Xe1phix-[Process-Admin]-Cheatsheet-[v5.5.74].sh

1. lsof -p $PID
2. lsof -p $(pgrep $Process)
3.  
4. strace -f -p $PID
5.  
6.  
7. Flush DNS cache
8. killall -HUP mDNSResponder
9.  
10.  
11. kill ‐s TERM $PID               ## [15] TERM (software termination signal)
12. killall ‐1 $Service             ## [ 1] HUP (hang up)
13. kill -SIGHUP $PID               ## [ 1] HUP (hang up)
14. pkill ‐9 $Service               ## [ 9] KILL (non­catchable, non­ignorable
15. kill -SIGKILL $PID              ## [ 9]  SIGKILL (Kill signal)
16. killall -9 $Service             ## [ 9]  SIGKILL (Kill signal)
17. pkill ‐TERM ‐u $User            ## [15] TERM (software termination signal)
18. kill -SIGTERM $PID              ## [15] SIGTERM (Termination signal.)
19. fuser ‐k ‐TERM ‐m /home         ## [15] kill every process accessing /home (to umount)
20.  
21. kill -9 $$                      ## Kill current session
22.  
23.  
24. kill $(ps -ef | awk '/sshd/ {print $2}')
25. kill $(ps -ef | awk '/mysql/ {print $2}')
26.  
27. kill `netstat -anp --tcp -4 | awk '/:22/ && /LISTEN/ { print $7 }' | cut -f1 -d/`
28. /etc/init.d/`netstat -anp --tcp -4 | awk '/:22/ && /LISTEN/ { print $7 }' | cut -f2 -d/` stop
29.  
30.  
31. ## use kill to remove any user remotely running ssh off your box ##
32.  
33. kill $(ps -ef | awk '/sshd/ {print $2}')
34.  
35. kill $(ps -ef | awk '/cupsd/ {print $2}')
36.  
37.  
38.  
39. watch -n 1 lsof -nPi :47145
40. watch -n 1 lsof -nPi tcp:22
41. watch --color -n 1 lsof -nPi tcp:443
42. watch --color -n 1 lsof -nPi tcp:80
43. watch --color -n 1
44. watch --color -n 1 lsof -i udp:5353 -t
45. watch --color -n 1 lsof -iTCP -sTCP:LISTEN
46. watch --color -n 1 lsof -t -c sshd
47. watch --color -n 1 lsof -i tcp:ssh
48. watch --color -n 1 lsof -i tcp:22
49. watch --color -n 1 lsof -u syslog
50. watch --color -n 1 lsof +d /var/log
51. watch --color -n 1 lsof -i udp -u root
52.  
53. lsof -nP -iTCP -sTCP:LISTEN
54. lsof -nP -iUDP:LISTEN
55. lsof -P -i tcp | grep -i listen
56.  
57.  
58. TCP in use
59. lsof -nPi tcp
60.  
61. lsof -nPi udp
62.  
63.  
64. 0trace eth0 $Domain
65.  
66. itrace -i eth0 -d $Domain
67.  
68. intrace
69.  
70. tctrace -i eth0 -d $Domain
71.  
72. tcptraceroute -i eth0 $Domain
73.  
74.  
75.  
76. tcptrace -l -r o3 $File
77.  
78.  
79.  
80.  
81. ##-====================================================-##
82. ##   [+] Print List of Live Hosts on Local Network:
83. ##-====================================================-##
84. genlist -s 192.168.1.\*
85.  
86.  
87.  
88.  
89.  
90.  
91. fierce --domain $Domain --subdomains accounts --traverse 10
92.  
93.  
94. ##-============================================================================-##
95. ##   [+] Limit nearby IP traversal to certain domains with the --search flag:
96. ##-============================================================================-##
97. fierce --domain $Domain --subdomains admin --search $Domain $Domain
98.  
99.  
100. ##-==================================================================================-##
101. ##   [+] Attempt an HTTP connection on domains discovered with the --connect flag:
102. ##-==================================================================================-##
103. fierce --domain $Domain --subdomains mail --connect
104.  
105.  
106.  
107. ##-=========================-##
108. ##  [+] Fierce
109. ##-=========================-##
110. fierce -dns $Domain
111. fierce -dns $Domain -file $OutputFile
112. fierce -dns $Domain -dnsserver $Server
113. fierce -range $IPRange -dnsserver $Server
114. fierce -dns $Domain -wordlist $Wordlist
115. fierce -dnsserver $DNS -dns $Domain -wordlist /usr/share/fierce/hosts.txt
116.  
117.  
118. fierce -dns $Domain -threads 3
119.  
120.  
121.  
122. dnsenum.pl --enum -f $File.txt --update a -r $Domain >> ~/Enumeration/$domain
123.  
124.  
125.  
126. ##-=====================================================================-##
127. ##   [+] Search for the A record of $Domain on your local nameserver:
128. ##-=====================================================================-##
129. dnstracer $Domain
130.  
131.  
132. ##-=====================================================================-##
133. ##   [+] Search for the MX record of $Domain on the root-nameservers:
134. ##-=====================================================================-##
135. dnstracer "-s" . "-q" mx $Domain
136.  
137.  
