Nmap
Jump to navigation
Jump to search
Installing the latest NMAP (form SOURCE as of 2023/10/21)
The following sequence of commands is based on fresh installs of LMDE 5, LMDE 6, Mint 21.2, Debian 12.2 & 11.6 and Ubuntu 22.04 & 23.04.
Also works for Ubuntu 20.04.6 (Dell edition).
apt updateapt upgradeapt install make g++ autoconf libssl-dev libssh2-1-dev libc6-dev- These dependancies are not all needed in all cases, but better safe than sory.
- apt install python3.11 python3.11-venv
- thanks to this little issue
- For LMDE 5 or Debian 11 tho...
- apt install python3.9 python3.9-venv
mkdir srccd srcwget -4 https://nmap.org/dist/nmap-7.94.tgztar xvzf nmap-7.94.tgzcd nmap-7.94./configuremakesudo sumake install
Some useful nmap scans
Using nmap to inventory a network
The following command with nmap with root privilegies (or using sudo):
sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> 192.168.0.1 28:C6:8E:F9:B8:BF ---> 192.168.0.2 28:C6:8E:29:9D:30 ---> 192.168.0.3 ...
(Good luck typing that in by hand...)
Want DNS?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> wap1.tinkernow.net ...
or both name & address?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> (192.168.0.1) zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> (192.168.0.2) switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> (192.168.0.3) wap1.tinkernow.net ...
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.
A rather more elaborate scan
I've built a script that does a thorough scan & catches things missed by the above scan(s).
But it's rather slow...
#!/bin/bash
sudo -v # Get the password demand for sudo over with before clearing the screen
clear
echo Scanning 192.168.0.0/23
for j in {0..1} # My network is a /23 so I need to cycle through 2 octets
do
for i in {0..255}
do
if (( $(expr $j + $i)!=0 )) # Don't bother pinging the broadcast address
then
### Display Categories
if [ $j -eq 0 ]
then
case $i in
1) echo Infrastructure ;;
10) echo Servers ;;
50) echo Mobile ;;
60) echo Sand Boxes ;;
70) echo Desktops ;;
100) echo Systems Being Developed ;;
200) echo Udder Stuph ;;
*) ;;
esac
fi
if [ $j -eq 1 ]
then
case $i in
0) echo IoT - Servers ;;
10) echo IoT - In Production ;;
40) echo IoT - Voice Assistants ;;
50) echo IoT - Entertainment ;;
60) echo IoT - Cameras ;;
80) echo IoT - Lab Control ;;
100) echo IoT - In Development ;;
200) echo Roaming Devices ;;
*) ;;
esac
fi
### Check Device
if ping -c 1 192.168.$j.$i > /dev/null
then
currentIP=192.168.$j.$i
nmapREPORT=`sudo nmap -sP 192.168.$j.$i`
nmNAME=`echo $nmapREPORT | awk '{printf $15;}'`
nmIP=`echo $nmapREPORT | awk '{printf $16;}' | sed 's/[()]//g'`
nmMAC=`echo $nmapREPORT | awk '{printf $24;}'`
nmMAKER=`echo $nmapREPORT | awk '{printf $25;}'`
if [ ${#nmMAC} -ne "17" ]
then
IPaddress=$currentIP
MACaddress="__:__:__:__:__:__"
MAKER="(________)"
NAME=`host 192.168.$j.$i | awk '{printf $5;}'`
else
IPaddress=$nmIP
MACaddress=$nmMAC
if [ ${#nmMAKER} -lt "6" ]
then
MAKER="$nmMAKER "
else
MAKER=$nmMAKER
fi
NAME=$nmNAME
fi
echo -e "$IPaddress\t$MACaddress $MAKER\t$NAME"
fi
###
fi
done
done