Network Scanning

Skill Level: Beginner to Intermediate Prerequisites: Basic networking, TCP/IP

IP resolution

# https://github.com/Josue87/resolveDomains
resolveDomains -d subdomains.txt

# Expected output:
# subdomain1.target.com -> 192.168.1.10
# subdomain2.target.com -> 192.168.1.11

Netdiscover

netdiscover -i eth0
netdiscover -r 10.11.1.1/24

# Expected output:
# _____________________________________________________________________________
#   IP            At MAC Address     Count     Len  MAC Vendor / Hostname      
# -----------------------------------------------------------------------------
# 10.11.1.1       00:50:56:aa:bb:cc      1      60  VMware, Inc.
# 10.11.1.5       00:0c:29:dd:ee:ff      1      60  VMware, Inc.

Nmap

# Host discovery (ping sweep)
nmap -sn 10.11.1.1/24
nmap -sn 10.11.1.1-253
nmap -sn 10.11.1.*

# Expected output:
# Nmap scan report for 10.11.1.5
# Host is up (0.00052s latency).
# Nmap scan report for 10.11.1.10
# Host is up (0.00031s latency).
# Nmap done: 256 IP addresses (15 hosts up) scanned in 2.43 seconds

NetBios

nbtscan -r 10.11.1.1/24

# Expected output:
# IP address       NetBIOS Name     Server    User             MAC address      
# ------------------------------------------------------------------------------
# 10.11.1.5        WORKSTATION1     <server>  <unknown>        00:0c:29:aa:bb:cc
# 10.11.1.10       DC01             <server>  <unknown>        00:0c:29:dd:ee:ff

Ping Sweep - Bash

for i in {1..254} ;do (ping -c 1 172.21.10.$i | grep "bytes from" &) ;done

# Expected output:
# 64 bytes from 172.21.10.1: icmp_seq=1 ttl=64 time=0.5 ms
# 64 bytes from 172.21.10.5: icmp_seq=1 ttl=64 time=1.2 ms

Ping Sweep - Windows

for /L %i in (1,1,255) do @ping -n 1 -w 200 172.21.10.%i > nul && echo 192.168.1.%i is up.

# Expected output:
# 192.168.1.1 is up.
# 192.168.1.5 is up.

PreviousWebs recon NextHost Scanning

Last updated 8 days ago

Was this helpful?

hashtagIP resolution

hashtagNetdiscover

hashtagNmap

hashtagNetBios

hashtagPing Sweep - Bash

hashtagPing Sweep - Windows

IP resolution

Netdiscover

Nmap

NetBios

Ping Sweep - Bash

Ping Sweep - Windows