EvilZone
Hacking and Security => Beginner's Corner => : hack3rcon October 31, 2015, 02:26:47 PM
-
Hello.
I need a tool that help me for finding all IP addresses in a local network. I found some tools like "AutoScan" or "netdiscover" but these tools can't working properly in a Vlans networks.
Any idea?
-
I am not sure if I understood your question. You want to get all ip ranges a network uses with a scanner? Well, you could use any subnet scanner and let it scan all private ip address ranges (https://en.wikipedia.org/wiki/Private_network).. lol. That will take a lot of time. The other option would be guessing the ranges. If your client is located in a 10.10.0.0/24 network you could try to scan the range 10.10.0.0/16 for example and see what you can find. Another way is to capture a good amount of network packets and go through them. I explained it here (its old and not very good.. but should give you an idea what I am talking about) https://evilzone.org/tutorials/(tutorial)-basic-network-discovery
Start to get creative.. maybe you can get those information from a L3 switch or router. HP for example has a default setting which looks like this "snmp-server community public unrestricted". Seen lots of devices where the admins did not remove that part of the config.
Hope that helps??
-
I am not sure if I understood your question. You want to get all ip ranges a network uses with a scanner? Well, you could use any subnet scanner and let it scan all private ip address ranges (https://en.wikipedia.org/wiki/Private_network).. lol. That will take a lot of time. The other option would be guessing the ranges. If your client is located in a 10.10.0.0/24 network you could try to scan the range 10.10.0.0/16 for example and see what you can find. Another way is to capture a good amount of network packets and go through them. I explained it here (its old and not very good.. but should give you an idea what I am talking about) https://evilzone.org/tutorials/(tutorial)-basic-network-discovery
Start to get creative.. maybe you can get those information from a L3 switch or router. HP for example has a default setting which looks like this "snmp-server community public unrestricted". Seen lots of devices where the admins did not remove that part of the config.
Hope that helps??
Consider it, You are at a company and want to know how many devices and ip ranges are exist. What do you do? Some tools like I said can help you but not working with VLANs very good.
-
Have you found out how to do ot if not semd me a pm id gladly help
Sent from my iPhone using Tapatalk
-
Consider it, You are at a company and want to know how many devices and ip ranges are exist. What do you do? Some tools like I said can help you but not working with VLANs very good.
Yep, I would do what I explained above :)
Have you found out how to do ot if not semd me a pm id gladly help
Sent from my iPhone using Tapatalk
Why don't you just post here? I would like to hear about your solution too.
-
For Windows use Wnetwatcher:
http://www.nirsoft.net/utils/wireless_network_watcher.html
Or use AngryIpscanner (windows, mac, linux)
http://angryip.org/download/
Feel like this question should have been googled first.
-
For Windows use Wnetwatcher:
http://www.nirsoft.net/utils/wireless_network_watcher.html
Or use AngryIpscanner (windows, mac, linux)
http://angryip.org/download/
Feel like this question should have been googled first.
yes OE 800 said correctly , angry ip scanner is the better solution for it
-
Guy would nmap just work as good though with the right switch's ?
OE800 is right thought angryIP is a good one, first port scanner i ever used on video, i found a shopadmin box once but i didn’t know what it was or what to do with it then
-
arpscan?
-
Search sone quick tutorials for nmap on google and you toobe it is very good tool.
-
Try: nmap -sP 192.168.2.1/24
If that doesn't work try:
sudo nmap -sP -PS22,3389 192.168.2.1/24 #custom TCP SYN scan
sudo nmap -sP -PU161 192.168.2.1/24 #custom UDP scan
-
arpscan?
Arpscan & nbtscan good tools for a fast "network" discovery. Into a pentest, in a corporative network... there is always at leas 1 windows :)
Regards!
-
For Windows use Wnetwatcher:
http://www.nirsoft.net/utils/wireless_network_watcher.html
Or use AngryIpscanner (windows, mac, linux)
http://angryip.org/download/
Feel like this question should have been googled first.
Totally agreed with this, i myself use Angryipscanner to get ip addresses and stuff and to discover more like passwords i prefer using cainandabel or for much deeper solution to monitor network i prefer wireshark. please google with those names. you'll see em+how 2s
;)
-
You can do the nmap -sn command followed by ip range to check for hosts on a network, example:
nmap -sn 192.168.2.200-254
Hope that helps! If further questions into this don't hesitate to pm me.
-
I am not sure what you meant,but KisMac might help you i guess :D
-
Jesus Christ...you don't necessarily need tools to do this...if you want to discover all ICMP Echo request enabled devices on your subnet you can simply use native system commands.
for /L %i in (1,1,254) do @ping -n 1 -w 1 X.X.X.%i | find "from"
Alternatively on linux:
for i in `seq 1 254`; do ping -c 1 -W 1 X.X.X.$i | grep 'from'; done
Granted, you will not be able to discover devices that have ICMP Echo requests disabled and you will limit your ping sweeps to one particular subnet, but I digress. Learn to use your damn system before you start looking for tools.
-
Nmap is your friend.
-
You can use wireshark ( for more detailed ) or nmap.
Best tools for the job ;).
-
Check which IP address your host gets when you plug it in the network. For example, if it is something like 192.168.xxx.xxx, you can use Nmap or any other tools stated above to look after live hosts or at least hosts that respond to ICMP. By doing that you should discovery every responsive IP address in the range of 192.168.
If you are in a at least a decent corporate network you shouldn't be able to connect to others subnets from a regular workstation and by that I mean you won't reach different networks like 10.xxx.xxx.xxx or something like that.
A quick Google search returns the following command to use in a CMD on Windows systems:
FOR /L %i IN (1,1,254) DO ping -a -n 1 192.168.10.%i | FIND /i "Reply">>c:\ipaddresses.txt
This will try to ping all addresses contained in 192.168.10.1-254, resolve their names and write it down on a .txt file at "c:". "%i" is the variable
-
Jesus Christ...you don't necessarily need tools to do this...if you want to discover all ICMP Echo request enabled devices on your subnet you can simply use native system commands.
for /L %i in (1,1,254) do @ping -n 1 -w 1 X.X.X.%i | find "from"
Alternatively on linux:
for i in `seq 1 254`; do ping -c 1 -W 1 X.X.X.$i | grep 'from'; done
Granted, you will not be able to discover devices that have ICMP Echo requests disabled and you will limit your ping sweeps to one particular subnet, but I digress. Learn to use your damn system before you start looking for tools.
Agreed and when you're done relying solely on tools(they are easier after all) OP...turn the above into a bash script and tweak it to better fit your needs.
More info on how an attacker can use ICMP for recon: https://www.sans.org/security-resources/idfaq/icmp_misuse.php
Nmap is your friend.
Not always. Tools like this are loud. (It is a good tool though btw...if used effectively)