Host Discovery
Ping Sweep
It is possible that a ping sweep may not result in successful replies on the first attempt, especially when communicating across networks. This can be caused by the time it takes for a host to build it's arp cache. In these cases, it is good to attempt our ping sweep at least twice to ensure the arp cache gets built
cmd
powershell
Nmap
Active hosts
Operating systems - TTL
Linux/MAC OS – 64
Windows – 128
Cisco Routers – 255
DNS – depends on the DNS resolver (can range from 128 to 86400)
Source: https://ostechnix.com/identify-operating-system-ttl-ping/
Port scan
Port ScanWeb Host
Information gathering
EyeWitness
Aquatone - See Information gathering
Hackerurl
Httpx
Internal pentest
Internal PentestWireshark, tcpdump
Netminer
Responder - analysis mode
Fping
Last updated