138. ##-=================================================================-##
139. ##   [+] Search for the PTR record (hostname) of 212.204.230.141:
140. ##-=================================================================-##
141. dnstracer "-q" ptr 141.230.204.212.in-addr.arpa
142.  
143.  
144. ##-========================-##
145. ##   [+] IPv6 addresses:
146. ##-========================-##
147. dnstracer "-q" ptr "-s" . "-o" 2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6.4.0.2.0.0.0.0.8.b.0.e.f.f.3.ip6.int
148.  
149.  
150.  
151. ##-=================================================================-##
152. ##   [+]
153. ##-=================================================================-##
154. dnstop -l 3 eth0
155.  
156.  
157.  
158.  
159. dnswalk $Domain
160.  
161. ## ------------------------------------------------------------- ##
162. ##   [?] Print debugging and 'status' information to stderr
163. ## ------------------------------------------------------------- ##
164.  
165.  
166.                                     ## ----------------------------------------------------------- ##
167. dnswalk -r -d $* $Domain.       ## Recursively descend sub-domains of the specified domain.
168.                                     ## Print debugging and 'status' information to stderr
169.                                     ## ----------------------------------------------------------- ##
170.  
171.                                     ## ---------------------------------------------------- ##
172. dnswalk -F $Domain                  ## perform "fascist" checking
173.                                     ## ---------------------------------------------------- ##
174.                                     ##  [?] When checking an A record,
175.                                     ##      compare the PTR name for each IP address
176.                                     ##      with the forward name and report mismatches.
177.                                     ## ---------------------------------------------------- ##
178.  
179. dmitry -p $Domain -f -b
180.  
181.  
182.  
183. dmitry -iwnse $Domain
184.  
185.  
186.  
187.  
188.  
189.  
190. ##-================-##
191. ##  [+] DNSMap
192. ##-================-##
193. dnsmap -w $File.txt $Domain
194.  
195.  
196. ## ----------------------------------------------------------- ##
197. ##   [+] DNSenum - enumerate various DNS records, such as:
198. ##                 NS, MX, SOA, and PTR records.
199. ##   [?] DNSenum also tries to perform DNS zone transfer
200. ## ----------------------------------------------------------- ##
201.  
202. dnsenum -p 5 -s 20 $Domain
203. dnsenum -f $File.txt $Domain
204. dnsenum -o dnsenum_info $Domain
205. dnsenum --enum -f $File.txt --update a -r $URL
206.  
207.  
208. ss -plnut
209.  
210. netstat -plnut
211.  
212.  
213. ps -eo pid,user,group,gid,vsz,rss,comm --sort=-rss | less
214.  
215. ps -ef --sort=user | less
216.  
217.  
218.  
219. ## kill all related processes using your device
220. fuser -mk /dev/sdc
221.  
222.  
223.  
224.  
225. service --status-all | grep running
226. service --status-all | grep running... | sort
227. chkconfig --list
228. chkconfig --add
229.  
230. systemctl list-units | grep .service
231. systemctl list-units | grep .target
232. systemctl list-unit-files --type=service
233. systemctl list-unit-files --type=target
234. systemctl list-unit-files --type=service | grep -v disabled
235.  
236.  
237. systemctl --all list-units | grep .service
238.  
239.  
240.  
241. --signal
242.  
243. --state
244. --full
245. --user
246. --system
247.  
248.  
249. --property
250. --value
251. --recursive
252. --show-types
253.  
254.  
255. systemctl --all list-unit-files
256. systemctl --all --show-types
257.  
258. systemctl show --property "Wants" multi-user.target
259. systemctl show --property "Requires" multi-user.target
260. systemctl show --property "WantedBy" getty.target
261. systemctl show --property "Wants" multi-user.target | fmt -10 | sed 's/Wants=//g' | sort
262.  
263.  
264. systemctl status $Service | grep -i active
265. systemctl is-enabled
266.  
267.  
268. strings /sbin/init | grep -i systemd
269.  
270.  
271.  
272. cat /etc/systemd/system/My_New_Service.service
273. cat /lib/systemd/system/sshd.service
274.  
275.  
276. List failed units:
277. systemctl --failed
278.  
279.  
280. Show the cgroup slice, memory and parent for a PID:
281. systemctl status pid
282.  
283.  
284. | grep -Fe .service -e .socket
285.  
286.  
287. pgrep -fl php
288.   // PHP related processes
289.  
290.  
291.  
292. Find the process ID of the named daemon:
293. pgrep -u root,daemon
294. pgrep -u root named
295.  
296.  
297. Make syslog reread its configuration file:
298. kill -HUP syslogd
299.  
300. Give detailed information on all xterm processes:
301. ps -fp $(pgrep -d, -x firefox)
302.  
303.  
304. Make all chrome processes run nicer:
305. renice +4 $(pgrep chrome)
306.  
307.  
308. /proc/pid/stat
309.  
310.  
311. ps aux --sort=-resident|head -11
312.   // Check for memory hoggers (one who leak?)
313.  
314.  
315.  
316.  
317.  
318. ##-==============================================================-##
319. ##  [+]
320. ##-==============================================================-##
321.  
322.  
323. ##-==============================================================-##
324. ##  [+]
325. ##-==============================================================-##
326.  
