This is a basic note for Red Teamers, Pentesters, Offsec Enthusiast, CTF Players etc
For Activity Directory notes check Active Directory.
You can use my script Hackify to install tools and wordlist on your linux system.
naabu -p - -host <target>rustscan -a <target>rustscan --udp -a <target>nnmap -Pn -T5 -A -sS -sU -p- -oN nmapfull.txt -oX nmapfull.xml <target>nmap --script vuln -Pn -p- -T5 -A -oN nmapvuln.txt <target>nmap -p 53,88,135,139,389,445,464,593,636,3268,3269,3389,5985,9389,49152-65535 --script smb-enum-shares,smb-enum-users,ldap-rootdse,ldap-search,krb5-enum-users,smb-os-discovery,smb-vuln-ms17-010,smb-enum-domains,smb-enum-sessions,smb-enum-processes,smb2-security-mode,smb2-capabilities,smb-system-info,msrpc-enum,smb-brute,rdp-enum-encryption,rdp-vuln-ms12-020,rdp-ntlm-info,ssl-cert,ssl-enum-ciphers,smb-protocols,ms-sql-info,smb-vuln-regsvc-dos -oN nmapAD.txt <target> dig axfr @<ip_address> target.tldWordlist generator
cewl http://domain.tld/ | grep -v CeWL > custom-wordlist.txt
gobuster vhost -u http://monitorsthree.htb --append-domain -w /opt/wordlists/SecLists/Discovery/DNS/namelist.txt -rffuf -w /opt/wordlists/SecLists/Discovery/DNS/dns-Jhaddix.txt:FUZZ -fw 18 -mc all -ac -u http://domain.tld -H 'Host: FUZZ.domain.tld' [For vpn file and ctf]ffuf -w /opt/wordlists/SecLists/Discovery/DNS/dns-Jhaddix.txt:FUZZ -fw 18 -mc all -ac -u http://FUZZ.domain.tld [For Real World]subauto domain.tld [Very useful for real world subdomain enumeration.]BruteForce: ssh, kerbrute or any other service using hydra, medusa or any specific tool like kerbrute etc.
Check outdated or vulnerable version for any service or software using exploitdb and google