Enumeration Tutorial

Top 44 Ports (Basics)

1️⃣ FTP - Port 21
2️⃣ SSH - Port 22
3️⃣ Telnet - Port 23
4️⃣ SMTP | Port 25 and Submission Port 587
5️⃣ DNS - Port 53
6️⃣ Finger - Port 79
7️⃣ HTTP - Port 80
8️⃣ Kerberos - Port 88
9️⃣ POP3 - Port 110
1️⃣0️⃣ RPCInfo - Port 111
1️⃣1️⃣ Ident - Port 113
1️⃣2️⃣ NetBios
1️⃣3️⃣ SNMP - Port 161
1️⃣4️⃣ Check Point FireWall-1 Topology - Port 264
1️⃣5️⃣ LDAP - Port 389
1️⃣6️⃣ SMB - Port 445
1️⃣7️⃣ Rexec - Port 512
1️⃣8️⃣ Rlogin - Port 513
1️⃣9️⃣ RSH - port 514
2️⃣0️⃣ AFP - Apple Filing Protocol - Port 548
2️⃣1️⃣ Microsoft Windows RPC Services | Port 135 and Microsoft RPC Services over HTTP | Port 593
2️⃣2️⃣ HTTPS - Port 443 and 8443
2️⃣3️⃣ RTSP - Port 554 and 8554
2️⃣4️⃣ Rsync - Port 873
2️⃣5️⃣ Java RMI - Port 1099
2️⃣6️⃣ MS-SQL | Port 1433
2️⃣7️⃣ Oracle - Port 1521
2️⃣8️⃣ NFS - Port 2049
2️⃣9️⃣ ISCSI - Port 3260
3️⃣0️⃣ SAP Router | Port 3299
3️⃣1️⃣ MySQL | Port 3306
3️⃣2️⃣ Postgresql - Port 5432
3️⃣3️⃣ HPDataProtector RCE - Port 5555
3️⃣4️⃣ VNC - Port 5900
3️⃣5️⃣ CouchDB - Port 5984
3️⃣6️⃣ Redis - Port 6379
3️⃣7️⃣ AJP Apache JServ Protocol - Port 8009
3️⃣8️⃣ PJL - Port 9100
3️⃣9️⃣ Apache Cassandra - Port 9160
4️⃣0️⃣ Network Data Management Protocol (ndmp) - Port 10000
4️⃣1️⃣ Memcache - Port 11211
4️⃣2️⃣ MongoDB - Port 27017 and Port 27018
4️⃣3️⃣ EthernetIP-TCP-UDP - Port 44818
4️⃣4️⃣ UDP BACNet - Port 47808

Perform A Ping sweep : 🧹
$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4 <IP>

$ nmap -sP -PE -PP -PS21,22,23,25,80,113,31339 -PA80,113,443,10042 --source-port 53 -T4

-sP = Scan Ports
-PE =  ICMP echo, timestamp, and netmask request discovery probes
-PP = same as PE
-PS21,22.... = TCP SYN/ACK, UDP or SCTP discovery to given ports
-PA = same as PS
-T4 = Fast Scan
--source-port (source port from which we scan)

Scan 50000 IPs
$ nmap -n -sL -iR 50000 -oN -

Scan Specific Target 🧿
$ nmap -v -n -PE -Pn <target>
-n = never do DNS resolution
-v = verbose output -vv is higher verbosity level
-PE = ICMP echo, timestamp and netmask request discovery probes
-Pn = Bypassing Ping Probe Requests

$ nmap -v -n -PE -PO <target>
-PO = IP Protocol Ping

Scan Specific Ports 🔌
$ nmap -v -n -PS21-23,25,53,80,443,3389 -PO -PE -PM -PP <target>

$ nmap -sL -oG -
-sL = List scan
-oG = Output scan

Scan network with Firewall : 🔥🚧
$ nmap --script firewalk --traceroute <target> -vv

$ traceroute

$ hping -R -V

TCP SYN/ACK, UDP or SCTP discovery to given ports
$ nmap -PS/PA/PU/PY

ICMP echo, timestamp, and netmask request discovery probes 🕔
$ nmap -PE/PP/PM

Never do DNS resolution/Always resolve [default: sometimes] 🚫
Never do DNS resolution  | -n
Always resolve | -R

Scan Techniques
1️⃣ TCP SYN scan -sS
2️⃣ Connect scan -sT
3️⃣ ACK scan -sA
4️⃣ Window scan-sW
5️⃣ Maimon scan -sM
6️⃣ UDP Scan -sU
7️⃣ TCP Null scan -sN
8️⃣ FIN scan -sF
9️⃣ Xmas scan -sX
1️⃣0️⃣ IP protocol scan -sO

Scan UDP ports with Nmap, e.g.:
$ nmap -sU -p U:53,161 <target>

Scan "number" most common ports
$ nmap -sS --top-ports "1000" <target>

More :

This is a list of common ports that will give you a pretty good list of "alive" system when scanning internally or externally.

📄 List of ports :

UDP Discovery  🔎


Authentication Ports  ⌨️


Easy-win Ports  🏆


Database Ports  ⚗️


NoSQL Ports  🚫


@𝑇𝘩𝑒𝑀𝑎𝑠𝑡𝑒𝑟𝐶𝐻) ⚠️

Enjoy! follow us for more...

1 comment:

  1. Enumeration Tutorial >>>>> Download Now

    >>>>> Download Full

    Enumeration Tutorial >>>>> Download LINK

    >>>>> Download Now

    Enumeration Tutorial >>>>> Download Full

    >>>>> Download LINK l0


What is Prototype content functions in JavaScript Framework Programming.mp4

  Download now Enjoy! Follow us for more...