Blog

Field notes from a hosted scanning team.

Practical guides, scanner cheat sheets, and security playbooks for Nmap, Nuclei, OWASP ZAP, and the open-source security stack we run.

2026-05-27
Nmap Cheat Sheet: The Commands You'll Actually Use
A working Nmap cheat sheet for port scanning, service detection, NSE scripts, and timing — only commands worth memorising.
2026-05-26
Nmap Tutorial: Install and Your First Scan
A beginner-to-intermediate Nmap tutorial covering install, scan types, NSE scripts, and how to read the output without guessing.
2026-05-25
Nuclei Templates: A Practical Guide
How Nuclei templates work, how to read them, how to write your own, and how to keep the community feed current.
2026-05-24
OWASP ZAP Active vs Passive Scan: When to Use Each
What ZAP's active and passive scanners actually do, the issues each detects, and which one belongs in which phase of an engagement.
2026-05-23
Wireshark Cheat Sheet: Display Filters
A working Wireshark cheat sheet — display filters, capture filters, and the keyboard shortcuts you'll use most when debugging real traffic.
2026-05-22
Tcpdump Examples: A Practical Reference
Working tcpdump examples for capturing, filtering, and writing pcaps — the commands you'll reach for during real incident response.
2026-05-21
SSH Tunnel Examples: Local, Remote, Dynamic
Practical SSH tunneling examples — local forwarding, remote forwarding, dynamic SOCKS proxies, and the syntax that makes sense the third time.
2026-05-20
SQLmap Tutorial: From Detection to Dumping
A working SQLmap tutorial for confirming and exploiting SQL injection — the flags, the workflow, and the common pitfalls.
2026-05-19
Gobuster Tutorial: Directory & DNS Enumeration
A practical Gobuster tutorial — directory brute-forcing, DNS subdomain enumeration, vhost discovery, and wordlist choice that matters.
2026-05-18
Nikto Tutorial: Web Server Scanning in Practice
A practical Nikto tutorial — what it actually detects, useful flags, tuning the noise, and when to reach for it versus a modern DAST tool.
2026-05-17
Recon-NG Tutorial: OSINT Recon as a Framework
A working Recon-NG tutorial — workspaces, modules, API keys, and the workflow that turns it from confusing to useful.
2026-05-16
Best Open-Source Vulnerability Scanners (2026)
An honest comparison of the top open-source vulnerability scanners — what each is good at, where each falls short, and how to combine them.
2026-05-15
Vulnerability Management SLAs: A Practitioner Guide
Setting realistic vulnerability management SLAs — by severity, by asset criticality, and how to actually meet them in a real organisation.
2026-05-14
OpenVAS / Greenbone Tutorial: Install and Scan
A practical OpenVAS (Greenbone Community Edition) tutorial — Docker install, feed sync, configuring a scan, and reading the output.
2026-05-13
Nmap vs Nuclei vs OWASP ZAP: When to Use Each
Three open-source scanners, three different jobs. A clear comparison of when each tool is the right answer — and when to use them together.

Nmap Cheat Sheet: The Commands You'll Actually Use

Nmap Tutorial: Install and Your First Scan

Nuclei Templates: A Practical Guide

OWASP ZAP Active vs Passive Scan: When to Use Each

Wireshark Cheat Sheet: Display Filters

Tcpdump Examples: A Practical Reference

SSH Tunnel Examples: Local, Remote, Dynamic

SQLmap Tutorial: From Detection to Dumping

Gobuster Tutorial: Directory & DNS Enumeration

Nikto Tutorial: Web Server Scanning in Practice

Recon-NG Tutorial: OSINT Recon as a Framework

Best Open-Source Vulnerability Scanners (2026)

Vulnerability Management SLAs: A Practitioner Guide

OpenVAS / Greenbone Tutorial: Install and Scan

Nmap vs Nuclei vs OWASP ZAP: When to Use Each