# Reconnaissance

## naabu

From here <https://github.com/projectdiscovery/naabu>

```bash
naabu -host 10.10.10.10
```

## nmap

```bash
nmap 10.10.10.10
nmap -p- 10.10.10.10
nmap -p 22,80,5000 10.10.10.10
nmap -p- --open 10.10.10.10
nmap -p- --open -v 10.10.10.10 -Pn -sS -oA nmap-output 
```

## masscan

From here <https://github.com/robertdavidgraham/masscan>

```bash
masscan 10.10.10.10
masscan 10.10.10.10 -p0-65535
masscan 10.10.10.10 -p22,80,8000-8100
masscan 10.10.10.0/24 -p0-65535
masscan 10.10.10.10 -p0-65535 -oA scan
masscan 10.10.10.10 -p0-65535 --max-rate 100000
```

## Using /dev/tcp/ip/port

```bash
#!/bin/bash

IP="10.10.10.10"

for port in $(seq 1 65535); do
        (timeout 1 bash -c "</dev/tcp/$IP/$port") >/dev/null 2>&1 && echo "Puerto Abierto: $IP:$port" &
done; wait
```

```bash
port=80
timeout 1 bash -c "echo >/dev/tcp/10.10.10.10/$port" && echo "port $port is open" || echo "port $port is closed"
```

## Tools

{% embed url="<https://github.com/six2dez/reconftw>" %}