In this lab we did numerous manual ways of automating host discovery and formatting an output for a list of targets.

ip sweeper using ping:

for ip in $(seq 2 50); do ping -c 1 -w 1 10.0.5.$ip &> /dev/null && echo 10.0.5.$ip >> sweep.txt; done

same thing but with fping:

for ip in $(seq 2 50); do fping -c 1 -a 10.0.5.$ip && echo 10.0.5.$ip >> sweep2.txt; done

Here, the -a flag filters for only alive hosts, so i can discard the &> /dev/null seen in the first ip sweeper.

nmap scan using range of IPs and outputting results:

for ip in $(seq 2 50); do nmap -sn 10.0.5.$ip | grep "1 host up" && echo 10.0.5.$ip >> sweep3.txt; done

I just grepped for "1 host up" because that's a unique output to alive hosts.

Reflections:

• Couldn't figure out how to get the ip sweeper using ping for some reason. I did the exact same thing I did in in the nmap scan- using grep to filter results, but it wasn't working. I had to look up a solution online to filter out machines that weren't responding which is where i found the /dev/null from.