🟡 Host Discovery
Linux
Nmap
# apt install -y nmap
nmap -sn 192.168.1.0/24
Fping
# apt install -y fping
fping -aqg 192.168.1.0/24
Netdiscover
# apt install -y netdiscover
netdiscover -i eth0 -r 192.168.1.0/24
arp-scan
# apt install -y arp-scan
arp-scan -I eth0 -l
Ping
for i in $(seq 1 254); do (ping -c 1 192.168.1.${i} | grep "bytes from" | awk '{print $4}' | tr -d ':' &); done;
Bash
Network Segments: 1
#!/bin/bash
echo -e "\n[!] Start Discovery:\n"
for i in $(seq 1 254); do
timeout 1 bash -c "ping -c 1 192.168.1.$i" &> /dev/null && echo -e " [+] 192.168.1.$i" &
done; wait
Network Segments: 2
#!/bin/bash
hosts=("192.168.1" "10.10.10")
echo -e "\n[!] Start Discovery:\n"
for host in ${hosts[@]}; do
echo -e "[*] Range: $host.0/24"
for i in $(seq 1 254); do
timeout 1 bash -c "ping -c 1 $host.$i" &>/dev/null && echo -e " [+] $host.$i" &
done; wait
done
Windows
CMD
for /l %i in (1,1,254) do @ping -4 -n 1 -w 100 192.168.1.%i | findstr TTL
for /L %a IN (1,1,254) DO @(ping -n 1 -w 1 192.168.1.%a | findstr "TTL=" > nul && echo 192.168.1.%a)
PowerShell
1..254 | % {ping -4 -n 1 -w 100 X.X.X.$_} | Select-String TTL
1..254 | % {ping -4 -n 1 -w 100 X.X.X.$_} | Select-String TTL | % {$regex = [regex] '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'; $regex.Matches($_)} | % {$_.value}
Disclaimer
WARNING
All techniques presented in this blog are for educational and ethical purposes.
The VulNyx team is not responsible for any misuse or damage caused to third party systems or infrastructure.
© VulNyx 2023-2025