• Home »
  • Security »
  • Backtrack 4: Information Gathering: Route: Netenum – Produce lists of hosts for other programs

Backtrack 4: Information Gathering: Route: Netenum – Produce lists of hosts for other programs

The next tool up for review is the netenum script. Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.

Lets take a look at the syntax for the tool:

root@666:~# netenum
Netenum
netenum <destination> [timeout] [verbosity]
if timeout is >0, pings are used to enum

Timeout applies for the whole operation!
Verbosity is between 0 (quiet) to 3 (verbose)

As you can see this is a really simple tool. Its best use would be to use it in a shell script.

Check out the following example for a HSRP attack:

 for i in `netenum 192.168.1.0/26`
 do
 	./hsrp -d ${i} -v192.168.1.22 -a cisco -g 1 -i eth0
 done

It can also just be used by itself to get a quick ping scan of a network:

root@666:~# netenum 192.168.1.0/24 10
192.168.1.1
192.168.1.5
192.168.1.30
192.168.1.100
192.168.1.104
192.168.1.144
192.168.1.187
192.168.1.195
192.168.1.241
192.168.1.242

Here is a example using the more verbose output:

root@666:~# netenum 192.168.1.0/24 10 3
        Netmask: 255.255.255.0
Targeting from 192.168.1.0 to 192.168.1.255
192.168.1.1 respond ... good
192.168.1.5 respond ... good
192.168.1.30 respond ... good
192.168.1.100 respond ... good
192.168.1.104 respond ... good
192.168.1.144 respond ... good
192.168.1.187 respond ... good
192.168.1.195 respond ... good
192.168.1.241 respond ... good
192.168.1.242 respond ... good
ping round is at 1
192.168.1.30 respond ... good
192.168.1.5 respond ... good
192.168.1.30 respond ... good
192.168.1.5 respond ... good
192.168.1.1 respond ... good
192.168.1.5 respond ... good
192.168.1.30 respond ... good
192.168.1.195 respond ... good
192.168.1.100 respond ... good
192.168.1.104 respond ... good
ping round is at 2
192.168.1.144 respond ... good
192.168.1.187 respond ... good
192.168.1.241 respond ... good
192.168.1.242 respond ... good
192.168.1.195 respond ... good
192.168.1.30 respond ... good
192.168.1.5 respond ... good
192.168.1.195 respond ... good
192.168.1.30 respond ... good
192.168.1.5 respond ... good
192.168.1.1 respond ... good
192.168.1.5 respond ... good
ping round is at 3
192.168.1.30 respond ... good
192.168.1.100 respond ... good
192.168.1.104 respond ... good
192.168.1.144 respond ... good
192.168.1.187 respond ... good
192.168.1.195 respond ... good
192.168.1.241 respond ... good
192.168.1.242 respond ... good
192.168.1.30 respond ... good
192.168.1.5 respond ... good
192.168.1.195 respond ... good
10 targets found
192.168.1.1
192.168.1.5
192.168.1.30
192.168.1.100
192.168.1.104
192.168.1.144
192.168.1.187
192.168.1.195
192.168.1.241
192.168.1.242

Once again, not the best tool in the world but useful to be able to easily call in scripts.


List Price: $49.99 USD
New From: $39.99 USD In Stock
Used from: $1.20 USD In Stock

Penetration Tester's Open Source Toolkit, Vol. 2 (Paperback)

By (author): Jeremy Faircloth, Chris Hurley, Jesse Varsalone


List Price: $61.95 USD
New From: $41.33 USD In Stock
Used from: $13.10 USD In Stock

Share