Resources
Commands
- Netdiscover
- Run in passive mode to silently listen for ARP requests. This is very stealthy.
netdiscover -i eth1 -p
- Run an active scan on a specific range, printing results to the screen.
netdiscover -i eth1 -r 192.168.99.0/24 -P
- p0f (Passive OS Fingerprinting)
- Listen on an interface and log all discovered hosts and OS information.
p0f -i eth1 -o p0f.log
- Run in daemon mode (background process).
p0f -i eth1 -o p0f.log -d
- arp-scan
- Scan the entire local network attached to the
eth1 interface.
arp-scan -I eth1 -l
- Scan a specific subnet.
arp-scan -I eth1 192.168.99.1/24
- nping & fping
- Send a TCP probe to specific ports on a host.
nping -c 1 --tcp -p 80,443 192.168.99.12
- A fast ping sweep that only shows live hosts (
-a) and suppresses errors.
fping -a -g 192.168.99.0/24 2>/dev/null
- Bash
- A simple loop that pings each host in a /24 subnet and saves live hosts to
sweep.txt.
NET="192.168.99"; for i in $(seq 1 254); do (ping -c1 -W1 $NET.$i > /dev/null && echo "$NET.$i" | tee -a sweep.txt &); done
- Sort the results and clean up.
sort -u -t'.' -k4,4n sweep.txt > targets.txt && rm sweep.txt
- Windows CMD (Batch)
- The batch equivalent of the bash one-liner.
set "NET=192.168.99" && for /L %i in (1,1,255) do @ping -n 1 -w 200 %NET%.%i > nul && echo %NET%.%i >> sweep.txt
- PowerShell
- A PowerShell one-liner using WMI for ping checks.
echo "[*] Scanning in progress...";1..254 |ForEach-Object {Get-WmiObject Win32_PingStatus -Filter "Address='192.168.99.$_' and Timeout=50 and ResolveAddressNames='false' and StatusCode=0" |select ProtocolAddress* |Out-File -Append -FilePath .\sweep.txt};echo "[+] Live hosts:"; Get-Content -Path .\sweep.txt | ? { $_ -match "192.168.99" }; echo "[*] Done.";del .\sweep.txt
- An alternative PowerShell method that runs pings in parallel.
$NET="192.168.99";for($i=1;$i -lt 255;$i++){$command="ping -n 1 -w 100 $NET.$i > nul 2>&1 && echo $NET.$i";start-process -nonewwindow cmd -argumentlist "/c $command" -redirectstandardoutput "tmp$i.txt"};cat tmp*.txt > sweep.txt