unprovable · June 3, 2017 07:35
diff --git a/nmap-scan.sh b/nmap-scan.sh
 #!/bin/bash

 # nmap scanning for speed and accuracy! 
 # nmap discovery and nmap scanning don't always play well together. As such,
 # you should separate them out into distinct phases. 

 # first we do discovery...
 # a ping sweep on an internal network will find what you need.
 # FIXME make the script take command line args (I've always meant to do this...)
 #first, a quick ping sweep, dumping live IP's into a file:
 echo "[i] Starting discovery..."
 sudo nmap -n -sn -PE 192.168.0.0/22 | grep report | awk '{print $5}' > nmap-liveIPs.txt

 # and now we scan, say, 50 hosts at a time, which will cause few issues ever :P
 # make a file handle
 COUNT = $(wc -l nmap-liveIPs.txt)
 echo "[i] Starting scan of $COUNT hosts..."
 echo "[i] Creating file handle..."
 exec 5< nmap-liveIPs.txt

 while read line1 <&5 ; do
        echo $line1 > /tmp/nmap.txt	
 	for i in {1..49}; do 
 		read end1 <&5; 
 		if [ -z $end1 ] 
 		then 
 			break
 		else
 			echo $end1 >> /tmp/nmap.txt
 		fi
 	done; 
 	echo "[i] Starting IP is " $line1; 
 	echo "[i] Ending IP is " $end1;
 	# tweak your parameters here - we'll just do -A on 1000 top ports
 	# for now...
 	nmap -A --top-ports 1000 -iL /tmp/nmap.txt -oX scan-$line1-to-$end1.xml
 done

 echo "[i] Cleaning up..."
 # not deleting /tmp/nmap.txt nor ./nmap-liveIPs.txt here, just in case you 
 # have to kill the scan and then work out what was going on later :P
 exec 5<&-
	#!/bin/bash

	# nmap scanning for speed and accuracy!
	# nmap discovery and nmap scanning don't always play well together. As such,
	# you should separate them out into distinct phases.

	# first we do discovery...
	# a ping sweep on an internal network will find what you need.
	# FIXME make the script take command line args (I've always meant to do this...)
	#first, a quick ping sweep, dumping live IP's into a file:
	echo "[i] Starting discovery..."
	sudo nmap -n -sn -PE 192.168.0.0/22 \| grep report \| awk '{print $5}' > nmap-liveIPs.txt

	# and now we scan, say, 50 hosts at a time, which will cause few issues ever :P
	# make a file handle
	COUNT = $(wc -l nmap-liveIPs.txt)
	echo "[i] Starting scan of $COUNT hosts..."
	echo "[i] Creating file handle..."
	exec 5< nmap-liveIPs.txt

	while read line1 <&5 ; do
	echo $line1 > /tmp/nmap.txt
	for i in {1..49}; do
	read end1 <&5;
	if [ -z $end1 ]
	then
	break
	else
	echo $end1 >> /tmp/nmap.txt
	fi
	done;
	echo "[i] Starting IP is " $line1;
	echo "[i] Ending IP is " $end1;
	# tweak your parameters here - we'll just do -A on 1000 top ports
	# for now...
	nmap -A --top-ports 1000 -iL /tmp/nmap.txt -oX scan-$line1-to-$end1.xml
	done

	echo "[i] Cleaning up..."
	# not deleting /tmp/nmap.txt nor ./nmap-liveIPs.txt here, just in case you
	# have to kill the scan and then work out what was going on later :P
	exec 5<&-