Nmap
Revision as of 23:53, 22 October 2023 by Tinker (talk | contribs) (→Installing the latest NMAP (form SOURCE as of 2023/10/21))
Installing the latest NMAP (form SOURCE as of 2023/10/21)
The following sequence of commands is based on fresh installs of LMDE 5, LMDE 6, Mint 21.2, Debian 12.2 and Debian 11.6.
Also works for Ubuntu 20.04.6 (Dell edition).
apt updateapt upgradeapt install make g++ autoconf libssl-dev libssh2-1-dev libc6-dev- These dependancies are not all needed in all cases, but better safe than sory.
- apt install python3.11 python3.11-venv
- thanks to this little issue
- For LMDE 5 or Debian 11 tho...
- apt install python3.9 python3.9-venv
mkdir srccd srcwget -4 https://nmap.org/dist/nmap-7.94.tgztar xvzf nmap-7.94.tgzcd nmap-7.94./configuremakesudo sumake install
Some useful nmap scans
Using nmap to inventory a network
The following command with nmap with root privilegies (or using sudo):
sudo nmap -n -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $2;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> 192.168.0.1 28:C6:8E:F9:B8:BF ---> 192.168.0.2 28:C6:8E:29:9D:30 ---> 192.168.0.3 ...
(Good luck typing that in by hand...)
Want DNS?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> wap1.tinkernow.net ...
or both name & address?:
sudo nmap -sP 192.168.0.0/24 | awk '/Nmap scan report/{printf $5;printf "\t";printf $6;printf "\t";getline;getline;print $3;}' | awk '{printf $3;printf " ---> ";printf $2;printf "\t";printf $1;printf "\n";}'
results in:
00:10:18:5D:B0:10 ---> (192.168.0.1) zathras.tinkernow.net 28:C6:8E:F9:B8:BF ---> (192.168.0.2) switcha.tinkernow.net 28:C6:8E:29:9D:30 ---> (192.168.0.3) wap1.tinkernow.net ...
But, for some reason, lack of a name causes odd formatting. And, nmap seems to fail to give the mac address of the machine doing the scan.
A rather more elaborate scan
I've built a script that does a thorough scan & catches things missed by the above scan(s).
But it's rather slow...
#!/bin/bash
sudo -v # Get the password demand for sudo over with before clearing the screen
clear
echo Scanning 192.168.0.0/23
for j in {0..1} # My network is a /23 so I need to cycle through 2 octets
do
for i in {0..255}
do
if (( $(expr $j + $i)!=0 )) # Don't bother pinging the broadcast address
then
### Display Categories
if [ $j -eq 0 ]
then
case $i in
1) echo Infrastructure ;;
10) echo Servers ;;
50) echo Mobile ;;
60) echo Sand Boxes ;;
70) echo Desktops ;;
100) echo Systems Being Developed ;;
200) echo Udder Stuph ;;
*) ;;
esac
fi
if [ $j -eq 1 ]
then
case $i in
0) echo IoT - Servers ;;
10) echo IoT - In Production ;;
40) echo IoT - Voice Assistants ;;
50) echo IoT - Entertainment ;;
60) echo IoT - Cameras ;;
80) echo IoT - Lab Control ;;
100) echo IoT - In Development ;;
200) echo Roaming Devices ;;
*) ;;
esac
fi
### Check Device
if ping -c 1 192.168.$j.$i > /dev/null
then
currentIP=192.168.$j.$i
nmapREPORT=`sudo nmap -sP 192.168.$j.$i`
nmNAME=`echo $nmapREPORT | awk '{printf $15;}'`
nmIP=`echo $nmapREPORT | awk '{printf $16;}' | sed 's/[()]//g'`
nmMAC=`echo $nmapREPORT | awk '{printf $24;}'`
nmMAKER=`echo $nmapREPORT | awk '{printf $25;}'`
if [ ${#nmMAC} -ne "17" ]
then
IPaddress=$currentIP
MACaddress="__:__:__:__:__:__"
MAKER="(________)"
NAME=`host 192.168.$j.$i | awk '{printf $5;}'`
else
IPaddress=$nmIP
MACaddress=$nmMAC
if [ ${#nmMAKER} -lt "6" ]
then
MAKER="$nmMAKER "
else
MAKER=$nmMAKER
fi
NAME=$nmNAME
fi
echo -e "$IPaddress\t$MACaddress $MAKER\t$NAME"
fi
###
fi
done
done