Reconnaissance & OSINT
Information gathering and open-source intelligence tools for target enumeration
Idle
Recon Tool Categories
Network Scanning
nmap, masscan
Layer 3-4
OSINT Tools
theHarvester, Shodan
Public Info
DNS Enumeration
dig, dnsrecon, fierce
DNS Records
Subdomain Discovery
subfinder, amass
Asset Discovery
Port Scanning
nmap, rustscan
Service Enum
Tool Parameters
IP address, CIDR range, or domain name
Specific ports or range (leave empty for top 1000)
Custom nmap flags
Console Output
[*] Semestra Arena - Red Team Reconnaissance Console
[*] Tool: nmap 7.94
[*] Ready to execute scan...
root@arena:~# Awaiting command...
Quick Reference
Common Nmap Commands
nmap -sS 192.168.1.1
SYN stealth scan
nmap -sV -p- target
All ports + version detection
nmap -A -T4 target
Aggressive scan (OS, version, scripts)
nmap --script vuln target
Vulnerability scanning
OSINT Sources
Shodan.io
Internet-connected devices
theHarvester
Email, subdomain gathering
WHOIS Lookup
Domain registration info
DNS Records
A, MX, TXT, NS records
Tips & Tricks
Use -Pn to skip host discovery
-T4 for faster scans (careful!)
-oA to save all output formats
Always get authorization first
Scan Results
[*] No scan results yet
[*] Execute a scan to view results here
| Scan Statistics | |
|---|---|
| Total Hosts: | 0 |
| Hosts Up: | 0 |
| Open Ports: | 0 |
| Filtered Ports: | 0 |
| Scan Duration: | -- |