Cyber Security


Bulk Scanning, Finding Victims

I am currently reading up on NMAP (Network Mapper) as I prepare for my Offensive Security Certified Professional (PWK OSCP). – I will definitely be writing further blog posts on this subject but I found this tidbit extremely useful.

Scan the entire subnet to find the DNS server. Once you have the DNS server, you can leverage it to get the hostnames on your scans as well:

nmap --top-ports 10 --open --dns-server 10.11.1.??? -oA nmap/top10_all_hosts

This will help you better understand some of the relationships between the machines. It’s also a great way of finding the hard boxes (the “big four”) right away in the OSCP exam.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.