Add network scan with pure bash

Methodology and Resources/Network Discovery.md

@@ -3,6 +3,7 @@
 ## Summary
 
 - [Nmap](#nmap)
+- [Network Scan with nc and ping](#network-scan-with-nc-and-ping)
 - [Spyse](#spyse)
 - [Masscan](#masscan)
 - [Netdiscover](#netdiscover)
@@ -99,6 +100,42 @@ Host script results:
 List Nmap scripts : ls /usr/share/nmap/scripts/
 ```
 
+## Network Scan with nc and ping
+
+Sometimes we want to perform network scan without any tools like nmap. So we can use the commands `ping` and `nc` to check if a host is up and which port is open.
+To check if hosts are up on a /24 range
+```bash
+for i in `seq 1 255`; do ping -c 1 -w 1 192.168.1.$i > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "192.168.1.$i is UP"; fi ; done
+```
+To check which ports are open on a specific host
+```bash
+for i in {21,22,80,139,443,445,3306,3389,8080,8443}; do nc -z -w 1 192.168.1.18 $i > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "192.168.1.18 has port $i open"; fi ; done
+```
+Both at the same time on a /24 range
+```bash
+for i in `seq 1 255`; do ping -c 1 -w 1 192.168.1.$i > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "192.168.1.$i is UP:"; for j in {21,22,80,139,443,445,3306,3389,8080,8443}; do nc -z -w 1 192.168.1.$i $j > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "\t192.168.1.$i has port $j open"; fi ; done ; fi ; done
+```
+Not in one-liner version:
+```bash
+for i in `seq 1 255`; 
+do 
+    ping -c 1 -w 1 192.168.1.$i > /dev/null 2>&1; 
+    if [ $? -eq 0 ]; 
+    then 
+        echo "192.168.1.$i is UP:"; 
+        for j in {21,22,80,139,443,445,3306,3389,8080,8443}; 
+        do 
+            nc -z -w 1 192.168.1.$i $j > /dev/null 2>&1; 
+            if [ $? -eq 0 ]; 
+            then 
+                echo "\t192.168.1.$i has port $j open"; 
+            fi ; 
+        done ; 
+    fi ; 
+done
+```
+
+
 ## Spyse
 * Spyse API - for detailed info is better to check [Spyse](https://spyse.com/)