| Service | Tools | Note | | | -------------------------------- | ------------------------------ | ------------------------------- | --- | | [[FTP 21]] | | | | | [[SSH 22]] | | | | | [[SMTP 25]] | [[netcat]] | | | | | [[telnet]] | | | | | [[swaks]] | | | | | [[Test-NetConnection]] | SMTP info in Windows | | | [[DNS 53]] | [[dig]] | | | | | [[dnsenum]] | | | | | nslookup | | | | [[HTTP HTTPS 80 443]] | [[nmap]] | `http-enum` | | | | robots.txt / sitemap.xml | | | | | Wappalyzer | Technology Stack Identification | | | | [[gobuster]] | Directory brute force | | | | [[ffuf]] | | | | | [[feroxbuster]] | | | | | [[curl]] | | | | | [[nikto]] | | | | | [[git-dumper]] | `.git` | | | | [[whatweb]] | | | | | [[webdav]] | [[cadaver]]<br>[[wsgidav]] | | | [[NFS 111 2049]] | | | | | [[RPC 135]] | [[rpcclient]] | | | | [[SMB 139 445]] | `smb-enum-users` | | | | | nbtscan | NetBIOS | | | | [[nmap]] | | | | | [[net view]] | SMB enum in Windows | | | | [[smbclient]] | SMB interaction | | | | [[enum4linux-ng]] | SMB enum in Linux | | | | [[samrdump.py]] | RPC RID brute forcing | | | | [[smbmap]] | | | | [[IMAP 143 993]] | | | | | [[POP3 110 995]] | | | | | [[SNMP 161 162 UDP]] | [[onesixtyone]] | brute force community strings | | | | [[snmp-check]] | | | | | [[snmpwalk]] | | | | | [[braa]] | | | | [[LDAP LDAPS 389 636 3268 3269]] | [[ldapsearch]] | | | | [[Rsync 873]] | | | | | [[MSSQL1433]] | [[mssqlclient.py]]<br>[[sqsh]] | | | | [[Oracle 1521]] | | | | | [[MySQL 3306]] | | | | | [[RDP 3389]] | | | | | [[Postgres 5432 5433 5437]] | [[psql]] | | | | Redis 6379 | [[redis-cli]] | | |