Nmap Reconnaissance

Overview

Nmap is the standard tool for network discovery and security auditing. It identifies live hosts, open ports, running services and their versions, operating systems, and potential vulnerabilities. Every penetration test starts with Nmap. Supports TCP/UDP scanning, OS fingerprinting, NSE (Nmap Scripting Engine) for vulnerability detection, and output in XML/JSON for automation.

Instructions

Step 1: Host Discovery

# Discover live hosts on a subnet (no port scan)
nmap -sn 192.168.1.0/24
# -sn: ping scan only, no port scan
# Output: list of live IPs with MAC addresses and hostnames

# Discover hosts without ping (when ICMP is blocked)
nmap -Pn -sn 10.0.0.0/24