Skip to content

CodingChatRoom/Advance-Reconnaissance-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
README.md
README.md
Β 
Β 

Repository files navigation

DarkWolf Pentesting Toolkit πŸ›‘οΈ

πŸ” Advanced Network Reconnaissance & Vulnerability Scanning with Nmap
Made with πŸ’» Kali Linux | πŸ”¨ Real Pentesting Labs | βš”οΈ Ethical Hacking Only | Created by: Muhammad Saqlain Shoukat (Dark Wolf) | YouTube: @CodingChatRoom

Nmap License Status

πŸ“ Table of Contents

πŸ“– About

DarkWolf Pentesting Toolkit is a practical and powerful set of Nmap-based penetration testing commands curated for real-world network exploitation scenarios. It focuses on reconnaissance, service enumeration, brute-force, and vulnerability scanning β€” all using industry-standard methodologies.

βš™οΈ Requirements

  • βœ… Kali Linux 2023.1+
  • βœ… Nmap 7.90+
  • βœ… Wordlists (rockyou.txt, usernames.txt)
  • πŸ” Permission to scan target network

πŸš€ Commands & Explanations

1. 🎯 Host Discovery

nmap -sn 192.168.1.0/24
  • Purpose: Ping sweep to discover active hosts.
  • Use Case: Initial phase of reconnaissance to map out the subnet.

2. πŸ“‘ Port Scanning

nmap 192.168.1.10
  • Purpose: Default scan for 1000 most common TCP ports.
  • Tip: Fast and lightweight.
nmap -p- 192.168.1.10
  • Purpose: Scan all 65535 TCP ports.
  • Use Case: Catch hidden services running on non-standard ports.
nmap -sS 192.168.1.10
  • Purpose: TCP SYN scan (stealth scan).
  • Why: Less noisy than full TCP connections (ideal for evading detection).

3. 🧠 Version & OS Detection

nmap -sV 192.168.1.10
  • Purpose: Detect versions of running services.
nmap -A 192.168.1.10
  • Purpose: Aggressive scan with OS detection, version detection, script scanning, and traceroute.
  • Warning: Very loud β€” easily detected by firewalls and IDS.
nmap -Pn 192.168.1.10
  • Purpose: Treat all hosts as up β€” skip ICMP discovery (for hosts behind firewalls blocking ping).

4. πŸ” Brute Force (SSH)

nmap -p 22 --script ssh-brute \
--script-args userdb=/usr/share/wordlists/usernames.txt,passdb=/usr/share/wordlists/rockyou.txt \
192.168.1.10
  • Purpose: Brute force SSH login using Nmap NSE script.
  • Wordlists Used: rockyou.txt for passwords, custom usernames list.
  • Note: Effective for weak credential attacks.

5. πŸ›‘οΈ Vulnerability Scanning

nmap --script vuln 192.168.1.10
  • Purpose: Run a collection of Nmap vulnerability detection scripts.
  • Use Case: Find known CVEs, misconfigurations, and vulnerable software.
nmap -sS -sV -A -T4 -p- 192.168.1.10
  • Ultimate Command: Full stealth scan with version detection, aggressive scan, speed boost, and full port range.
  • Flags Explained:
    • -sS: Stealth SYN scan
    • -sV: Version detection
    • -A: Aggressive mode
    • -T4: Faster execution
    • -p-: All ports

🧠 Real World Usage

These commands are frequently used in penetration testing engagements for:

  • βœ… Asset discovery and mapping internal networks
  • βœ… Identifying vulnerable services and open ports
  • βœ… Brute forcing weak SSH credentials
  • βœ… Initial attack surface enumeration

πŸ”“ Common Ports & Their Vulnerabilities

Port Service Version Example Vulnerability/CVE How Hackers Exploit It
21 FTP vsftpd 2.3.4 CVE-2011-2523 (Backdoor Shell) Attackers exploit this version's hidden backdoor by sending a crafted smiley :) in the username to get root shell.
22 SSH OpenSSH < 7.4 CVE-2018-15473 (Username Enumeration) Hackers enumerate valid users before brute forcing, saving time and avoiding detection.
23 Telnet Any Unencrypted Protocol Credentials can be sniffed in plaintext using Wireshark or MITM attacks.
25 SMTP Exim < 4.91 CVE-2019-10149 (RCE) Attackers send crafted email headers to execute code remotely and escalate privilege.
53 DNS BIND 9.x CVE-2015-5477 (DoS) Used to crash DNS servers with malformed packets, often in DDoS chains.
80 HTTP Apache 2.4.49 CVE-2021-41773 (Path Traversal RCE) Hackers exploit improper URL sanitization to access sensitive files like /etc/passwd or execute code.
110 POP3 Dovecot 2.2.x CVE-2017-14461 (Auth Bypass) Hackers gain unauthorized access by bypassing authentication mechanisms.
139 NetBIOS Windows SMB CVE-1999-0519 (Null Session) Allows attackers to enumerate users and shares without login.
445 SMB Windows 7/XP CVE-2017-0144 (EternalBlue) Used in WannaCry ransomware; allows remote code execution via SMBv1.
3306 MySQL MySQL < 5.7 CVE-2016-6662 (Config File Injection) Remote attackers write to my.cnf to inject malicious code.
3389 RDP Windows RDP CVE-2019-0708 (BlueKeep) Exploits RDP to execute code without credentials β€” leads to wormable attacks.
5432 Postgres PostgreSQL < 9.3 CVE-2013-1899 (DoS/Code Exec) Attackers can modify data, escalate privileges, or crash the service.
8080 HTTP Apache Tomcat < 9.0.30 CVE-2020-1938 (Ghostcat) Exploits AJP protocol to access sensitive files or run code remotely.

πŸ” Note: Always check for real-time CVE updates at https://cve.mitre.org

⚠️ Legal Notice

This toolkit is strictly for educational and authorized penetration testing only.
You must have explicit permission to scan any target.
Misuse of these tools can result in legal consequences.

πŸ‘¨β€πŸ’» Author

Muhammad Saqlain Shoukat (Dark Wolf)
🐺 YouTube: @CodingChatRoom
πŸ’» Platform: Kali Linux

πŸ“œ License

This project is licensed under the MIT License.

Visitors

Visitors

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

4 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published