Full Moon

Ethical Hacking Cheat Sheet

Using some of these tools on systems that you do not own and do not have permission to investigate is illegal, so be careful, particularly with the ones marked in red. They should only be used in the context of penetration testing.


Useful Linux Commands / Packages

ping <ip or hostname> - to check if a host is up.

host <ip or hostname> - DNS lookup utility to convert hostnames into IP addresses and vice versa.

nslookup <ip or hostname> - query name servers for information about hosts and domains. Use with no argument for interactive mode.

whois <ip or hostname> - retrieve registry information about a domain.

nmap <ip or hostname> - network mapper, network exploration. Discover hosts on a network, their open ports and services running on them.

  • -sV: to retrieve service versions
  • -T<number 0-5>: to set the speed of the scan. 0 - slow, harder to detect. 5 - fast, easy to detect.

nikto - scans a host for common weaknesses.

  • -host <ip or hostname>: to specify the host.

wpscan - wordpress scan. Scans a host's wordpress installation for known weaknesses, abnormalities and installed modules.

  • --URL <URL of WP installation>: to specify the URL.


back