Secondary Categories: 02-Information Gathering

Ping Sweep

# Perform a ping sweep with Nmap
nmap -sn $subnet/24 -oA PingSweepHosts

TCP Scanning

# Exclude hosts from scans with Nmap by specifying IPs
nmap -sV -F --exclude 127.0.0.2,127.0.0.4 127.0.0.1/24
 
# Scan for services and utilize nmap's built-in scripts using a file containing the targets
nmap -sV -sC -iL targets.txt -oA adv-scan

ARP Scanning

ARP is a protocol used to resolve a MAC address for the NIC that has been configured with an IP Address. ARP request are sent in cleartext, meaning that anyone on the broadcast domain can observe and record them.

# Active scanning
arp-scan -I eth0 $subnet
 
# Passive reconaissance 
netdiscover -i eth0 -r $subnet -p

Resources:

Also Check Out:

  • PLACEHOLDER