Crimson — AppSec firearm IV

Guidelines for the crimson_IPcon module usage.

Source: https://creator.nightcafe.studio/creation/iLmHqmEJDDXTw6eu9ZVK

INTRODUCTION

This article will describe how to use the crimson_IPcon most optimally.
The module is used for reconnaissance and vulnerability scanning using IP.

It is good to start the module before the Nessus. It is much quicker and free.

Source: Own study — crimson_IPcon help message.

CRIMSON IPCON GUIDELINES

Issue a single IP address(-i) or the file with the IP addresses(-l) to start.

#EXAMPLE FILE WITH IP ADDRESSES FOR -l FLAG
10.10.10.10
10.10.10.11
10.10.10.12

Source: Own study — starting the crimson_IPcon using single IP addresses with additional flags.

• -t flag stands for TCP scanning (1–65535).

First Rustscan is checking which ports are opened, and then output is piped to the Nmap which does the banner grabbing.

• -u flag stands for UPD scanning (only top 1000 ports).

Nmap with banner grabbing.

• -p flag stands for ICMP sweep.

It is useful if you got big range of IP addresses and want to check quickly which are alive. However, the scanning is performed even if the host does not respond to the ICMP packets (is considered not alive).

• -k flag stands for Kerberos User enumeration if there is Kerberos.

You can use your wordlist with the usernames inside the ‘’ .
By default module uses /words/windows/kerberos_usernames.txt wordlist.

• -v flag stands for vulnerability scanning.

Nuclei template scan against IP addresses and discovered HTTP services, Nmap NSE scripts, ssh-audit and mailspoof checks.

• -b flag stands for brute-forcing the discovered services.

Brutespray with the default wordlist, and erbrute if there is Kerberos available.

WORKFLOW EXPLANATION