• Home »
  • »
  • Script to Find All IP Addresses on a Internal Network

Script to Find All IP Addresses on a Internal Network

I was working on a presentation this morning and as I was writing I realized I did not have a quick fast way to make a list of all the internal Ips on a LAN (Local Area network). Many of the tools I use including nmap, nessus and nexpose will accept a list of ips so  I decided to whip up a quick dirty shell script to get the job done.  I may clean it up in the future but for now it does its job. This is meant to work on Backtrack 4 but in its current state it will work on any Debian based distro. As always with any code found on the internet you use this at your own risk. Also I am sure this can be done better but like I said it was a 10 minute fix.

Here is the script:

Save it as ip_list.sh and give it execute permissions with chmod 755


  1. #!/bin/bash
  2. # Quick a dirty script to make a list of internal ips on a LAN
  3. # Questions, Comments or Death Threats can be sent to crackers@question-defense.com
  4. # This is made for Backtrack 4 so every one else is on their own
  6. #set some variables
  7. subnet=$(echo $2 | cut -f 1 -d .)
  8. outfile=$subnet"_ip.list"
  9. temp=ip.tmp
  11. #Check for the proper arguments
  12. if [ -z "$1" ]; then
  13.     echo usage: $0 interface subnet
  14.     echo "example: arp-scan eth0"
  15.     exit
  16. fi
  18. if [ -z "$2" ]; then
  19.     echo usage: $0 interface subnet
  20.     echo "example: arp-scan eth0"
  21.     exit
  22. fi
  24. #check for arp-scan
  25. echo "Checking for arp-scan"
  26. dpkg --status arp-scan | grep -q not-installed
  28. if [ $? -eq 0 ]; then
  29.     echo "Downloading arp-scan...."
  30.     sudo apt-get install arp-scan -y
  31.     else
  32.     echo "arp-scan found!"
  33.     fi
  35. #running the scan
  36. /usr/bin/arp-scan $1 $2 > $temp 2>/dev/null
  37. cat ip.tmp | grep $subnet  | awk {'print $1'} > $outfile
  38. rm -rf $temp
  40. count=$(wc -l $outfile | awk {'print $1'})
  41. echo $count "active ip's found"
  42. dir=$(pwd)
  43. echo "Your file is named" $outfile "and is located in the" $dir "directory"