327. rkhunter --quiet --verbose-logging --summary --hash SHA256 --cronjob --logfile /var/log/rk.log --check
328.  
329.  
330. ## grant read access to all members of the "wheel" and "adm" system groups
331. setfacl -Rnm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal/
332.  
333.  
334. ## On systems where /var/log/journal/ does not exist
335. ## yet but where persistent logging is desired.
336. ## create the directory, and ensure it has the correct access modes:
337. mkdir --mode=0774 /var/log/journal
338.  
339. systemd-tmpfiles --create --prefix /var/log/journal
340.  
341. /etc/systemd/journald.conf
342.  
343.  
344.  
345.  
346. journalctl --list-boots | head
347. journalctl -k                           ## kernel messages
348. journalctl -k -f                        ## follow kernel messages
349. journalctl -u NetworkManager.service    ## Service messages
350. journalctl -f -u NetworkManager.service ## follow service
351. journalctl -fn 0 -u NetworkManager -u wpa_supplicant
352. journalctl -u httpd.service             ##
353. journalctl -k -b -1                     ## view the boot logs
354. journalctl /dev/sda                     ## all logs of the kernel device node `/dev/sda`
355. journalctl -u systemd-networkd
356. journalctl -u auditd.service            ##
357. journalctl --list-boots                 ## check only boot messages
358. journalctl -b $BootID                   ## show boot messages for a selected boot ID
359.  
360. journalctl _SYSTEMD_UNIT=avahi-daemon.service
361. journalctl -p emerg..err
362. journalctl -o verbose
363. journalctl --since "2019-07-05 21:30:01" --until "2019-07-05 21:30:02"
364. journalctl -n50 --since "1 hour ago"
365.  
366.  
367.  
368.  
369.  
370. tail -f /var/log/messages
371.  
372. syslog –f
373. syslog –d <directory>
374.  
375. bzcat system.log.1.bz2 system.log.0.bz2 >> system_all.log
376.  
377. cat system.log >> system_all.log
378.  
379.  
380. # last logged on user information
381. lastlogedonusrs=`lastlog 2>/dev/null |grep -v "Never" 2>/dev/null`
382. if [ "$lastlogedonusrs" ]; then
383.   echo -e "\e[00;31m[-] Users that have previously logged onto the system:
384. fi
385.  
386.  
387.  
388.  
389. iptables ­A INPUT ­p TCP ­­dport 22 ­j ULOG ­­ulog­prefix "SSH connection attempt: "
390.  
391.  
392.  
393. conntrackd -C /etc/conntrackd/conntrackd.conf
394.  
395.  
396. ulogd --daemon --uid ulog --pidfile /run/ulog/ulogd.pid
397.  
398.  
399.  
400.  
401.  
402. ## ------------------------------ ##
403. ##    [?] Extract PCAP Data:
404. ## ------------------------------ ##
405. capinfos $File.pcap
406. tcpslice -r $File.pcap
407. tcpstat $File.pcap
408. tcpprof -S lipn -P 30000 -r $File.pcap
409. tcpflow -r $File.pcap
410. tcpxtract -f $File.pcap -o $Dir/
411. tcpick -a -C -r $File.pcap
412. tcpcapinfo $File.pcap
413. ngrep -I $File.pcap
414. nfdump -r $File.pcap
415. chaosreader -ve $File.pcap
416. tshark -r $File.pcap
417. tcpdump -r $File.pcap
418. bro -r $File.pcap
419. snort -r $File.pcap
420.  
421.  
422.  
423.  
424. ##-===================================================-##
425. ##   [+]
426. ##-===================================================-##
427. tcpxtract --file $File.pcap --output $File --device eth0
428.  
429.  
430.  
431.  
432. ##-=================================================-##
433. ##   [+] Read PCAP File - Extract 80 & 443 Packets
434. ##-=================================================-##
435. tcpflow -c -e -r $File.pcap 'tcp and port (80 or 443)'
436. tcpflow -r $File.pcap tcp and port \(80 or 443\)
437.  
438.  
439. ##-================================================-##
440. ##   [+] Record on eth0 - Extract Port 80 Packets
441. ##-================================================-##
442. tcpflow -p -c -i eth0 port 80
443.  
444.  
445. ##-================================================-##
446. ##   [+] Capture Port 80 With Snap Length: 96
447. ##-================================================-##
448. tcpflow -i eth0 -b 96 -e -c port 80
449.  
450.  
451. ##-================================================-##
452. ##   [+] tcp/ip session reassembler:
453. ##-================================================-##
454. tcpflow -i eth0 -e -c 'port 25'
455.  
456.  
457. ##-================================================-##
458. ##   [+] Process PCAP Files in Current Directory
459. ##-================================================-##
460. tcpflow -o $File -a -l *.pcap
461.  
462.  
463. ##-===================================================-##
464. ##   [+] Record All Packets Going To & From $Domain
465. ##   [+] Extract All of The HTTP Attachments:
466. ##-===================================================-##
467. tcpflow -e scan_http -o $Dir host $Domain
468.  
469.  
