Script to Find All IP Addresses on a Internal Network

I was working on a presentation this morning and as I was writing I realized I did not have a quick fast way to make a list of all the internal Ips on a LAN (Local Area network). Many of the tools I use including nmap, nessus and nexpose will accept a list of ips so  I decided to whip up a quick dirty shell script to get the job done.  I may clean it up in the future but for now it does its job. This is meant to work on Backtrack 4 but in its current state it will work on any Debian based distro. As always with any code found on the internet you use this at your own risk. Also I am sure this can be done better but like I said it was a 10 minute fix.

Here is the script:

Save it as ip_list.sh and give it execute permissions with chmod 755

#!/bin/bash
# Quick a dirty script to make a list of internal ips on a LAN
# Questions, Comments or Death Threats can be sent to crackers@question-defense.com
# This is made for Backtrack 4 so every one else is on their own

#set some variables
subnet=$(echo $2 | cut -f 1 -d .)
outfile=$subnet"_ip.list"
temp=ip.tmp

#Check for the proper arguments
if [ -z "$1" ]; then
    echo usage: $0 interface subnet
    echo "example: arp-scan eth0 192.168.1.0/24"
    exit
fi

if [ -z "$2" ]; then
    echo usage: $0 interface subnet
    echo "example: arp-scan eth0 192.168.1.0/24"
    exit
fi

#check for arp-scan
echo "Checking for arp-scan"
dpkg --status arp-scan | grep -q not-installed

if [ $? -eq 0 ]; then
    echo "Downloading arp-scan...."
    sudo apt-get install arp-scan -y
    else
    echo "arp-scan found!"
    fi

#running the scan
/usr/bin/arp-scan $1 $2 > $temp 2>/dev/null
cat ip.tmp | grep $subnet  | awk {'print $1'} > $outfile
rm -rf $temp

count=$(wc -l $outfile | awk {'print $1'})
echo $count "active ip's found"
dir=$(pwd)
echo "Your file is named" $outfile "and is located in the" $dir "directory"
Share