EvilZone

Hacking and Security => Beginner's Corner => : hack3rcon October 31, 2015, 02:26:47 PM

: Discover all IP addresses in a Local network.
: hack3rcon October 31, 2015, 02:26:47 PM
Hello.
I need a tool that help me for finding all IP addresses in a local network. I found some tools like "AutoScan" or "netdiscover" but these tools can't working properly in a Vlans networks.

Any idea?
: Re: Discover all IP addresses in a Local network.
: RedBullAddicted October 31, 2015, 06:24:09 PM
I am not sure if I understood your question. You want to get all ip ranges a network uses with a scanner? Well, you could use any subnet scanner and let it scan all private ip address ranges (https://en.wikipedia.org/wiki/Private_network).. lol. That will take a lot of time. The other option would be guessing the ranges. If your client is located in a 10.10.0.0/24 network you could try to scan the range 10.10.0.0/16 for example and see what you can find. Another way is to capture a good amount of network packets and go through them. I explained it here (its old and not very good.. but should give you an idea what I am talking about) https://evilzone.org/tutorials/(tutorial)-basic-network-discovery
Start to get creative.. maybe you can get those information from a L3 switch or router. HP for example has a default setting which looks like this "snmp-server community public unrestricted". Seen lots of devices where the admins did not remove that part of the config.

Hope that helps??
: Re: Discover all IP addresses in a Local network.
: hack3rcon November 01, 2015, 07:51:02 AM
I am not sure if I understood your question. You want to get all ip ranges a network uses with a scanner? Well, you could use any subnet scanner and let it scan all private ip address ranges (https://en.wikipedia.org/wiki/Private_network).. lol. That will take a lot of time. The other option would be guessing the ranges. If your client is located in a 10.10.0.0/24 network you could try to scan the range 10.10.0.0/16 for example and see what you can find. Another way is to capture a good amount of network packets and go through them. I explained it here (its old and not very good.. but should give you an idea what I am talking about) https://evilzone.org/tutorials/(tutorial)-basic-network-discovery
Start to get creative.. maybe you can get those information from a L3 switch or router. HP for example has a default setting which looks like this "snmp-server community public unrestricted". Seen lots of devices where the admins did not remove that part of the config.

Hope that helps??

Consider it, You are at a company and want to know how many devices and ip ranges are exist. What do you do? Some tools like I said can help you but not working with VLANs very good.
: Re: Discover all IP addresses in a Local network.
: SilentCircle November 01, 2015, 08:32:39 PM
Have you found out how to do ot if not semd me a pm id gladly help


Sent from my iPhone using Tapatalk
: Re: Discover all IP addresses in a Local network.
: RedBullAddicted November 02, 2015, 09:04:49 AM
Consider it, You are at a company and want to know how many devices and ip ranges are exist. What do you do? Some tools like I said can help you but not working with VLANs very good.

Yep, I would do what I explained above  :)

Have you found out how to do ot if not semd me a pm id gladly help


Sent from my iPhone using Tapatalk

Why don't you just post here? I would like to hear about your solution too.
: Re: Discover all IP addresses in a Local network.
: 0E 800 November 02, 2015, 06:24:53 PM
For Windows use Wnetwatcher:
http://www.nirsoft.net/utils/wireless_network_watcher.html

Or use AngryIpscanner  (windows, mac, linux)
http://angryip.org/download/


Feel like this question should have been googled first.
: Re: Discover all IP addresses in a Local network.
: romancodis November 19, 2015, 10:25:21 AM
For Windows use Wnetwatcher:
http://www.nirsoft.net/utils/wireless_network_watcher.html

Or use AngryIpscanner  (windows, mac, linux)
http://angryip.org/download/


Feel like this question should have been googled first.



yes OE 800  said correctly , angry ip scanner is the better solution for it
: Re: Discover all IP addresses in a Local network.
: th31nitiate November 19, 2015, 10:11:22 PM
Guy would nmap just work as good though with the right switch's ?