470. ##-=================================================================-##
471. ##    [+] record traffic between helios and either hot or ace
472. ##    [+] bin the results into 1000 files per directory
473. ##    [+] calculate the MD5 of each flow:
474. ##-=================================================================-##
475. tcpflow -X $File.xml -e scan_md5 -o $Dir -Fk host helios and \( hot or ace \)
476.  
477.  
478.  
479.  
480.  
481.  
482.  
483.  
484.  
485. find . -mtime -7
486.  // Files created within last 7 days
487.  
488.  
489. find . -mtime +14 -type f -name '*.gz'
490.  // Files *.gz older than 14 days
491.  
492. tail -f file.log | grep 192.168.1.1
493.  // Monitor a log file
494.  
495. find . -size +100M
496.  // Files over 100megs
497.  
498.  
499. # top 10 by process sorted
500. ps aux | awk '{print $2, $4, $11}' | sort -k2rn | head -n 10
501. ps -eo size,pid,user,command | awk '{ hr=$1/1024 ; printf("%13.6f Mb ",hr) } { for ( x=4 ; x<=NF ; x++ ) { printf("%s ",$x) } print "" }' | sort
502.  
503.  
504. # number of open files
505. lsof | awk '{ print $2 " " $1; }' | sort -rn | uniq -c | sort -rn | head -20
506.  
507.  
508.  
509. /etc/systemd/journald.conf
510. /etc/systemd/journald.conf.d/*.conf
511. /run/systemd/journald.conf.d/*.conf
512. /usr/lib/systemd/journald.conf.d/*.conf
513.  
514.  
515.  
516. journalctl --rotate
517.  
518. journalctl --sync
519.  
520. sd-journal
521. systemd.journal-fields
522. sd_journal_print
523.  
524. MaxLevelStore=debug
525.  
526. MaxLevelSyslog=debug
527.  
528. MaxRetentionSec=0
529. SystemMaxFiles=
530.  
531.  
532. Storage=persistent
533. Compress=
534. Seal=
535. SplitMode=uid
536.  
537. RateLimitIntervalSec=
538. RateLimitBurst=
539. RateLimitIntervalSec=
540.  
541.  
542. --setup-keys
543.  
544.  
545.  
546.  
547. jls -f linux-ext3 img.dd
548.  
549. jcat -f linux-ext3 img.dd 34 | xxd
550.  
551.  
552.  
553. kill -HUP `pidof syslogd`
554. kill -HUP `cat /var/run/syslogd.pid`
555. /sbin/service rsyslog start
556. /etc/init.d/syslog reload
557. logger -t "food[$$]" -p local3.warning "$count connections from $host"
558.  
559. syslog-ng-ctl verbose --set=on
560. syslog-ng-ctl stats
561.  
562. /etc/syslog-ng/syslog-ng.conf
563.  
564.  
565. ## When auditing is not enabled,
566. ## we can configure the system logger to direct SELinux
567. ## AVC messages into its own logfile.
568.  
569. ## For instance, with the syslog-ng system logger,
570. ## the possible configuration parameters
571. ## could be as follows:
572.  
573. source kernsrc { file("/proc/kmsg"); };
574. destination avc { file("/var/log/avc.log"); };
575. filter f_avc { message(".*avc: .*"); };
576. log { source(kernsrc); filter(f_avc); destination(avc); };
577.  
578.  
579. logwatch --range all --archives --detail High --print | less
580. logwatch --print | less
581.  
582.  
583.  
584.  
585. loginctl list-users
586. loginctl user-status
587. loginctl --all show-user
588. loginctl list-seats
589. loginctl seat-status
590. loginctl show-seat
591. loginctl terminate-user
592. loginctl kill-user
593.  
594.  
595. systemd-logind.service
596. logind.conf
597.  
598.  
599. pgrep ‐l sshd                   ## Find the PIDs of processes by (part of) name
600.  
601. echo $$                         ## The PID of your shell
602. fuser ‐va 22/tcp                ## List processes using port 22 (Linux)
603.  
604. ps aux | grep 'ss[h]'           ## Find all ssh pids without the grep pid
605.  
606. chkconfig --list && chkconfig --del $Service && chkconfig --off $Service
607. service --status-all | grep running... | sort
608. systemctl status
609. systemctl stop $Service && systemctl disable $Service && systemctl mask $Service
610. update-rc.d $Service stop && update-rc.d $Service disable && update-rc.d $Service remove
611.  
612.  
613.  
614. f0or foo in $(strace -e open lsof -i tcp 2>&1 | grep 'denied'| awk '{print $1}' | cut -d "/" -f3); do echo $foo $(cat /proc/$foo/cmdline)|awk '{if($2) print}'; done
615.  
616.  
617.  
618. lsof -p NNNN | awk '{print $9}' | grep '.so'
619.  
620. cat /proc/NNNN/maps | awk '{print $6}' | grep '.so' | sort | uniq
621.  
622.  
623. strace -e trace=open xtrabackup --prepare --target-dir=2014-11-27_06-06-49
624. while true; do lsof +D ./2014-11-27_06-06-49 ; sleep 0.1; done
625.  
626.  
627. echo | openssl s_client -showcerts -servername gnupg.org -connect ec2-54-69-218-94.us-west-2.compute.amazonaws.com:443 2>/dev/null | openssl x509 -inform pem -noout -text | grep \"Subject:\\|DNS:\"
628.  
