Last active
February 20, 2018 15:46
-
-
Save Sawaba/3b4b0ea1b5412d5f9609b7454f5b1563 to your computer and use it in GitHub Desktop.
The beginning of a project to try to discover all active networks on an internal LAN. I hadn't figured out how to do the 10.0.0.0 class A, so it currently looks for all RFC1918 ranges EXCEPT the largest of the bunch. Sorry :( Without access to a large LAN, it was hard to continue development.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@echo off | |
goto begin | |
+-----------------------------------------------------------------------------+ | |
| Internal Network Discovery Scan | | |
| | | |
| DESCRIPTION: This script discovers NETWORKS, not hosts. It attempts to find | | |
| every class C in use throughout the enterprise. Note that, on larger ranges,| | |
| we're sampling IPs to save time. This is a calculated time/accuracy tradeoff| | |
| | | |
| AUTHOR: Adrian Sanabria | | |
| CREATED: 10/10/12 | | |
| LAST UPDATED: 10/10/12 | | |
+-----------------------------------------------------------------------------+ | |
:begin | |
REM We need a filename-friendly version of today's date... | |
for /f "tokens=1,2,3,4 delims=/ " %%a in ('date /t') do set curdate=%%b%%c%%d& set dirmask=%%d-%%b-Networks | |
echo Current Date is %curdate%. | |
echo Dirmask is %dirmask% | |
echo Beginning network discovery scans. Ready to go? | |
pause | |
REM Nobody likes a directory with a million files in it, so we're going to | |
REM create a folder structure to hold the scan results. The folder format will | |
REM be YYYY-MM-Networks | |
mkdir %dirmask% | |
REM Scan all the RFC1918 Networks to just find each Class C in use. | |
REM The goal at this point is not to find every active host, just every | |
REM active network. | |
REM | |
REM In between each, we will run list scans (only tries reverse DNS on each IP) | |
REM to see if we missed any networks | |
nmap -vv -sn -T4 -oA %dirmask%\Network_Discovery_%curdate%_AllInternal 172.16-31.0-254.1-1 192.168.0-254.1-1 | |
REM Calculated that a list scan on a Class A network would take 12 days. Not | |
REM going to do that right now. Even just scanning the first 16 IPs will take | |
REM 19 hours. | |
REM nmap -vv -sL -oA %dirmask%\Network_ListScan_%curdate%_1ClassA 10.0-254.0-254.1-1 | |
nmap -vv -sL -oA %dirmask%\Network_ListScan_%curdate%_AllInternalExceptClassA 172.16-31.0-254.1-16 192.168.0-254.1-254 | |
REM Gather the results from pingscans | |
for /f "eol=C tokens=1,2,3,4,5,6,* delims=. " %%a in ('find "Status: Up" %dirmask%\Network_Discovery_%curdate%_AllInternal.gnmap') do echo %%b.%%c.%%d.0/24 >> %dirmask%\NetworkInternalNets_%curdate%.txt | |
REM Process results from listscans | |
REM If we got DNS results, we're going to add the network we got them from to | |
REM NetworkInternalNets_date.txt | |
for /f "eol=# tokens=1,2,3,4,5,6,* delims=. " %%a in (Network_ListScan_%curdate%_AllInternalExceptClassA.gnmap) do if NOT "()"=="%%f" echo %%b.%%c.%%d.0/24 >> %dirmask%\NetworkInternalNets_%curdate%.txt | |
notepad.exe %dirmask%\NetworkInternalNets_%curdate%.txt | |
echo Finished! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment