# NMAP & SuperENUM ## Perform Host Discovery ``` 1. ARP Ping Scan : nmap -sn -PR [Target IP Address] 2. UDP Ping Scan : nmap -sn -PU [Target IP Address] 3. ICMP Echo Ping Scan : nmap -sn -PE [Target IP Address] 4. ICMP Ping Sweep Scan : nmap -sn -PE [Target Range of IP Addresses] 5. ICMP Timestamp Scan : nmap -sn -PP [Target IP Address] 6. ICMP Address Mask ping scan : nmap -sn -PM [target IP address] 7. TCP Syn Scan : nmap -sn -PS [target IP address] 8. TCP ACK scan : nmap -sn -PA [target IP address] 9. IP Protocol ping scan : nmap -sn -PO [target IP address] ``` ## Perform Port and Service Discovery ``` 1. TCP Full Scan : nmap -sT -v [Target IP Address] 2. TCP Stealth Scan : nmap -sS -v [Target IP Address] 3. TCP XMAS Scan : nmap -sX -v [Target IP Address] 4. TCP Maimon Scan : nmap -sM -v [Target IP Address] 5. ACK Scan : nmap -sA -v [Target IP Address] 6. UDP Scan : nmap -sU -v [Target IP Address] 7. IPID header scan : nmap -sI -v [target IP address] 8. SCTP Init Scan : nmap -sY -v [target IP address] 9. SCTP Cookie echo Scan : nmap -sZ -v [target IP address] 10. Service Version Scan : nmap -sV [Target IP Address] ``` ## Perform OS Discovery ``` 1. NMAP Aggressive scan : nmap -A [Target IP Address] 2. OS Detection scan : nmap -O [Target IP Address] 3. OS Detection scan using NSE : nmap --script smb-os-discovery.nse [Target IP Address] ``` ## Scan beyond IDS and Firewall ``` 1. Fragment Split Scan : nmap -f [Target IP Address] 2. Source port manipulation : nmap -g 80 [Target IP Address] 3. Custom MTU Scan : nmap -mtu 8 [Target IP Address] 4. Random IPS Scan : nmap -D RND:10 [Target IP Address] 5. Custom MAC : nmap -sT -Pn --spoof-mac 0 [Target IP Address] ``` ## SMTP Enumeration : ``` nmap -p 25 --script=smtp-enum-users [Target IP Address] nmap -p 25 --script=smtp-open-relay [Target IP Address] nmap -p 25 --script=smtp-commands [Target IP Address] ``` *** ## SuperENUM {% hint style="info" %} {% endhint %} ### Usage & Installation This script does the basic enumeration of any open port along with screenshots. **Download the files:** 1. superenum 2. commands.config **Process to follow:** 1. Place both the files in a folder. 2. Place list of IP Address in a file and give it any name. 3. Open terminal with 'root' user and navigate to the folder where it has been copied in step 1. 4. Run the below command: ./superenum ``` ## SYNTAX echo "10.10.1.19" >> Target.txt chmod +x superenum ./superenum ```