Secondary Categories: 02-Information Gathering
Ping Sweep
# Perform a ping sweep with Nmap
nmap -sn $subnet/24 -oA PingSweepHosts
TCP Scanning
# Exclude hosts from scans with Nmap by specifying IPs
nmap -sV -F --exclude 127.0.0.2,127.0.0.4 127.0.0.1/24
# Scan for services and utilize nmap's built-in scripts using a file containing the targets
nmap -sV -sC -iL targets.txt -oA adv-scan
ARP Scanning
ARP is a protocol used to resolve a MAC address for the NIC that has been configured with an IP Address. ARP request are sent in cleartext, meaning that anyone on the broadcast domain can observe and record them.
# Active scanning
arp-scan -I eth0 $subnet
# Passive reconaissance
netdiscover -i eth0 -r $subnet -p
Resources:
Title | URL |
---|---|
Eyewitness | https://github.com/FortyNorthSecurity/EyeWitness |
GoWitness | https://github.com/sensepost/gowitness |
Also Check Out:
- PLACEHOLDER