629. ffmpeg -i in.mkv -c copy -c:s mov_text out.mp4
630. tshark  -i en14 -s0 -l -f \"not port 443 and not src 192.168.1.255 and not src 8.8.8.255 and not tcp\" -Y \"dns\" 2> /dev/null | tee -a /tmp/dns_log.txt | grep --line-buffered -v \"query response\" | awk  -v OFS=' ' '{ print $1,$5,\"[\"$3\"]\",\"-->\",$14}'
631. tshark  -i en14 -s0 -l -f \"not port 443 and not src 192.168.1.1 and not src 8.8.8.8 and not tcp\" -Y \"dns and dns.flags.response == 0\"  2> /dev/null | awk '{print $5,\" ---> \", $14}'
632.  
633. dig @224.0.0.251 -p 5353 -t ptr +short _printer._tcp.local
634.  
635.  
636.  
637. pcat -v $PID                        ## displays the location of each memory region that is being copied
638.  
639. pmap -d 7840                        ## Provide Libraries loaded by a running process with pmap
640. pmap -x $(pgrep java)
641.  
642.  
643.   /6/      \6\
644.  /Y/        \Y\
645. (</_____\>)
646.     |   r-  |           ## readable memory mapping
647.     |   w   |           ## writable memory mapping
648.     |   x   |           ## executable memory mapping
649.     |   s   |           ## shared memory mapping or
650.     |   p   |           ## private mapping.
651. <#--------#>
652.  
653.  
654. ##-================================-##
655. ##    [+] process memory mapped files
656. ##-================================-##
657. ## ------------------------------------------------------------------------------ ##
658. ##     [?] the process’s memory mapped (shared) files
659. ## ------------------------------------------------------------------------------ ##
660. pmap -x 6 | grep "[r-][w-][x-][s][R-]"
661.  
662.  
663. cat /proc/$(pgrep $Process)/status | grep
664.  
665.  
666. pidstat -p $PID                 ## gather resource consumption details for a specific target process
667.  
668.  
669.  
670. pcat -v $PID                        ## displays the location of each memory region that is being copied
671.  
672. pmap -d 7840                        ## Provide Libraries loaded by a running process with pmap
673.  
674.  
675. pidstat -p $PID                 ## gather resource consumption details for a specific target process
676.  
677. sar -n DEV 1
678. sar -n TCP,ETCP 1
679.  
680.  
681. strace -etrace=write -p 1234
682. strace -f -e open bash ./foo.sh
683. strace -e trace=file -f /etc/init.d/your-service-rc-script start 2>&1 | grep 'EACCES'
684.  
685. strace -f -e trace=network ceph ping mon.hv03.lab.test.lan --connect-timeout=30 2>&1 | grep sin_addr
686.  
687.  
688.  
689.  
690.  
691. net.netfilter.nf_conntrack_timestamp
692. echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
693. echo 1 > /proc/sys/net/netfilter/nf_conntrack_acct
694. net.netfilter.nf_conntrack_acct
695.  
696.  
697. modprobe nf_conntrack_ipv4
698. modprobe nf_conntrack_ipv6
699.  
700. iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
701. iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
702.  
703.  
704.  
705.  
706.  
707.  
708. slub_debug=P                    ## Allow allocator validation checking to be enabled
709.  
710. page_poison=1                   ## Wipe higher-level memory allocations when they are freed (needs "page_poison=1"
711.  
712.  
713.  
714.  
715.  
716.  
717.  if [ $(lsof -nPi | grep -i apache | grep -c ":80 (LISTEN)") -ge 1 ]; then
718.     echo '[Success] Apache2 is up and running!'
719.   else
720.  
721.  
722.  
723. ## Delete broken links
724. find /etc/apache2 -type l ! -exec test -e {} ; -print | sudo xargs rm
725.  
726.  
727. alias watchmysql="watch -n 1 mysqladmin --user=$1 --password=$2 processlist"
728.  
729.  
730. ## export all of your databases from the remote server:
731. mysqldump --all-databases > all_databases.txt
732.  
733.  
734. /etc/pure-ftpd/
735. ps aux | grep pure-ftpd
736.  
737.  
738.  
739.  
740.  
741. ## --------------------------- ##
742. ##   [?] follow redirects
743. ##   [?] set user-agent
744. ##   [?] set method - GET
745. ## --------------------------- ##
746. curl -Iks --location -X GET -A "x-agent" $Domain
747.  
748.  
749. ## --------------------------------- ##
750. ##   [?] Use Proxy for connection
751. ## --------------------------------- ##
752. curl -Iks --location -X GET -A "x-agent" --proxy http://127.0.0.1:4444 $Domain
753. curl -Iks --location -X GET -A "x-agent" --proxy socks5://127.0.0.1:9050 $Domain
754. curl -Iks --location -X GET -A "x-agent" --proxy socks5://127.0.0.1:1080 $Domain
755.  
756.  
757. ##-===========================================-##
758. ##   [+] Bulk Download Files By Their URLs
759. ##-===========================================-##
760. ## ------------------------------------------------ ##
761. ##   [?] The URL Links Are Fed To Curl From xarg
762. ## ------------------------------------------------ ##
763. xargs -n 1 curl -O < $File
764.  
