Active reconnaissance

From wiki.exploitpedia.org

Commands to execute inside the network to get which hosts are up and perform later on a port scanning to enumerate services (See Enumeration):

$nmap -sn -PE $IP/24


$netdiscover -r $IP/24


$crackmapexec -t 100 $IP/24