Linux Commands
Jump to navigation
Jump to search
Recon
whois
$ whois [-h whois_server] name
nslookup
$ nslookup <target>
dig
- Types of record: NS, A, HINFO, MX, TXT, CNAME, SOA, RP, PTR, SRV
$ dig [@server] <name> [type]
- Zone transfer
$ dig [@server] <domain> -t AXFR * Iterative zone transfer <pre>$ dig [@server] <domain> -t IXFR=<N>
BiLE.pl
$ ./BiLE <target> <result_file> $ ./BiLE-weigh.pl <site_of_interest> <BiLE_output.mine> $ ./tld-expand.pl $ ./vet-IPrange.pl $ ./qtrace.pl
Scanning
tcpdump
Parameters
- -n -- use numbers
- -i <interface>
- -v -- be verbose
- -r <file>/-w <file> -- read from/write to file
- -x -- print hex
- -A -- print ASCII
- -X -- print hex and ASCII
- -s <snaplen> -- length to capture (-s0 for all data)
Filter string
- Protocol
- ether, ip, ip6, arp, rarp, tcp, udp
- Type
- host <host>
- net <network>
- port <portnum>
- portrange <start-end>
- Direction
- src
- dst
- Logic
- and
- or
- Show TCP against target 10.10.10.10 in ASCII
tcpdump [-i tap0] -n -A tcp and dst 10.10.10.10
- Show all UDP from 10.10.10.10
tcpdump [-i tap0] -n udp and src 10.10.10.10
- Show all TCP port 80 packets going to or from host 10.10.10.10
tcpdump [-i tap0] -n tcp and port 80 and host 10.10.10.10
hping3
TCP Flags
- --syn, --fin, --rst, --push, --ack, --urg
Target selection
- --rand-dest
- --interface <int>
Source selection
- --spoof <hostname>
- --rand-source
Port selection
- --destport <port>
- --destport +<port> -- increment by one for each packet received
- --destport ++<port> -- increment by one for each packet sent
- --scan <portrange>
- --baseport <port>
- --keep -- don't increment the source port
Speed options
- --fast, --faster, --flood
- --interval <N> -- interval in seconds
- --interval u<N> -- interval in microseconds
Other options
- --count <N>
- --beep
- --file <filename>
- --data <N>
Traceroute
Parameters -f <N> -- Initial TTL -g <hostlist> -- Loose source route -I -- use ICMP Echo instead of UDP -m <N> -- maximum number of hops (default 30) -n -- numeric -p <baseport> -- set the base UDP port -w <N> -- wait N seconds (default 5)