765.  
766.  
767.  
768.  
769. ##
770. curl sftp://$URL.com/$File.zip -u $User
771.  
772. ##
773. curl scp://$URL.com/$File.zip -u $User
774.  
775.  
776. ## SFTP (but not SCP) supports getting a file listing
777. ## back when the URL ends with a trailing slash:
778.  
779. curl sftp://$URL.com/ -u $User
780.  
781. curl sftp://$URL.com/~/$File.txt -u $User
782.  
783.  
784. ## Require TLS security for your FTP transfer:
785. curl --ssl-reqd ftp://ftp.$URL.com/$File.txt
786.  
787.  
788. ## Suggest TLS to be used for your FTP transfer:
789. curl --ssl ftp://ftp.$URL.com/$File.txt
790.  
791.  
792.  
793.  
794.  
795.  
796.  
797. ##-================================================-##
798. ##  [+] Upload a file to an FTP server:
799. ##-================================================-##
800. curl -u $FTPUser:$FTPPass -T $Filename ftp://$URL
801.  
802.  
803. ##-================================================-##
804. ##  [+] Upload multiple files to an FTP server:
805. ##-================================================-##
806. curl -u $FTPUser:$FTPPass -T "{$File1,$File2}" ftp://$URL
807.  
808.  
809. ##-================================================-##
810. ##  [+] Upload a file from STDIN to an FTP server:
811. ##-================================================-##
812. curl -u $FTPUser:$FTPPass -T - ftp://$URL/$Path/$Filename
813.  
814.  
815. Anonymous FTP
816.  
817. nmap -sC -sV -p21
818. nmap -sV -n -sS -Pn-vv --open -p21 --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 <targets>
819.  
820.  
821.  
822.  
823.  
824.  
825.  
826. Retrieve current status of the jail service:
827.  
828. fail2ban-client status $Jail
829.  
830. - Remove the specified IP from the jail services ban list:
831.  
832. fail2ban-client set $Jail unbanip $IP
833.  
834. - Verify fail2ban server is alive:
835.  
836. fail2ban-client ping
837.  
838.  
839. ##-=====================================-##
840. ##   [+] check all route table
841. ##       > including non default ones
842. ##-=====================================-##
843. ip route show table all
844.  
845.  
846.  
847.  
848.  
849.  
850.  
851.  
852. ## ---------------------------------------------- ##
853. ##  [+] Testing connection to the remote host
854. ## ---------------------------------------------- ##
855. echo | openssl s_client -connect $Domain:443 -showcerts
856.  
857.  
858. ## ---------------------------------------------------------------- ##
859. ##  [+] Testing connection to the remote host (with SNI support)
860. ## ---------------------------------------------------------------- ##
861. echo | openssl s_client -showcerts -servername $Domain -connect $Domain:443
862.  
863.  
864. ## ----------------------------------------------------------------------- ##
865. ##  [+] Testing connection to the remote host with specific ssl version
866. ## ----------------------------------------------------------------------- ##
867. openssl s_client -tls1_2 -connect $Domain:443
868.  
869.  
870. ## ----------------------------------------------------------------------- ##
871. ##  [+] Testing connection to the remote host with specific ssl cipher
872. ## ----------------------------------------------------------------------- ##
873. openssl s_client -cipher 'AES128-SHA' -connect $Domain:443
874.  
875.  
876.  
877. ##-=============================================-##
878. ##   [+] Connect to SMTP server using STARTTLS
879. ##-=============================================-##
880. openssl s_client -starttls smtp -crlf -connect 127.0.0.1:25
881. openssl s_client -connect smtp.office365.com:587 -starttls smtp
882. gnutls-cli-debug --starttls-proto smtp --port 25 localhost
883.  
884.  
885.  
886. ##-=========================================-##
887. ##   [+]
888. ##-=========================================-##
889. openssl s_client -connect smtp.gmail.com:587 -starttls smtp < /dev/null 2>/dev/null |
890. openssl x509 -fingerprint -noout -in /dev/stdin | cut -d'=' -f2
891.  
892.  
893. ##-=========================================-##
894. ##   [+]
895. ##-=========================================-##
896. openssl s_client -showcerts -starttls smtp -connect smtp_relay:smtp_relay_port < /dev/null 2> /dev/null
897.  
898.  
899. ##-=========================================-##
900. ##   [+]
901. ##-=========================================-##
902. sudo -u postfix openssl s_client -showcerts -starttls smtp -connect smtp.gmail.com:587 < /dev/null 2> /dev/null
903.  
904.  
905. ##-=========================================-##
906. ##   [+]
907. ##-=========================================-##
908. openssl s_client -CApath /etc/ssl/certs -showcerts -starttls smtp -connect smtp_relay:smtp_relay_port < /dev/null 2> /dev/null
909.  
910.  
911. ##-=========================================-##
912. ##   [+] secure POP:
913. ##-=========================================-##
914. openssl s_client -quiet -connect $Domain:995
915. openssl s_client -crlf -connect server.server.net:110 -starttls pop3
916.  
917.  
