• Home »
  • Security »
  • Backtrack 4: Information Gathering: Route: Netenum – Produce lists of hosts for other programs

Backtrack 4: Information Gathering: Route: Netenum – Produce lists of hosts for other programs

The next tool up for review is the netenum script. Netenum can be used to produce lists of hosts for other programs. It’s not as powerful as other ping-sweep tools, but it’s simple. When giving a timeout, it uses ICMP echo request to find available hosts. If you don’t supply a timeout, it just prints an IP address per line, so you can use them in shell scripts.

Lets take a look at the syntax for the tool:

bash

  1. root@666:~# netenum
  2. Netenum
  3. netenum <destination> [timeout] [verbosity]
  4. if timeout is >0, pings are used to enum

Timeout applies for the whole operation!
Verbosity is between 0 (quiet) to 3 (verbose)

As you can see this is a really simple tool. Its best use would be to use it in a shell script.

Check out the following example for a HSRP attack:

bash

  1. for i in `netenum 192.168.1.0/26`
  2.  do
  3.     ./hsrp -d ${i} -v192.168.1.22 -a cisco -g 1 -i eth0
  4.  done

It can also just be used by itself to get a quick ping scan of a network:

bash

  1. root@666:~# netenum 192.168.1.0/24 10
  2. 192.168.1.1
  3. 192.168.1.5
  4. 192.168.1.30
  5. 192.168.1.100
  6. 192.168.1.104
  7. 192.168.1.144
  8. 192.168.1.187
  9. 192.168.1.195
  10. 192.168.1.241
  11. 192.168.1.242

Here is a example using the more verbose output:

bash

  1. root@666:~# netenum 192.168.1.0/24 10 3
  2.         Netmask: 255.255.255.0
  3. Targeting from 192.168.1.0 to 192.168.1.255
  4. 192.168.1.1 respond ... good
  5. 192.168.1.5 respond ... good
  6. 192.168.1.30 respond ... good
  7. 192.168.1.100 respond ... good
  8. 192.168.1.104 respond ... good
  9. 192.168.1.144 respond ... good
  10. 192.168.1.187 respond ... good
  11. 192.168.1.195 respond ... good
  12. 192.168.1.241 respond ... good
  13. 192.168.1.242 respond ... good
  14. ping round is at 1
  15. 192.168.1.30 respond ... good
  16. 192.168.1.5 respond ... good
  17. 192.168.1.30 respond ... good
  18. 192.168.1.5 respond ... good
  19. 192.168.1.1 respond ... good
  20. 192.168.1.5 respond ... good
  21. 192.168.1.30 respond ... good
  22. 192.168.1.195 respond ... good
  23. 192.168.1.100 respond ... good
  24. 192.168.1.104 respond ... good
  25. ping round is at 2
  26. 192.168.1.144 respond ... good
  27. 192.168.1.187 respond ... good
  28. 192.168.1.241 respond ... good
  29. 192.168.1.242 respond ... good
  30. 192.168.1.195 respond ... good
  31. 192.168.1.30 respond ... good
  32. 192.168.1.5 respond ... good
  33. 192.168.1.195 respond ... good
  34. 192.168.1.30 respond ... good
  35. 192.168.1.5 respond ... good
  36. 192.168.1.1 respond ... good
  37. 192.168.1.5 respond ... good
  38. ping round is at 3
  39. 192.168.1.30 respond ... good
  40. 192.168.1.100 respond ... good
  41. 192.168.1.104 respond ... good
  42. 192.168.1.144 respond ... good
  43. 192.168.1.187 respond ... good
  44. 192.168.1.195 respond ... good
  45. 192.168.1.241 respond ... good
  46. 192.168.1.242 respond ... good
  47. 192.168.1.30 respond ... good
  48. 192.168.1.5 respond ... good
  49. 192.168.1.195 respond ... good
  50. 10 targets found
  51. 192.168.1.1
  52. 192.168.1.5
  53. 192.168.1.30
  54. 192.168.1.100
  55. 192.168.1.104
  56. 192.168.1.144
  57. 192.168.1.187
  58. 192.168.1.195
  59. 192.168.1.241
  60. 192.168.1.242

Once again, not the best tool in the world but useful to be able to easily call in scripts.

Penetration Tester’s Open Source Toolkit, Vol. 2 (Paperback)


List Price: $61.95
New From: $14.50 USD In Stock
Used from: $0.01 USD In Stock

Share