Given IP target: [LAB_IP]

Recon

rustscan -a [LAB_IP] PORT STATE SERVICE REASON 22/tcp open ssh syn-ack 8000/tcp open http-alt syn-ack

Making rustscan more efficient sudo docker run -it --rm --name rustscan rustscan/rustscan:2.1.1 -a [LAB_IP]

alias rustscan='sudo docker run -it --rm --name rustscan rustscan/rustscan:2.1.1 -a'

nmap -p22,8000 -T5 -sC -sV -oN services.txt [LAB_IP] PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 b9:bc:8f:01:3f:85:5d:f9:5c:d9:fb:b6:15:a0:1e:74 (ECDSA) |_ 256 53:d9:7f:3d:22:8a:fd:57:98:fe:6b:1a:4c:ac:79:67 (ED25519) 8000/tcp open http-alt WSGIServer/0.2 CPython/3.10.6 |_http-cors: GET POST PUT DELETE OPTIONS PATCH |_http-server-header: WSGIServer/0.2 CPython/3.10.6 |_http-title: Gerapy | fingerprint-strings: | FourOhFourRequest: | HTTP/1.1 404 Not Found | Date: Wed, 01 Nov 2023 07:05:06 GMT | Server: WSGIServer/0.2 CPython/3.10.6 | Content-Type: text/html | Content-Length: 9979 | Vary: Origin