8:51 · May 2026

Active Reconnaissance: Host Discovery, Port Scanning and OS Detection

Active reconnaissance is where real pentests begin, and Nmap is the tool that's been in every professional pentester's kit for decades. In this tutorial, I walk through the four core Nmap commands you'll actually use on live engagements: host discovery, TCP SYN scanning, service version detection, and OS fingerprinting.

Downloads

PDF

Tools-for-Active-Reconnaissance-LAB.pdf

Active Recon LAB

Goes deeper in these books

Professional Penetration Testing

Chapter 6 - Reconnaissance

The Basics of Hacking and Penetration Testing

Chapter 6 - Discovery