BROWSER TOOLS:
- DNSDUMPSTER - my favorite dns tool.
- SHODAN - great for threat hunting and footprinting a target.
- CYBERCHEF - great tool when working with encoded data. download and run locally if handling sensitive data.
https://gchq.github.io/CyberChef
- WHOIS - useful but i prefer to use the whois command from terminal.
CMD CHEATSHEET:
- Reverse DNS lookup
1 2
dig -x 8.8.8.8 +short dns.google
- look up DNS records
1 2 3 4
dig dns.google +nostats +nocomments +nocmd ;dns.google. IN A dns.google. 0 IN A 8.8.4.4 dns.google. 0 IN A 8.8.8.8
- Reverse a base64 string
1
echo *base64_string* | pythom -m base64 -d
- prettify json output
1
echo *ugly_json_data* | pythom -m json.tool
- Nmap subnet scan
scan results exported to a file called “out.txt”. then filter out the online hosts and display in the terminal1 2 3 4 5 6 7 8 9 10 11 12 13 14
nmap -sn -oG out.txt 192.168.1.0/24 && grep -i up out.txt Host: 192.168.1.1 () Status: Up Host: 192.168.1.2 () Status: Up Host: 192.168.1.9 () Status: Up Host: 192.168.1.18 () Status: Up Host: 192.168.1.24 () Status: Up Host: 192.168.1.26 () Status: Up Host: 192.168.1.28 () Status: Up Host: 192.168.1.29 () Status: Up Host: 192.168.1.38 () Status: Up Host: 192.168.1.57 () Status: Up Host: 192.168.1.69 () Status: Up Host: 192.168.1.79 () Status: Up Host: 192.168.1.82 () Status: Up
- use netcat to scan a range of ports on a host
1 2 3 4 5
nc -z -v 178.79.152.114 1-100 nc: connect to 178.79.152.114 port 1 (tcp) failed: No route to host nc: connect to 178.79.152.114 port 2 (tcp) failed: No route to host nc: connect to 178.79.152.114 port 3 (tcp) failed: No route to host nc: connect to 178.79.152.114 port 4 (tcp) failed: No route to host
nslookup
if you just typenslookup
and hit enter you will get the ‘>’ prompt, you can now copy and paste a list of ip addresses to get the respective dns quickly. You can also change which dns server is used to perform the lookup by typing “server” followed by the new dns server IP.ipcalc
– quick way to get the size of a subnetwhois
– Find out who owns a public IPcurl