You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
After reconnaissance, scanning and enumeration move from passive information gathering to actively probing the target's systems. This phase identifies live hosts, open ports, running services, and potential vulnerabilities — forming the foundation for exploitation.
Authorisation required: Scanning systems you do not own or have permission to test is illegal. Always confirm your scope before scanning.
Nmap (Network Mapper) is the industry-standard tool for network discovery and security auditing.
# TCP SYN scan (default, stealthy, requires root)
sudo nmap -sS 192.168.1.0/24
# TCP connect scan (no root required, less stealthy)
nmap -sT 192.168.1.100
# UDP scan (slower, but finds DNS, SNMP, DHCP)
sudo nmap -sU 192.168.1.100
# Ping sweep — find live hosts
nmap -sn 192.168.1.0/24
# Version detection on common ports
nmap -sV 192.168.1.100
# Aggressive scan (OS detection, version, scripts, traceroute)
nmap -A 192.168.1.100
# Scan specific ports
nmap -p 80,443,8080,8443 192.168.1.100
# Scan all 65535 ports
nmap -p- 192.168.1.100
# Top 1000 ports with service detection and default scripts
nmap -sC -sV 192.168.1.100
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.