Other Scanning Methods
Banner Grabbing
Basic versioning / finger printing via displayed banner
nc -v 192.168.1.1 25
telnet 192.168.1.1 25Banner grabbing with NC
nc TARGET-IP 80
GET / HTTP/1.1
Host: TARGET-IP
User-Agent: Mozilla/5.0
Referrer: meh-domain
<enter>UDP Protocol Scanner
git clone https://github.com/portcullislabs/udp-proto-scanner.gitScan a file of IP addresses for all services
./udp-protocol-scanner.pl -f ip.txt Scan for a specific UDP service
udp-proto-scanner.pl -p ntp -f ips.txtNetdiscover
Discovers IP, MAC Address and MAC vendor on the subnet from ARP, helpful for confirming you're on the right VLAN at $client site
netdiscover -r 192.168.1.0/24https://github.com/absolomb/WindowsEnum
https://www.sans.org/blog/pen-test-poster-white-board-powershell-built-in-port-scanner/
https://github.com/fortra/impacket#getting-impacket
Netcat to discover open telnet
nc -v 192.168.1.1 25
telnet 192.168.1.1 25UDP Protocol Scanner
git clone https://github.com/portcullislabs/udp-proto-scanner.gitScan a file of IP addresses for all services
./udp-protocol-scanner.pl -f ip.txt Scan for a specific UDP service
udp-proto-scanner.pl -p ntp -f ips.txtNetdiscover
Discovers IP, MAC Address and MAC vendor on the subnet from ARP, helpful for confirming you're on the right VLAN at $client site
netdiscover -r 192.168.1.0/24Last updated
Was this helpful?