Skip to content

Instantly share code, notes, and snippets.

@davidlares

davidlares/ping-scan.md

Last active July 19, 2021 17:24
Show Gist options
  • Save davidlares/3d2d66602376117bc5d5490204c804e4 to your computer and use it in GitHub Desktop.
Save davidlares/3d2d66602376117bc5d5490204c804e4 to your computer and use it in GitHub Desktop.
Download ZIP
Network recon with ping (Ping scan)
Raw
ping-scan.md

Ping Scan (Network sniffer)

This is a PoC script to find active machines in a port range with Python.

The whole idea is to use the ICMP protocol and check the ECHO_REPLY state, if it's found, it will "reply" with a string that starts with "bytes from: "

The ICMP protocols works on the link layer, however, it can be used in the application layer as well.

The 'Subprocess' module is required to run the /bin/ping -c 1 commands directly from Python, and for redirecting data output, error and input to the programming logic inside.

Raw
ping.py
#!/usr/bin/python
from subprocess import Popen, PIPE
for octet in range(100,110):
# forming full ip
ip = "%s.%d" % ('192.168.1', int(octet))
# running ping command, redirecting data
subprocess = Popen(['/bin/ping', '-c 1', ip], stdout=PIPE, stdin=PIPE, stderr=PIPE)
# establishing connections
out, err = subprocess.communicate(input=None)
# checking for ECHO_REPLY
if "bytes from " in out:
print("ECHO_REPLY from IP %s " % ip)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment