IDLE SCAN

Idle Scan

Hping3

Using a Zombie and hide our real IP from the scan. This is to evade firewalls.

hping3 -S -r ZOMBIE_IP -p 135

If id=+1 means a good Zombie candidate. Leave it running and run the below command to execute Idle scan

hping3 -a ZOMBIE_IP -S TARGET_IP -p 23

NMAP Idle

nmap --script ipidseq ZOMBIE_IP -p 135  Find Zombie 1st way 
nmap -O -v ZOMBIE_IP -p 135             Find Zombie 2nd way

nmap -sI ZOMBIE_IP:135 TARGET_IP -p 23 -Pn --packet-trace         Execute Idle Scan

Idle Scan (hping + nmap)

hping3 -S -r ZOMBIE_IP -p 135          Find Zombie and check the id incremental 
nmap -S ZOMBIE_IP TARGET_IP -p 23 -Pn -n -e tap0 --disable-arp-ping         Run Idle scan with NMAP

PreviousHping3 Scanning NextDNS Enum

Last updated 5 years ago