Enumeration

Users

Privileges

sudo -l

Computers

System info

uname -a
hostname

Ports & Hosts

Check specific information of a port

lsof -i:4433

Discover internal hosts

#!/bin/bash

for last_octet in $(seq 1 254); do
        IP="172.18.100.$last_octet"
        timeout 1 ping -c 1 "$IP" >/dev/null && echo "IP Activa: $IP" &
done; wait

Discover internal ports related to host

#!/bin/bash

IP="172.18.100.21"

for port in $(seq 1 65535); do
        (timeout 1 bash -c "</dev/tcp/$IP/$port") >/dev/null 2>&1 && echo "Puerto Abierto: $IP:$port" &
done; wait