Performing ping sweep

We can perform ping sweep to discover other internal hosts after a foothold.

Performing ping sweep with fping

ping -asgq 172.16.5.0/23

Performing ping sweep with Nmap

sudo nmap -v -A -iL hosts.txt -oN /home/User/Documents/host-enum

With metasploit

post/multi/gather/ping_sweep

From a linux host(No additional tool needed)

for i in {1..254} ;do (ping -c 1 172.16.5.$i | grep "bytes from" &) ;done

From windows using cmd

for /L %i in (1 1 254) do ping 172.16.5.%i -n 1 -w 100 | find "Reply"

From windows using powershell

1..254 | % {"172.16.6.$($_): $(Test-Connection -count 1 -comp 172.15.6.$($_) -quiet)"}

Last updated 1 year ago