Publicly accessible notes about my pentesting/red teaming experiments tested on several controlled environments/infrastructures that involve playing with various tools and techniques used by penetration testers and redteamers during a security assessment.


We welcome contributions as github pull requests.
Kudos and thanks for the people who did the hard stuff


  • Pentest/red team cheatsheet that collects snippets of codes and commands to help pentester during an engagement(saving time/fast search for a specific command).
  • Understand how the attacks can be performed
  • take notes for future reference

Mapping the Network

Gather information about the Domain name and windows machine running in the network

bash$ cd /usr/share/Responder/tools
bash$ sudo python -i


bash$ responder-RunFinger


Scanning IP networks for NetBIOS name information.

bash$ sudo nbtscan -v -s :

Crackmapexec v 4.0

Scan the network range based on the SMB information

bash$ cme smb

Nmap scan

Scan all the machine network and save the outputs .

  • -oA options : Means output with all format
  • -T4 : Fast scan

Fast Scan

bash$ nmap -p 1-65535 -sV -sS -T4 -oA output target_IP  

Intensive Scan (Note recommended):

bash$ nmap -p 1-65535 -Pn -A -oA output target_IP 

Scan with enumeration of the running services version :

  • -sC : default scripts Equivalent to –script=default
  • -sV : Get the service version
bash$ nmap -sC -sV -oA output target

Published by Tamil S

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.

Leave a comment

Your email address will not be published. Required fields are marked *