====== Find Live Hosts ======

===== Find Hosts =====

Finds all live hosts in a Class C range.

This script was taken from [[http://wiki.remote-exploit.org/backtrack/wiki/Scripts|the BackTrack Wiki]]. For updates please check the original site.

<code>
#!/bin/bash

clear
echo
echo Find Hosts
echo
echo
echo By Lee Baird
echo March 23, 2007
echo "v 0.2"
echo
echo "This script will find all live hosts in a Class C range."
echo
echo Usage:  192.168.1
echo Enter the Class C range.
echo
read class
echo
echo "####################"
echo
for x in `seq 1 254`;do
ping -c 1 $class.$x | grep "bytes from" | cut -d " " -f4 | cut -d ":" -f1 &
done
echo
</code>

Submitted by [[leebaird@gmail.com|Lee Baird]]

===== Sub Scan =====
A way to generate a list of hosts on a subnet that respond to pings by parsing the grepable output from an nmap ping scan.

Damians original script saved the nmap output to a file which was then passed into the cut commands, this has been changed slightly here using the -oG- parameter which sends grepable output to standard out so it can be passed directly into the cut pipeline.

<code>
echo
echo "Enter subnet you wish to scan (ie. 192.168.1.0/24)"
echo
read subnet
echo
nmap -n -sP -oG- $subnet | cut -d" " -f2,4 | cut -d" " -f1 | grep ^[0-9] > target_ips.txt
echo
echo "List of targets saved to target_ips.txt"
echo
echo "Scan complete."
</code>

The use of two cuts and a grep in the original can also be reduced by using awk to give the following nmap line
  nmap -n -sP -oG- 192.168.0.0/24  |awk '$4 == "up" {print $2}'

where awk checks column 4 of the output for the word up and if found prints column 2


Original submitted by Damian Tommasino, amendments by Robin Wood