Monday, November 21, 2011

Quick list of Nmap & cut commands

NMap is a powerful tool but can be a bit of a pain when all I need is to get a clean list of live IP addresses. Here is a list of my go-to scripts for narrowing down all possible targets into a list I can pass into Nessus:

Ping a subnet:
nmap -n -sP 172.16.0.0/16 -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> 172.16.txt

From a target list:
nmap -n -sP -iL HQWorkstations.txt -oG - | cut -d' ' -f2,4 | cut -d' ' -f1 | grep ^[0-9] >> HQWork.txt

For a specific port or ports:
nmap -p445 -Pn 192.168.1.1/24 -oG - | grep 445/open | cut -d' ' -f2 >> smb.txt

Get a number of live systems when using -Pn

cat FileName.gnmap | grep "Status: Up" | cut -d' ' -f2 | wc -l

Posted by at

2 comments:

  1. Luis Rodriguez DiazJanuary 25, 2012 at 10:05 AM

    Hello, what is the optimal format should be the target list in the file HQWorkstations.txt, could give an example?

    ReplyDelete
  2. Joseph PieriniJuly 23, 2012 at 1:33 PM

    Update:

    nmap -sL 192.168.1.1/28 -oG - | cut -d " " -f2 | grep ^[0-9]

    ReplyDelete

Thanks for adding to the conversation. I'll update your post shortly.

Subscribe to: Post Comments (Atom)