Note: This is a reconnaissance tool, and it does not perform any exploitation.

Masscan

Rustscan

Autorecon




Hacker's Mantra:Technology trust is a good thing, but control is a better one. - Stephane Nappo

is a high-performance, open-source network scanner designed for rapid and large-scale port scanning. It can scan the entire Internet in mere minutes, making it one of the fastest tools available for discovering open ports and services. Masscan's efficiency and speed are achieved through its asynchronous and highly optimized scanning engine.

is a fast and efficient port scanner written in Rust, designed to improve upon the speed of traditional scanners like Nmap. It leverages Rust's concurrency capabilities to scan ports quickly and then seamlessly integrates with Nmap for detailed service enumeration and vulnerability assessment, combining speed and thoroughness in network reconnaissance.

is an automated reconnaissance tool designed to simplify the initial information-gathering phase of penetration testing. It systematically performs a series of scans and enumerations on target hosts, leveraging various tools to collect and organize data on services, ports, and potential vulnerabilities, thereby enhancing the efficiency and thoroughness of the reconnaissance process.

📚
📑
💡
👣
🎛️
Information Gathering Section
Nmap Automator
Masscan
Rustscan
AutoRecon