You have to find many IP addresses or CIDR ranges of the company using the methods from DAY 5-6

• asnmap : a tool for getting CIDR ranges belonging to a particular ASN number.
• mapcidr : this tool will give all the ip addresses of any CIDR.
• dnsx : this tool will do reverse DNS lookup, and find hostnames for the ip addresses we give.
  • use -ptr for reverse domain lookup.
• naabu : it scans for open ports on given host.
  • We can even provide ASN no. to run a scan on all the IPs or give a list of hosts in a file.
  • We can use nmap within the tool itself
  • https://github.com/projectdiscovery/naabu
• masscan : used to scan for big networks real quick.
  • We can use nmap within the tool itself
  • https://github.com/robertdavidgraham/masscan
• rustscan : same use as masscan .
  • Nmap switches can be used within the command to scan with nmap as well.
  • https://github.com/RustScan/RustScan/

After getting open ports we can run nmap service scan to enumerate.