nmap OS detection in many networks
Hello all.
I need to scan many networks for OS detection purpose - to find hosts running Windows. If to speak about one single host, this command is nice: Code:
nmap -O -n -PN -v 10.5.1.112 Even more, this example shows only 10.5.1.100-254 results. And I have about 50 such networks. And nmap scans these addresses for 15-20 minutes already and the scanning still goes on. Look through this output please. It has only three detected online PCs. All other information is not desirable at this moment. All we need to see are such sections (from which it is clear that the host has an IP address 10.5.1.108, two opened ports and one of them indicates on *nix-like OS, and the OS detection information itself): Code:
Nmap scan report for 10.5.1.108 I also don't need much of other information (on the other hand an opened 22/TCP port indicates that the host is running Linux, not Win). So, is it any more convenient way to scan 50 networks and have a nice output ? I've read nmap's man but couldn't find something useful, e.g. how to hide everything but IP address and OS-detection. Is 'grep' the only thing which can do this ? I want to write some Bash script which will scan net by net (I have a list of networks, so 10.0.0.0/8 is not necessary) and redirect the output to a txt file. You're welcome to share your ideas. Of course it's possible to scan each subnet and output everything according to it to a separate txt file, and then have 50 txt files. But I'd like some more beautiful solution, if it is possible. Thanks. |
Quote:
Quote:
Quote:
|
Quote:
Something like Code:
nmap -P0 -v -sU -p 22 -oA ssh_scan 10.0.0.0/8 Then review ssh_scan file. Have a Great Day and Merry Christmas! |
It's way more reliable to consult AD, or use WMIC... Perhaps also a lot faster than using Nmap.
To show the OS and version use: Code:
C:\> wmic os get name,version |
Quote:
Just a sample of some things that use 22/TCP: SSH (Linux, BSD, Unix, Solaris, Windows, Apple OS, etc) AudioReQuest, VideoRequest, Networdz, Putty (Windows applications) iGet (Apple OS application) InCommand, Shaft, Skun, Adore sshd (trojans) OS fingerprinting is difficult and not entirely reliable. Some internet facing systems are "scrubbed" so as to present misleading fingerprinting data, especially honeypots. |
Thanks to all, I used this script:
Code:
#!/bin/bash |
All times are GMT -5. The time now is 05:25 PM. |