# 6. Perform Network Scanning using AI

## 1.  Scan a Target using ShellGPT

After incorporating the ShellGPT API in Parrot Security Machine, in the terminal window run

```
 sgpt --chat scan --shell “Use hping3 to perform ICMP scanning on the target IP address 10.10.1.11 and stop after 10 iterations”
```

<figure><img src="/files/C3robyALJDNeBObHFyZP" alt=""><figcaption></figcaption></figure>

Now to perform ACK scan on target IP address.

```
 sgpt --chat scan --shell “Run a hping3 ACK scan on port 80 of target IP 10.10.1.11” 
```

To perform host discovery

```
sgpt --chat scan --shell "Scan the target network 10.10.1.0/24 for active hosts and place only the IP addresses into a file scan1.txt
```

To perform nmap scan against the IP addresses that were gathered in previous step run

```
 sgpt --chat scan --shell "Run a fast but comprehensive nmap scan against scan1.txt with low verbosity and write the results to scan2.txt" 
```

To run ICMP echo scan

```
sgpt --chat scan --shell “Use nmap to perform ICMP ECHO ping sweep on the target network 10.10.1.0/24”
```

Other scans prompts

```
sgpt --chat scan --shell "Perform stealth scan on target IP 10.10.1.11 and display the results"
```

```
sgpt --chat scan --shell “Perform an XMAS scan on target IP 10.10.1.11”
```

```
sgpt --chat scan --shell “Use Nmap to scan for open ports and services against a list of IP addresses in scan1.txt and copy only the port, service and version information with the respective IP address to a new file called scan3.txt”
```

```
sgpt --chat scan --shell “Use Metasploit to discover open ports on the IP address 10.10.1.22”
```

```
sgpt --chat scan --shell “Use Nmap to scan open ports, MAC details, services running on open ports with their versions on target IP 10.10.1.11”
```

```
sgpt --chat scan --shell “Use TTL value and identify the operating system running on the target IP address 10.10.1.11, display the TTL value and OS”
```

```
sgpt --chat scan --shell “Use TTL value and identify the operating system running on the target IP address 10.10.1.9, display the TTL value and OS”
```

```
sgpt --chat scan --shell “Use Nmap script engine to perform OS discovery on the target IP addresses in scan1.txt”
```

```
sgpt --chat scan --shell “Develop a script which will automate network scanning efforts and find out live systems, open ports, running services, service versions, etc. on target IP range 10.10.1.0/24”
```

```
sgpt --chat scan --shell “To evade an IDS/Firewall, use IP address decoy technique to scan the target IP address 10.10.1.22”
```

```
 sgpt --chat scan --shell “Within scan1.txt file remove 10.10.1.14 and 10.10.1.13 entries, then display results”
```

```
sgpt --chat scancode --code “Create a python script to run a fast but comprehensive Nmap scan on the IP addresses in scan1.txt and then execute vulnerability scanning using nikto against each IP address in scan1.txt”
```

### Best CEH Practical Preparation Course

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ceh-practical.cavementech.com/module-3.-scanning-networks/6.-perform-network-scanning-using-ai.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.