GitHub/quartz
1
0
Fork 2
mirror of https://github.com/jackyzha0/quartz.git synced 2025-12-27 23:04:05 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
739679cbb6
quartz/content/CyberSecurity/TCP Scan.md
ErdemOzgen 9ac5e084ca Add Cyber section
2025-01-12 18:54:11 +03:00

28 lines
1.3 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#scan #MitreAttack
https://attack.mitre.org/techniques/T1046/
### [TCP Port Discovery](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-network/index.html#tcp-port-discovery)
It's very common to find that all kind of ICMP packets are being filtered. Then, all you can do to check if a host is up is **try to find open ports**. Each host has **65535 ports**, so, if you have a "big" scope you **cannot** test if **each port** of each host is open or not, that will take too much time.
Then, what you need is a **fast port scanner** ([masscan](https://github.com/robertdavidgraham/masscan)) and a list of the **ports more used:**
bash
```bash
#Using masscan to scan top20ports of nmap in a /24 range (less than 5min) masscan -p20,21 23,25,53,80,110,111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080 199.66.11.0/24
```
You could also perform this step with `nmap`, but it slower and somewhat `nmap`has problems identifying hosts up.
### [HTTP Port Discovery](https://book.hacktricks.wiki/en/generic-methodologies-and-resources/pentesting-network/index.html#http-port-discovery)
This is just a TCP port discovery useful when you want to **focus on discovering HTTP** **services**:
bash
`masscan -p80,443,8000-8100,8443 199.66.11.0/24`
Reference in New Issue View Git Blame Copy Permalink