Monday, November 21, 2011

Quick list of Nmap & cut commands

NMap is a powerful tool but can be a bit of a pain when all I need is to get a clean list of live IP addresses. Here is a list of my go-to scripts for narrowing down all possible targets into a list I can pass into Nessus:

Ping a subnet:
nmap -n -sP 172.16.0.0/16 -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> 172.16.txt

From a target list:
nmap -n -sP -iL HQWorkstations.txt -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> HQWork.txt

For a specific port or ports:
nmap -p445 -Pn 192.168.1.1/24 -oG - | grep 445/open | cut -d' ' -f2 >> smb.txt

Get a number of live systems when using -Pn

cat FileName.gnmap | grep "Status: Up" | cut -d' ' -f2 | wc -l