From 8b543c80aa3a6b103a25bbe7906c607b0f557ba9 Mon Sep 17 00:00:00 2001 From: ZkClown Date: Thu, 20 Apr 2023 15:21:48 +0200 Subject: [PATCH] Add network scan with pure bash --- .../Network Discovery.md | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/Methodology and Resources/Network Discovery.md b/Methodology and Resources/Network Discovery.md index b76dd23e..8b216cbe 100644 --- a/Methodology and Resources/Network Discovery.md +++ b/Methodology and Resources/Network Discovery.md @@ -3,6 +3,7 @@ ## Summary - [Nmap](#nmap) +- [Network Scan with nc and ping](#network-scan-with-nc-and-ping) - [Spyse](#spyse) - [Masscan](#masscan) - [Netdiscover](#netdiscover) @@ -99,6 +100,42 @@ Host script results: List Nmap scripts : ls /usr/share/nmap/scripts/ ``` +## Network Scan with nc and ping + +Sometimes we want to perform network scan without any tools like nmap. So we can use the commands `ping` and `nc` to check if a host is up and which port is open. +To check if hosts are up on a /24 range +```bash +for i in `seq 1 255`; do ping -c 1 -w 1 192.168.1.$i > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "192.168.1.$i is UP"; fi ; done +``` +To check which ports are open on a specific host +```bash +for i in {21,22,80,139,443,445,3306,3389,8080,8443}; do nc -z -w 1 192.168.1.18 $i > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "192.168.1.18 has port $i open"; fi ; done +``` +Both at the same time on a /24 range +```bash +for i in `seq 1 255`; do ping -c 1 -w 1 192.168.1.$i > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "192.168.1.$i is UP:"; for j in {21,22,80,139,443,445,3306,3389,8080,8443}; do nc -z -w 1 192.168.1.$i $j > /dev/null 2>&1; if [ $? -eq 0 ]; then echo "\t192.168.1.$i has port $j open"; fi ; done ; fi ; done +``` +Not in one-liner version: +```bash +for i in `seq 1 255`; +do + ping -c 1 -w 1 192.168.1.$i > /dev/null 2>&1; + if [ $? -eq 0 ]; + then + echo "192.168.1.$i is UP:"; + for j in {21,22,80,139,443,445,3306,3389,8080,8443}; + do + nc -z -w 1 192.168.1.$i $j > /dev/null 2>&1; + if [ $? -eq 0 ]; + then + echo "\t192.168.1.$i has port $j open"; + fi ; + done ; + fi ; +done +``` + + ## Spyse * Spyse API - for detailed info is better to check [Spyse](https://spyse.com/)