external scanning

tools used

nmap
nmapautomator
AutoRecon

methodology

graph TD
	nmap(initial nmap scans)
	ad(is it part of an ad domain?)
	ad_yes(begin active directory enumeration)
	ad_no(begin service enumeration)
	
	nmap --> ad
	ad -- yes --> ad_yes
	ad -- no --> ad_no
	
	click nmap "#nmap-scans"
	click ad_yes "#external-active-directory-enumeration"
	click ad_no "/tags/service"

nmap scans

initial scan

nmap -p- -sC -sV -Pn $target -T5 --open #test comment

initial scan option 2, using hosts file

sudo nmap -v -A -iL hosts.txt -oN /path/to/output

optional nmapautomator recon scan

./nmapAutomator.sh -H $target -t recon

autorecon scan

autorecon $target

external active directory enumeration

autorecon scan

autorecon $target

explorer

external scanning

tools used

methodology

nmap scans

external active directory enumeration

graph view

table of contents

tags

backlinks