Network Vulnerability Assessment

Cheat Sheet

FTP

Nmap

Detect ftp vulnerabilities

nmap -sS -sV --mtu 5000 \
--script=ftp-anon,ftp-brute,ftp-vuln-cve2010-4221.nse,ftp-vsftpd-backdoor.nse,ftp-proftpd-backdoor.nse \
-p 21 $TARGET

Nuclei

Misconfiguration & Vulnerabilities

nuclei -tags ftp -u $TARGET:21

HTTP

Nmap

Detect HTTP service vulnerabilities

nmap -sS -sV --mtu 5000 \
--script=http-vuln-*,http-huawei-hg5xx-vuln.nse,http-iis-webdav-vuln.nse,http-vmware-path-vuln.nse,mysql-vuln-cve2012-2122.nse \
-p 80 $TARGET

SMTP

Nmap

Detect SMTP vulnerabilities

nmap -sS -sV --mtu 5000 \
--script=smtp-vuln-*,smtp-open-relay,smtp-brute \
-p 25,465,587 $TARGET

SMB

Nmap

Detect SMB vulnerabilities

nmap -sS -sV --mtu 5000 \
--script=smb2-vuln-*,smb-vuln-*,samba-vuln-cve-2012-1182,smb-double-pulsar-backdoor,smb-brute \
-p 139,445 $TARGET

Metasploit

Detect EternalBlue

msfconsole -qx "
    use auxiliary/scanner/smb/smb_ms17_010;
    set RHOSTS $TARGET;
    run;
    exit"

Nuclei

Misconfiguration & Vulnerabilities

nuclei -tags smb -u $TARGET:445

RDP

Nmap

Detect RDP vulnerabilities

nmap -sS -sV --mtu 5000 \
--script=rdp-vuln-ms12-020.nse,rdp-ntlm-info.nse \
-p 3389 $TARGET

Redis

Metasploit

Redis Misconfiguration Check

msfconsole -qx "use auxiliary/gather/redis_extractor;
    set RHOSTS $TARGET;
    run;
    exit"

Nuclei

Misconfiguration & Vulnerabilities

nuclei -tags redis -u $TARGET:6379

Nessus

OpenVAS

PreviousNetwork Traffic Policy Mapping NextPhysical Link Mapping

Last updated 1 month ago

hashtagCheat Sheet

hashtagFTP

hashtagHTTP

hashtagSMTP

hashtagSMB

hashtagRDP

hashtagRedis

Cheat Sheet

FTP

HTTP

SMTP

SMB

RDP

Redis