Monday, November 21, 2011

Quick list of Nmap & cut commands

NMap is a powerful tool but can be a bit of a pain when all I need is to get a clean list of live IP addresses. Here is a list of my go-to scripts for narrowing down all possible targets into a list I can pass into Nessus:

Ping a subnet:
nmap -n -sP -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> 172.16.txt

From a target list:
nmap -n -sP -iL HQWorkstations.txt -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> HQWork.txt

For a specific port or ports:
nmap -p445 -Pn -oG - | grep 445/open | cut -d' ' -f2 >> smb.txt

Get a number of live systems when using -Pn

cat FileName.gnmap | grep "Status: Up" | cut -d' ' -f2 | wc -l


  1. Hello, what is the optimal format should be the target list in the file HQWorkstations.txt, could give an example?

  2. Update:

    nmap -sL -oG - | cut -d " " -f2 | grep ^[0-9]


Thanks for adding to the conversation. I'll update your post shortly.