# NMAP `sudo nmap -sC -sV {target IP}` nmap scans ports @ an IP. you can combine into `-sCV` `-sV` - scans open ports to determine service/version info `-sC` - uses scripts (some are intrusive) this usage is equivalent to `--script=default` **very helpful to create a file with the target IP inside. that way you can just call it via nmap** `nmap -iL scope -sCV -v` - Nmap `-T` switches - `-T0` -> paranoid, 5 mins between packets - `-T1` -> sneaky, 15 seconds between packets - `-T2` -> Polite, .4 seconds between packets - `-T3` -> normal, .3 seconds between packets - (default nmap scan timing if run without -T switch) - `-T4` -> aggressive. .25 seconds between packets - `-T5` -> insane, .1 seconds between packets ## Pivot via Proxychains4 Notes - MUST USE `-sT -Pn` over a socks5 proxy, as only L7 is available. Without it nmap will think the host is down # AutoRecon [GitHub - Tib3rius/AutoRecon: AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services.](https://github.com/Tib3rius/AutoRecon) The tool works by firstly performing port scans / service detection scans. From those initial results, the tool will launch further enumeration scans of those services using a number of different tools. For example, if HTTP is found, feroxbuster will be launched (as well as many others). **typical usage** `# autorecon -t scope -vv` links: [[_LinuxTerminalCMDIndex]]