Leaderboard

Here's a BASH ping sweep program I wrote for my systems programming class. Its use case is very narrow: You have a bash shell on a remote box but no access to a better recon tool (like NMAP). Why not just send nmap over the wire and use it? Because you may be in a position where you can't chmod+x nmap after you do so. To be fair you can't chmod+x this script either but you can, with modification, feed it directly into your shell no chmod required. I'm posting it in POC form for ease of analysis. #!/bin/bash function ip_to_decimal() { local dec_ip=0 for ((a=4, b=1; b < 5 ; a--, b++)) do let dec_ip+=$((`echo $1 | cut -d "." -f $b`<<$((8 * ($a - 1))))) done echo $dec_ip } #ip_to_decimal 192.168.56.101 function decimal_to_ip() { local ip for ((a=3, b=0; b < 4 ; a--, b++)) do ip+=$(( ($1 & (0xff000000 >> (8 * $b))) >> (8 * $a) )) if [ "$b" -ne 3 ] then ip+=. fi done echo $ip } #decimal_to_ip 3232249957 function increment_ip_address() { local dec_ip=`ip_to_decimal $1` let dec_ip+=1 local inc_ip=`decimal_to_ip $dec_ip` echo $inc_ip } #increment_ip_address 192.168.56.101 function ips_in_subnet() { local a=`ip_to_decimal $1` a=$(( ((~ $a) & 0xffffff) - 1)) echo "$a" } #ips_in_subnet 255.255.255.0 if [ "$#" -ne 2 ] then printf "Usage:\n\t%s <network-address> <subnet-mask>\n\n" $0 printf "\tExamples:\n" printf "\t\t%s 192.168.56.0 255.255.255.0\n" $0 printf "\t\t%s 192.168.56.0 255.255.255.128\n" $0 printf "\t\t%s 192.168.56.128 255.255.255.128\n" $0 printf "\n" exit fi number_ips=`ips_in_subnet $2` ip_address=$1 for n in `seq 1 $number_ips` do ip_address=`increment_ip_address $ip_address` (ping $ip_address -c 1 -W 1 | grep from | cut -d " " -f 4 | cut -d ":" -f 1 & ) 2> /dev/null done