About half of my nmap uses are “nmap -sP www.xxx.yyy.*” to search the local subnet. I’d love it if there were a shortcut that just says “search the local subnet”; any suggestions?
You’re welcome! I think the problem is, that ‘local network’ in not precise enough, and therefore not easy to implement. What is your ‘local network’ if you are connected to 2 networks? - I think in the end it is not worth the trouble, and if it is needed, just use variables. And just for the protocol: there might be an easier solution, but I haven’t found it.
Better, but that still searches a docker0 network at 172.17.0.1/16, which will still take a long time and not be very useful.
I’ll take your lead, though, changing the search for “scope global” to a search for “/8”. I probably don’t want to automatically search for anything broader, anyway.
Yeah, needs some fine tuning. Isn’t as easy as it sounds. Depending on the setup, you could work with the -iL flag to import networks from a file, and/ or --exclude certain subnets.
About half of my nmap uses are “nmap -sP www.xxx.yyy.*” to search the local subnet. I’d love it if there were a shortcut that just says “search the local subnet”; any suggestions?
Interesting idea. Haven’t found a native way to do so, but you could create something with bash aliases or functions:
ip -o -f inet addr show | grep eth0 | awk '{print $4}' | xargs -I {} nmap -sP {}This would search the whole subnet of interface
eth0.Very cool! Thanks. (I still think an alias for “everything on the local network” would be useful…)
You’re welcome! I think the problem is, that ‘local network’ in not precise enough, and therefore not easy to implement. What is your ‘local network’ if you are connected to 2 networks? - I think in the end it is not worth the trouble, and if it is needed, just use variables. And just for the protocol: there might be an easier solution, but I haven’t found it.
I’d be OK with it being “all local networks that I’m on”, e.g. the equivalent of this:
But, that includes virtual interfaces (e.g. “127.0.0.1/8”) that could take just about forever to search and return false positives galore.
Try this one:
ip -o -f inet addr show | awk '/scope global/ {print $4}' | tr '\n' ' ' | xargs nmap -sPBetter, but that still searches a
docker0network at172.17.0.1/16, which will still take a long time and not be very useful.I’ll take your lead, though, changing the search for “scope global” to a search for “/8”. I probably don’t want to automatically search for anything broader, anyway.
Yeah, needs some fine tuning. Isn’t as easy as it sounds. Depending on the setup, you could work with the
-iLflag to import networks from a file, and/ or--excludecertain subnets.