Publicly accessible notes about my pentesting/red teaming experiments tested on several controlled environments/infrastructures that involve playing with various tools and techniques used by penetration testers and redteamers during a security assessment.


We welcome contributions as github pull requests.
Kudos and thanks for the people who did the hard stuff


  • Pentest/red team cheatsheet that collects snippets of codes and commands to help pentester during an engagement(saving time/fast search for a specific command).
  • Understand how the attacks can be performed
  • take notes for future reference

Mapping the Network

Gather information about the Domain name and windows machine running in the network

bash$ cd /usr/share/Responder/tools
bash$ sudo python -i


bash$ responder-RunFinger


Scanning IP networks for NetBIOS name information.

bash$ sudo nbtscan -v -s :

Crackmapexec v 4.0

Scan the network range based on the SMB information

bash$ cme smb

Nmap scan

Scan all the machine network and save the outputs .

  • -oA options : Means output with all format
  • -T4 : Fast scan

Fast Scan

bash$ nmap -p 1-65535 -sV -sS -T4 -oA output target_IP  

Intensive Scan (Note recommended):

bash$ nmap -p 1-65535 -Pn -A -oA output target_IP 

Scan with enumeration of the running services version :

  • -sC : default scripts Equivalent to –script=default
  • -sV : Get the service version
bash$ nmap -sC -sV -oA output target