virusz Posted August 3, 2006 Report Posted August 3, 2006 This is written on the fly by me for the English People SmileThe thoughts are :I have an Exploit, or im Scanning and doing Pentests in the wild with nessus.But its so slow sience Nessus pings the Hosts itselfs and checks them...andere here is the Way with Nmap WinkLet nmap do a speedy pingtest on the ranges, and living hosts into a file, and put them to Nessus.Thats a faster way, as scanning with Nessus manually in the Wild RazzHere are two from me :This here will check all IP Adresses from the Network 192.168.0.0/16 ( Range : 192.168.0.0-192.168.254.254 ) (Ping Test), and write them to the file -> hosts_up1.txtgrep up, will grep onle the hosts where are up, awk will write the IP Only, from this Host in the File (because some pentesting tools like nessus only supports single ips in target files.)nmap -n -sP -v --min-parallelism 64 -T4 192.168.0.0/16 | grep up | awk '{ print $2 }' >> hosts_up1.txtLet me explain another command, sience you have now a file with online hosts and you have an exploit here is an example with the old exploit "openssl-too-open" :We scan these Living hosts for Open Port 443 and write these responding hosts to a file, i'm using sed to filter the results sience nmap output is like this :192.168.4.6:192.168.7.4:etcwe must filter the ':' to make this al working ip_target list for the other Programs, im using the Unix Program sed:nmap -iL hosts_up1.txt -p 443 -n | grep -B 2 open | grep on | awk '{ print $4 }' | sed 's/':'/''/g' >> ssl-hosts.txtnow we can use openssl-scanner to scan the ssl_scan.txt Wink...thats are some examples how to fighting with nmap, with those variables its a real dangerous and speedy tool.have fun Quote