918. ##-=========================================-##
919. ##   [+] secure IMAP:
920. ##-=========================================-##
921. openssl s_client -quiet -connect $Domain:993
922. openssl s_client -ssl3 -connect imap.gmail.com:993
923. gnutls-cli imap.gmail.com -p 993
924.  
925.  
926.  
927.  
928. openssl s_client -showcerts -connect chat.freenode.net:6697
929.  
930.  
931.  
932.  
933. echo -e | openssl s_client -connect duh.to:5222 -starttls xmpp | openssl x509 -noout -fingerprint -sha256 | tr -d ':'
934.  
935.  
936. openssl x509 -in /etc/pki/xmpp-cert.pem -fingerprint -noout -sha256
937.  
938.  
939.  
940.  
941.  
942. gnutls-cli --crlf --starttls --x509cafile /etc/pki/CA/cacert.pem --port 25 mail.mydomainname.com
943.  
944.  
945.  
946.  
947.  
948.  
949. openssl s_client -host $Host -port 389
950. openssl s_client -host $Host -port 636
951.  
952.  
953. ##-============================================-##
954. ##   [+] Connect to LDAP/LDAPS Using CA File:
955. ##-============================================-##
956. openssl s_client -CAfile /$Dir/$File.pem -host $Host -port 389
957. openssl s_client -CAfile /$Dir/$File.pem -host $Host -port 636
958.  
959. openssl s_client -connect $Host:$Port -starttls LDAP
960.  
961. openssl s_client -connect ldap.$Host:389
962. openssl s_client -connect ldap.$Host:636
963.  
964.  
965. ##-=================================-##
966. ##   [+] Dump LDAP/LDAPS To File:
967. ##-=================================-##
968. tcpdump port 389 -w $File.pcap
969. tcpdump port 636 -w $File.pcap
970.  
971.  
972.  
973.  
974.  
975. openssl s_client -connect smtp.gmail.com:587 -starttls smtp < /dev/null 2>/dev/null |
976.  
977.  
978.  
979. openssl x509 -fingerprint -noout -in /dev/stdin | cut -d'=' -f2
980.  
981.  
982.  
983.  
984. openssl s_client -showcerts -starttls smtp -connect smtp_relay:smtp_relay_port < /dev/null 2> /dev/null
985.  
986.  
987.  
988. sudo -u postfix openssl s_client -showcerts -starttls smtp -connect smtp.gmail.com:587 < /dev/null 2> /dev/null
989.  
990.  
991.  
992. openssl s_client -CApath /etc/ssl/certs -showcerts -starttls smtp -connect smtp_relay:smtp_relay_port < /dev/null 2> /dev/null
993.  
994.  
995.  
996.  
997.  
998. gnutls-cli-debug localhost
999.  
1000.  
1001.  
1002. Show all TCP/UDP/RAW/UNIX sockets:
1003.  
1004. ss -a -t|-u|-w|-x
1005.  
1006. - Filter TCP sockets by states, only/exclude:
1007.  
1008. ss state/exclude bucket/big/connected/synchronized/...
1009.  
1010. - Show all TCP sockets connected to the local HTTPS port (443):
1011.  
1012. ss -t src :443
1013.  
1014. - Show all TCP sockets listening on the local 8080 port:
1015.  
1016. ss -lt src :8080
1017.  
1018. - Show all TCP sockets along with processes connected to a remote ssh port:
1019.  
1020. ss -pt dst :ssh
1021.  
1022. - Show all UDP sockets connected on specific source and destination ports:
1023.  
1024. ss -u 'sport == :source_port and dport == :destination_port'
1025.  
1026. - Show all TCP IPv4 sockets locally connected on the subnet 192.168.0.0/16:
1027.  
1028. ss -4t src 192.168/16
1029.  
1030.  
1031.  
1032.  
1033.  
1034. SNMP
1035. ----
1036. onesixtyone -c /usr/share/doc/onesixtyone/dict.txt
1037. Metasploit Module snmp_enum
1038. snmpcheck -t snmpservice
1039.  
1040.  
1041.  
1042.  
1043. snmpcheck -t $IP -c public
1044.  
1045. snmpenum -t $IP
1046.  
1047.  
1048. ##-============================-##
1049. ##  [+] SNMPv3 Enumeration
1050. ##-============================-##
1051. nmap -sV -p 161 --script=snmp-info $IP/24
1052.  
1053.  
1054. ## ---------------------------------------------------------- ##
1055. ## [+]  Enumerate MIB:
1056. ## ---------------------------------------------------------- ##
1057. ## [•]  1.3.6.1.2.1.25.1.6.0      ## System Processes
1058. ## [•]  1.3.6.1.2.1.25.4.2.1.2        ## Running Programs
1059. ## [•]  1.3.6.1.2.1.25.4.2.1.4        ## Processes Path
1060. ## [•]  1.3.6.1.2.1.25.2.3.1.4        ## Storage Units
1061. ## [•]  1.3.6.1.2.1.25.6.3.1.2        ## Software Name
1062. ## [•]  1.3.6.1.4.1.77.1.2.25     ## User Accounts
1063. ## [•]  1.3.6.1.2.1.6.13.1.3      ## TCP Local Ports
1064.  
1065.  
1066.  
