View Categories

Enumerasi Port & Service

1 min read

# Enumerasi Port & Service

Enumerasi port & service adalah proses untuk mengidentifikasi port terbuka, layanan yang berjalan, dan potensi kerentanan berdasarkan informasi layanan tersebut. Tahap ini penting untuk memahami attack surface sebelum melakukan eksploitasi.

## 1. Tujuan Enumerasi Port & Service

– menemukan port terbuka,
– mengidentifikasi service dan versinya,
– mengaitkan versi service dengan CVE/CWE,
– menemukan konfigurasi tidak aman,
– menyiapkan langkah eksploitasi.

## 2. Apa yang Dicari dalam Enumerasi?

– port terbuka yang tidak seharusnya terbuka,
– layanan lama atau rentan,
– database exposed,
– weak SSH/FTP configuration,
– admin panels,
– API endpoints.

## 3. Tools yang Digunakan

– Nmap
– Netcat / Telnet
– Curl
– Gobuster / FFUF
– Searchsploit
– WhatWeb

## 4. Risiko Umum yang Ditemukan

– Database tanpa autentikasi (MongoDB, Redis).
– SMB vulnerable (MS17-010).
– FTP anonymous login.
– Web server outdated.
– SSH weak cipher / old version.
– Exposed management ports (8000/8080/10000).
– Misconfigured API endpoints.

## 5. Satu Blok Code Berisi Semua Perintah (Siap Copy-Paste)

Berikut **seluruh perintah penting** enumerasi port & service dalam **1 blok code saja**:

“`bash
# ================================
# FULL PORT SCAN (1–65535)
# ================================
nmap -p- -T4 target.com

# ================================
# FAST / TOP 1000 PORT SCAN
# ================================
nmap -sS -T4 target.com

# ================================
# SERVICE & VERSION ENUMERATION
# ================================
nmap -sV -sC target.com

# ================================
# VULNERABILITY SCAN (NSE)
# ================================
nmap –script=vuln target.com

# ================================
# BANNER GRABBING
# ================================
curl -I http://target.com
nc target.com 22
telnet target.com 25

# ================================
# DIRECTORY ENUMERATION
# ================================
gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt
ffuf -u http://target.com/FUZZ -w wordlist.txt

# ================================
# SMB ENUMERATION
# ================================
nmap –script=smb-vuln* -p445 target.com

# ================================
# FTP ENUMERATION
# ================================
nmap -p21 –script=ftp-anon target.com

# ================================
# WEB TECH FINGERPRINTING
# ================================
whatweb target.com

# ================================
# VULNERABILITY LOOKUP
# ================================
searchsploit apache 2.4
searchsploit ssh 7.2

# ================================
# WORKFLOW REKOMENDASI (FULL)
# ================================
nmap -p- -T4 target.com -oN fullscan.txt
nmap -sV -sC -p <found_ports> target.com -oN service_enum.txt
nmap –script=vuln target.com -oN vulnscan.txt
curl -I http://target.com
nc target.com 22
gobuster dir -u http://target.com -w common.txt

What are your Feelings

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *