Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt

Use this file to discover all available pages before exploring further.

Active — Nmap

nmap -O TARGET
nmap -O --osscan-guess TARGET
nmap -A TARGET                       # OS + version + scripts

TTL Analysis

OSDefault TTL
Linux64
Windows128
Cisco/Network255
Solaris254
ping -c 1 TARGET | grep ttl
TTL 64 → likely Linux. TTL 128 → likely Windows.

Passive — p0f

p0f -i eth0
p0f -i eth0 -o output.txt
p0f -r capture.pcap
Identifies OS from TCP SYN packets without sending traffic. 
nc -nv TARGET 22
nmap -sV -p 22 TARGET
curl -I http://TARGET

Telnet

telnet TARGET 80
HEAD / HTTP/1.1
Host: TARGET

Nmap Scripts

nmap --script=smb-os-discovery TARGET
nmap -p 445 --script=smb-os-discovery TARGET

Quick Reference

MethodCommand
Active OSnmap -O TARGET
TTL checkping -c 1 TARGET
Passivep0f -i eth0
Banner grabnc -nv TARGET PORT
SMB OSnmap --script=smb-os-discovery TARGET