1067. snmpwalk -c public -v1 $IP 1
1068.  
1069. Snmpwalk -c <community string> -v<version> $IP 1.3.6.1.2.1.25.4.2.1.2
1070.  
1071. onesixtyone -c names -i hosts
1072.  
1073. onesixtyone -d $IP
1074.  
1075.  
1076.  
1077. nmap -sU --open -p 161 $1
1078. nmap -n -Pn -sV $IP -p $IP --script=snmp-netstat,snmp-processes -oN $OUTPUT/$IP:$PORT_snmp.nmap
1079. onesixtyone -c public $IP | tee $OUTPUT/161_$IP-$PORT
1080. onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt -dd $1 2>&1 | tee "snmp_onesixtyone_$1.txt"
1081.  
1082.  
1083. snmpwalk -c public -v1 $IP | tee $OUTPUT/snmpwalk_$IP-$PORT
1084. snmpwalk -c public -v1 $IP 1.3.6.1.4.1.77.1.2.25 | tee $OUTPUT/snmp_users_$IP-$PORT
1085. snmpwalk -c public -v1 $IP 1.3.6.1.2.1.6.13.1.3 | tee $OUTPUT/snmp_ports_$IP-$PORT
1086. snmpwalk -c public -v1 $IP 1.3.6.1.2.1.25.4.2.1.2 | tee $OUTPUT/snmp_process_$IP-$PORT
1087. snmpwalk -c public -v1 $IP 1.3.6.1.2.1.25.6.3.1.2 | tee $OUTPUT/snmp_software_$IP-$PORT
1088.  
1089.  
1090. snmpwalk -c public -v 1 $1 2>&1 | tee "snmpwalk.txt"
1091. snmpwalk -c public -v 1 $1 1.3.6.1.2.1.25.1.6.0 2>&1 | tee "snmpwalk_system_processes.txt"
1092. snmpwalk -c public -v 1 $1 1.3.6.1.2.1.25.4.2.1.2 2>&1 | tee "snmpwalk_running_processes.txt"
1093. snmpwalk -c public -v 1 $1 1.3.6.1.2.1.25.4.2.1.4 2>&1 | tee "snmpwalk_process_paths.txt"
1094. snmpwalk -c public -v 1 $1 1.3.6.1.2.1.25.2.3.1.4 2>&1 | tee "snmpwalk_storage_units.txt"
1095. snmpwalk -c public -v 1 $1 1.3.6.1.2.1.25.6.3.1.2 2>&1 | tee "snmpwalk_software_names.txt"
1096. snmpwalk -c public -v 1 $1 1.3.6.1.4.1.77.1.2.25 2>&1 | tee "snmpwalk_user_accounts.txt"
1097. snmpwalk -c public -v 1 $1 1.3.6.1.2.1.6.13.1.3 2>&1 | tee "snmpwalk_tcp_ports.txt"
1098.  
1099.  
1100.  
1101.  
1102.  
1103. ##-===========================================================-##
1104. ##  [+] SnmpWalk - start browsing through the
1105. ##                 MIB (management information base) tree.
1106. ##-===========================================================-##
1107. snmpwalk -c public -v1 $IP
1108.  
1109.  
1110. ##-======================================================================-##
1111. ##  [+] extract only system users use this value 1.3.6.1.4.1.77.1.2.25,
1112. ##-======================================================================-##
1113. snmpwalk -c public -v1 $IP <MIB value>
1114.  
1115. snmpwalk public -v1 $IP 1 |grep 77.1.2.25 |cut -d” “ -f4
1116.  
1117.  
1118. ## --------------------------------- ##
1119. ##  [+] Enumerating Windows Users:
1120. ## --------------------------------- ##
1121. snmpwalk -c public -v1 $IP 1.3 |grep 77.1.2.25 |cut -d" " -f4
1122.  
1123.  
1124. ## ------------------------------------- ##
1125. ##  [+] Enumerating Running Services
1126. ## ------------------------------------- ##
1127. snmpwalk -c public -v1 $IP 1 |grep hrSWRunName|cut -d" " -f4
1128.  
1129.  
1130. ## -------------------------------------- ##
1131. ##  [+] Enumerating installed software
1132. ## -------------------------------------- ##
1133. snmpwalk -c public -v1 $IP 1 |grep hrSWInstalledName
1134.  
1135.  
1136. ## ----------------------------------- ##
1137. ##  [+] Enumerating open TCP ports
1138. ## ----------------------------------- ##
1139. snmpwalk -c public -v1 $IP 1 |grep tcpConnState |cut -d"." -f6 |sort -nu
1140.  
1141.  
1142.  
1143. snmpbulkwalk -v 2 -c public IP
1144.  
1145.  
1146.  
1147. snmpget -v 1 -c public IP version
1148.  
1149.  
1150.  
1151. ##-=======================================-##
1152. ##  [+] Capture SNMP Query and Response
1153. ##-=======================================-##
1154. tcpdump -n -s0  port 161 and udp
1155.  
1156.  
1157.  
1158. ##-===========================================-##
1159. ##   [+]
1160. ##-===========================================-##
1161. tcpdump -w $File.pcap tcp port ftp or ftp-data and host $Domain
1162.  
1163.  
1164.