Network Scanning

Nmap - Network Discovery

Basic Host Discovery

# Ping sweep
nmap -sn 192.168.1.0/24

# TCP SYN ping
nmap -PS 192.168.1.1

# UDP ping
nmap -PU 192.168.1.1

Port Scanning

# Quick scan (top 100 ports)
nmap -F 192.168.1.1

# Scan all ports
nmap -p- 192.168.1.1

# Scan specific ports
nmap -p 80,443,8080 192.168.1.1

# Fast scan
nmap -T4 -F 192.168.1.1

# Aggressive scan
nmap -A 192.168.1.1

# Service version detection
nmap -sV 192.168.1.1

# OS detection
nmap -O 192.168.1.1

Stealth Scanning

# SYN scan (stealth)
nmap -sS 192.168.1.1

# FIN scan
nmap -sF 192.168.1.1

# Null scan
nmap -sN 192.168.1.1

# Xmas scan
nmap -sX 192.168.1.1

NSE Scripts

# Default scripts
nmap -sC 192.168.1.1

# Vulnerability scanning
nmap --script vuln 192.168.1.1

# Specific script
nmap --script http-enum 192.168.1.1

Masscan - Fast Port Scanner

# Fast scan of all ports
masscan -p1-65535 192.168.1.0/24 --rate=1000

# Scan specific ports
masscan -p80,443,8080 192.168.1.0/24 --rate=10000

Netcat - Network Swiss Army Knife

# Port scanning
nc -zv 192.168.1.1 1-1000

# Banner grabbing
nc -v 192.168.1.1 80

Useful Links

• Nmap Official Documentation
• Nmap NSE Scripts
• Nmap Cheat Sheet
• Masscan GitHub
• Rustscan Documentation