Clicking on the genlist menu item in Backtrack Linux opens a terminal window and outputs the genlist help menu at the top. Genlist is a Perl script written to provide an easy way to generate a list of live hosts on a network or set of networks so you can then begin analyzing those hosts. All the genlist Perl script does is call nmap with the -sP switch and parse the results so only the live IP addresses are output and as simple as it seems its a handy little tool if you do penetration testing on a regular basis. Below we describe genlist in more detail and show an example of genlist in action.
genlist Current Version On Backtrack Linux 5 R3: 2.04
- root@bt:~# genlist -v
- genlist version 2.04 by Joshua D. Abraham
- root@bt:~#
The genlist application is located in the Backtrack menu at [ Backtrack > Miscellaneous > Miscellaneous Network ]. When you click genlist in the Miscellaneous Network menu it will launch a terminal window with the genlist help menu output at the top as shown in the below example.
Launch genlist Launched From Backtrack Menu:
- genlist - Backtrack - Miscellaneous - Miscellaneous Network - genlist
- Usage: genlist [Input Type] [General Options]
- Input Type:
- -s --scan <target> Ping Target Range ex: 10.0.0.\*
- Scan Options:
- -n --nmap <path> Path to Nmap executable
- --inter <interface> Perform Nmap Scan using non default interface
- General Options:
- -v --version Display version
- -h --help Display this information
- Send Comments to Joshua D. Abraham ( jabra@ccs.neu.edu )
- root@bt:~#
As you can see above there are not that many options available which is what makes genlist so handy. To generate a list of live hosts on a network you run genlist with the -s switch and add a network to ping sweep and pipe the output to a file for use during your testing as shown in the below example.
genlist Ping Scanner Backtrack Linux:
- root@bt:~# genlist -s 192.168.1.0/24
- 192.168.1.1
- 192.168.1.2
- 192.168.1.5
- 192.168.1.10
- 192.168.1.14
- 192.168.1.15
- 192.168.1.22
- 192.168.1.33
- 192.168.1.34
- 192.168.1.35
- 192.168.1.36
- 192.168.1.50
- 192.168.1.55
- 192.168.1.65
- 192.168.1.75
- 192.168.1.77
- 192.168.1.88
- 192.168.1.101
- 192.168.1.103
- 192.168.1.116
- 192.168.1.120
- 192.168.1.121
- 192.168.1.142
- 192.168.1.199
- 192.168.1.221
- 192.168.1.222
- 192.168.1.223
- 192.168.1.244
- 192.168.1.245
- 192.168.1.254
- root@bt:~#
Again all that the genlist ping scanner is really doing is calling “nmap -sP”, inserting the network you provided after the -s switch, and parsing the results for you. The above example shows the results output directly to the terminal window however you would normally output the results to a file for use during a penetration test as shown by the below example command without any output.
Output genlist Ping Scanner Results To File On Backtrack:
- genlist -s 192.168.1.0/24 > network_192-168-1-0_24
The contents of the file would look exactly the same as the first example output above. If you are curious how genlist obtains the results it uses “nmap -sP” so for the above two examples it would be the same as running “nmap -sP 192.168.1.0/24” and cleans up the output so all you get in the end is a list of “live” hosts on the network. It should also be noted that newer versions of nmap appear to be moving away from “nmap -sP” and instead ask that you use “nmap -sn”.
nmap Ping Scan Details:
A nmap ping scan, which is what is used by genlist, does not just send a ICMP request to a host and wait for a reply before marking it as up. Instead nmap -sn will send a ICMP echo request, TCP SYN to port 443, TCP ACK to port 80, and a ICMP timestamp request. Having an accurate list of hosts to test on a network is important so using genlist or nmap -sP/nmap -sn is important versus just using something like ICMP itself.
Thanks to Jabra for putting this script together!