Host Discovery
Nmap
List Scan
Syntax: sudo nmap -sL [Network/CIDR]
sudo nmap -sL 172.16.1.0/24Ping Scan / ICMP Scan
Syntax: sudo nmap -sn [Network/CIDR]
# Ping Scan
sudo nmap -sn 172.16.1.0/24
# ICMP Scan
sudo nmap -sn -PE 172.16.1.0/24
ARP Ping
Syntax: sudo nmap -sn -PR [Network/CIDR]
sudo nmap -sn -PR 172.16.1.0/24
TCP Ping
# TCP SYN Ping
sudo nmap -sn -PS [TARGET]
sudo nmap -sn -PS [PORT] [TARGET]
# TCP ACK Ping (Default Port 80)
sudo nmap -sn -PA [TARGET]
sudo nmap -sn -PA [PORT] [TARGET]UDP Ping
sudo nmap -sn -PU [TARGET]Nmap - Reverse DNS
# Reverse DNS Lookup - Add -R to any nmap host discovery command
sudo nmap -sn -R [TARGET]
sudo nmap -sn -R --dns-servers [DNS_SERVER] [TARGET]
ARP-Scan
sudo arp-scan -l
Netdiscover
Syntax: sudo netdiscover -r [Network/CIDR]
sudo netdiscover -r 172.16.1.0/24
Last updated