Skip to content

Instantly share code, notes, and snippets.

Last active June 3, 2017 07:35
What would you like to do?
nmap scanning - for speed and accuracy
# nmap scanning for speed and accuracy!
# nmap discovery and nmap scanning don't always play well together. As such,
# you should separate them out into distinct phases.
# first we do discovery...
# a ping sweep on an internal network will find what you need.
# FIXME make the script take command line args (I've always meant to do this...)
#first, a quick ping sweep, dumping live IP's into a file:
echo "[i] Starting discovery..."
sudo nmap -n -sn -PE | grep report | awk '{print $5}' > nmap-liveIPs.txt
# and now we scan, say, 50 hosts at a time, which will cause few issues ever :P
# make a file handle
COUNT = $(wc -l nmap-liveIPs.txt)
echo "[i] Starting scan of $COUNT hosts..."
echo "[i] Creating file handle..."
exec 5< nmap-liveIPs.txt
while read line1 <&5 ; do
echo $line1 > /tmp/nmap.txt
for i in {1..49}; do
read end1 <&5;
if [ -z $end1 ]
echo $end1 >> /tmp/nmap.txt
echo "[i] Starting IP is " $line1;
echo "[i] Ending IP is " $end1;
# tweak your parameters here - we'll just do -A on 1000 top ports
# for now...
nmap -A --top-ports 1000 -iL /tmp/nmap.txt -oX scan-$line1-to-$end1.xml
echo "[i] Cleaning up..."
# not deleting /tmp/nmap.txt nor ./nmap-liveIPs.txt here, just in case you
# have to kill the scan and then work out what was going on later :P
exec 5<&-
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment