LinkedIn

My scanning methodology

Pentest Preparation Steps

1. Initialize Metasploit

  • Start the Metasploit database: Ensure the database is running.

  • Check database status: Use the command db_status to verify connectivity.

2. Prepare Target and Exclusion Lists

  • Create a Target File: List all targeted IPs in a file (e.g., target.txt).

  • Create an Exclusion File: Specify any IPs to exclude in a separate file (e.g., exclude.txt).

3. Conduct Network Scans

  • Scan for Live Hosts:

    db_nmap -sP -iL target.txt --excludefile exclude.txt

  • Service Detection and Script Scanning:

    db_nmap -sS -sV -sC -T4 -iL target2.txt

  • Use Additional Vulnerability Scripts:

    db_nmap -Pn -sS -sV -sC -T4 -A --script=vuln* -iL target2.txt

4. Identify and Document Live Hosts

  • Create a Documentation File: Record the live hosts identified during the scan in a separate file (e.g., live_hosts.txt).

PreviousVulnerability researchNextHackTheBox Meetup - LFI2RCE

Last updated