🛠️ Tools Cheat Sheet
A collection of frequently used commands for reconnaissance and exploitation.
🔎 Nmap (Network Mapper)
| Command | Description |
|---|---|
nmap -sC -sV <IP> | Standard scan with common scripts and version detection. |
nmap -p- <IP> | Scan all 65,535 ports. |
nmap -A <IP> | Aggressive scan (OS detect, version, scripts, traceroute). |
nmap -oN output.txt <IP> | Save output in normal format. |
📁 Gobuster / Dirsearch
| Command | Description |
|---|---|
gobuster dir -u http://<IP>/ -w common.txt | Directory bursting with Gobuster. |
dirsearch -u http://<IP>/ | Directory bursting with Dirsearch. |
gobuster dir -u http://<IP>/ -w common.txt -x php,html,txt | Scan with specific extensions. |
gobuster vhost -u http://<DOMAIN>/ -w subdomains.txt --append-domain | Virtual Host (vhost) enumeration. |
📦 FTP
| Command | Description |
|---|---|
ftp <IP> | Connect to FTP. |
get filename | Download a file. |
ls -la | List all files including hidden ones. |
🗄️ MySQL / SMB
| Tool | Command | |
|---|---|---|
| MySQL | mysql -h <IP> -u <user> -p | |
| SMBClient | smbclient -L \\\\<IP>\\ | |
| SMBClient | smbclient \\\\<IP>\\<share> | |
| AWS CLI | aws --endpoint=http://<DOMAIN>/ s3 ls | List S3 buckets. |
| AWS CLI | aws --endpoint=http://<DOMAIN>/ s3 ls s3://<BUCKET> | List files in a bucket. |
| AWS CLI | aws --endpoint=http://<DOMAIN>/ s3 cp <FILE> s3://<BUCKET> | Upload file to bucket. |
TIP
Use these commands as a quick reference during labs.