In the second part of the first phase of a penetration test, active information gathering, it’s important to map as accurate as possible the network of you target. To find live hosts there is a technique called ping sweep. Different tools exist to perform that task.
ping can give you the ip address of the target, the ttl and the time. However since the method is based on ICMP requests, the target could be configured to block or trash them… With a simple bash script, you can loop throught a range of ip address to test them all:
#!/bin/bash for ip in $(seq 200 220); do ping -c 1 192.168.11.$ip | grep "bytes from" | cut -d " " -f 4 | cut -d ":" -f1 & done
-c option is configured to only send 1 request. The grep is used to display only the host who respond to the request (and supposed alive) and finally cut is used for a nice display. Notice the
& at the end of the line, it’s very usefull pto paralellize tasks and make the script faster. Here is the result: