Methodology

• Run NMAP default script on all ports. (nmap -sC -sV --min-rate 100 IP -oN output.txt* /opt/nmapautomator FULL, UDP, VULN

• Find service and versions* Find known service bugs* Find config issues* Find vulnerabilities using Searchsploit every service/app available* Enumerate each service closely. Look at the header using nc/telnet.* Default credentials (admin:admin, admin:secret, admin:pass etc...)

• Nitko scan* Feroxbuster/gobuster (Remember -f switch! Remember to try different wordlist)* BurpSuite and look at the response.(Headers, URLs, Response, BurpPro to bruteforce)* Manually look at each sites request and response.* Find software versions* FUZZ every parameter

gtfobins

Inspo:

https://guif.re/networkpentest#General%20methodology