OE800 is right thought angryIP is a good one, first port scanner i ever used on video, i found a shopadmin box once but i didn’t know what it was or what to do with it then
: Re: Discover all IP addresses in a Local network.
: ghostdragon December 26, 2015, 01:00:22 PM
arpscan?
: Re: Discover all IP addresses in a Local network.
: spaceman December 26, 2015, 02:34:20 PM
Search sone quick tutorials for nmap on google and you toobe it is very good tool.
: Re: Discover all IP addresses in a Local network.
: kurp December 27, 2015, 08:25:19 PM
Try: nmap -sP 192.168.2.1/24

If that doesn't work try:
sudo nmap -sP -PS22,3389 192.168.2.1/24 #custom TCP SYN scan
sudo nmap -sP -PU161 192.168.2.1/24 #custom UDP scan
: Re: Discover all IP addresses in a Local network.
: deltonos December 28, 2015, 03:32:50 PM
arpscan?
Arpscan & nbtscan  good tools for a fast "network" discovery. Into a pentest, in a corporative network... there is always at leas 1 windows :)

Regards!
: Re: Discover all IP addresses in a Local network.
: CRAZYBUDDY January 05, 2016, 04:38:57 PM
For Windows use Wnetwatcher:
http://www.nirsoft.net/utils/wireless_network_watcher.html

Or use AngryIpscanner  (windows, mac, linux)
http://angryip.org/download/


Feel like this question should have been googled first.
Totally agreed with this, i myself use Angryipscanner to get ip addresses and stuff and to discover more like passwords i prefer using cainandabel or for much deeper solution to monitor network i prefer wireshark. please google with those names. you'll see em+how 2s
 ;)
: Re: Discover all IP addresses in a Local network.
: overflow January 06, 2016, 02:41:45 AM
You can do the nmap -sn command followed by ip range to check for hosts on a network, example:

nmap -sn 192.168.2.200-254

Hope that helps! If further questions into this don't hesitate to pm me.
: Re: Discover all IP addresses in a Local network.
: John200Ok January 08, 2016, 03:58:57 PM
I am not sure what you meant,but KisMac might help you i guess :D
: Re: Discover all IP addresses in a Local network.
: m0rph January 10, 2016, 06:29:37 PM
Jesus Christ...you don't necessarily need tools to do this...if you want to discover all ICMP Echo request enabled devices on your subnet you can simply use native system commands.
:
for /L %i in (1,1,254) do @ping -n 1 -w 1 X.X.X.%i | find "from"
Alternatively on linux:
:
for i in `seq 1 254`; do ping -c 1 -W 1 X.X.X.$i | grep 'from'; done
Granted, you will not be able to discover devices that have ICMP Echo requests disabled and you will limit your ping sweeps to one particular subnet, but I digress. Learn to use your damn system before you start looking for tools.
: Re: Discover all IP addresses in a Local network.
: Matabufalez January 14, 2016, 01:37:29 PM
Nmap is your friend.
: Re: Discover all IP addresses in a Local network.
: sdksdk January 16, 2016, 09:09:04 PM
You can use wireshark ( for more detailed ) or nmap.
Best tools for the job ;).
: Re: Discover all IP addresses in a Local network.
: neom January 19, 2016, 01:13:47 PM
Check which IP address your host gets when you plug it in the network. For example, if it is something like 192.168.xxx.xxx, you can use Nmap or any other tools stated above to look after live hosts or at least hosts that respond to ICMP. By doing that you should discovery every responsive IP address in the range of 192.168.

If you are in a at least a decent corporate network you shouldn't be able to connect to others subnets from a regular workstation and by that I mean you won't reach different networks like 10.xxx.xxx.xxx or something like that.

A quick Google search returns the following command to use in a CMD on Windows systems:

FOR /L %i IN (1,1,254) DO ping -a -n 1 192.168.10.%i | FIND /i "Reply">>c:\ipaddresses.txt

This will try to ping all addresses contained in 192.168.10.1-254, resolve their names and write it down on a .txt file at "c:". "%i" is the variable
: Re: Discover all IP addresses in a Local network.
: blindfuzzy January 19, 2016, 01:45:51 PM
Jesus Christ...you don't necessarily need tools to do this...if you want to discover all ICMP Echo request enabled devices on your subnet you can simply use native system commands.
:
for /L %i in (1,1,254) do @ping -n 1 -w 1 X.X.X.%i | find "from"
Alternatively on linux:
:
for i in `seq 1 254`; do ping -c 1 -W 1 X.X.X.$i | grep 'from'; done
Granted, you will not be able to discover devices that have ICMP Echo requests disabled and you will limit your ping sweeps to one particular subnet, but I digress. Learn to use your damn system before you start looking for tools.

Agreed and when you're done relying solely on tools(they are easier after all) OP...turn the above into a bash script and tweak it to better fit your needs. 

More info on how an attacker can use ICMP for recon: https://www.sans.org/security-resources/idfaq/icmp_misuse.php

Nmap is your friend.
Not always. Tools like this are loud. (It is a good tool though btw...if used effectively)