nmap

Example #1: Ping scan

nmap -sP 208.109.192.1-255
nmap -sP 208.109.9-100.10-236
nmap -sP 208.109.*.*
nmap -sP 192.168.0.1/24
nmap -sn 208.109.190-193.*
nmap -sn 208.109.193.* --exclude 208.109.193.5
sudo nmap --script broadcast-ping 192.168.0.*

The flags are -sP and -sn, where -sn is the replacement of the old -sP flag.

fping also an option

fping -g 192.168.0.1/24

Example #2: Agressive scan

nmap -p0- -v -A -T4 scanme.nmap.org

-p0- asks Nmap to scan every possible TCP port,
 -v asks Nmap to be verbose about it 
-A enables aggressive tests such as remote OS detection, service/version detection, and the Nmap Scripting Engine (NSE). Finally, 
-T4 enables a more aggressive timing policy to speed up the scan.

-O (Enable OS detection)

White-box / VAPT scenario (the objective is generally to find as many vulnerabilities as possible)

nmap -n -Pn -sS -p0-65535 -oA output <IP-ADDRESS>

Black-box / Red-team scenario

The objective here is not anymore to find as many vulnerabilities as possible, but to achieve full coverage.

nmap -T2 -n -Pn -sS -p0-65535 -oA output <IP-ADDRESS>

Online tools to identify CDN

There are number of online tools that can help us determine whether a particular website is using CDN or not. Here are some of the free ones:

• https://www.cdnplanet.com/tools/cdnfinder/

• https://www.whatsmycdn.com/

• https://builtwith.com/

Manual way to identify CDN

host -t A www.example.com
whois <IP-ADDRESS>

https://www.infosecmatter.com/how-to-port-scan-a-website/