sudo nano /etc/hosts
10.129.10.10 inlanefreight.local
sudo nmap --open -oA inlanefreight_tcp_1k -iL scope
sudo nmap --open -p- -A -oA inlanefreight_all_svc -iL scope
egrep -v "^#|Status: Up" inlanefreight_all_svc.gnmap | cut -d ' ' -f4- | tr ',' '\n' | \
sed -e 's/^[ \t]*//' | awk -F '/' '{print $7}' | grep -v "^$" | sort | uniq -c \
| sort -k 1 -nr
2 Dovecot pop3d
2 Dovecot imapd (Ubuntu)
2 Apache httpd 2.4.41 ((Ubuntu))
1 vsftpd 3.0.3
1 Postfix smtpd
1 OpenSSH 8.2p1 Ubuntu 4ubuntu0.5 (Ubuntu Linux; protocol 2.0)
1 2-4 (RPC #100000)
sudo nmap -v -sS -T5 -Pn 10.129.48.123
sudo nmap -v -sV -Pn 10.129.48.123
dig axfr inlanefreight.local @10.129.10.10
dnsenum --enum inlanefreight.local -f /usr/share/seclists/Discovery/DNS/subdomains-top1million-20000.txt
subfinder -d inlanefreight.local
afsh4ck@kali$ git clone https://github.com/TheRook/subbrute.git >> /dev/null 2>&1
afsh4ck@kali$ cd subbrute
afsh4ck@kali$ echo "ns1.inlanefreight.local" > resolvers.txt
afsh4ck@kali$ subbrute inlanefreight.local -s names.txt -r resolvers.txt
curl -s -I http://10.129.10.10 -H "HOST: defnotvalid.inlanefreight.local" | grep "Content-Length:"
Content-Length: 15157
ffuf -w /usr/share/seclists/Discovery/DNS/namelist.txt:FUZZ -u http://10.129.10.10/ -H 'Host:FUZZ.inlanefreight.local' -fs 15157
eyewitness -f ilfreight_subdomains -d ILFREIGHT_subdomain_EyeWitness
