First we get all of the known hosts with Angry IP scanner. Then we launch a parallel nmap scan.

Get a list of possibly alive IPs with angry ip

Download angry IP:

Install and open the app.

Change fetchers to have the following selected: Ping, Hostname, Ports, MAC Vendor, MAC Address, Web detect, TTL, NetBIO Info.

Click the GEAR icon to get to the Preferences where you can change which ports to scan. Change port to scan to scan these ports: 20-23,24,25,80,111,443,3389,2049,4420-4422,8080

Click OK

Click on Tools Menu -> Selection -> Alive

Scroll thru the list, if any are missing add them to selection by holding Control and clicking on entry

Scan -> Export Selection -> Set filetype to XML -> save file to new directory

Save the file to an empty directory, as we will be working here and generating more files

Now lets run parallel NMAPs against the results

Open cygwin or bash into the directory

cd <that directory>

In the simplest case we could do this. This will create an nmap-output directory and save all of the nmap results there. It will launch 5 nmap processes at a time until completion. If there is less then 5 IP or nmaps to run, thats okay, it will only launch that many.

mkdir nmap-output 2> /dev/null; cat *xml | grep "host add" | cut -f2 -d'"' | sort | uniq | xargs -I{} -P5 bash -c 'nmap -vA {} &> nmap-output/nmap-vA-{}.out' &

However, we want to print date start and end:

mkdir nmap-output 2> /dev/null; cat *xml | grep "host add" | cut -f2 -d'"' | sort | uniq | xargs -I{} -P5 bash -c '(CMD="nmap -vA {}"; echo "DATE START: `date` `date +%s` :$CMD"; eval "$CMD"; echo "DATE END: `date` `date +%s`") &> nmap-output/nmap-vA-{}.out' &

Lets break down the different parts, so you can understand this long command:

mkdir nmap-output # creates the output directory nmap-output where we will dump all of the nmap results to

cat *xml | grep "host add" | cut -f2 -d'"' | sort | uniq # extracts ip addresses

We then send the IP addresses to xargs. Each IP address becomes {}. So we can use {} as the “variable” representing the IP. Here we launch 5 parallel processes. If one stops or finishes the next one continues. If all 5 end at same time, then we spawn 5 new ones to continue. This goes on until it completes. So you can change that 5 to be another number

xargs -I{} -P5 bash -c 'nmap -vA {} &> nmap-output/nmap-vA-{}.out' &

NOTE: that the output is specified with in the bash command and has the IP address {} that way each process logs to a different file.
Each process would log to the same file, if it were ran like this:

xargs -I{} -P5 bash -c 'nmap -vA {}' &> nmap-output/nmap-vA-{}.out'

TIP: if you want to do multiple commands or have more complicated bash commands with xargs, then kick off a bash -c and put your commands in single quotes. If you need variables bring them out with:

xargs 'command '"$variable"' other commands or options';

In my case I wanted to log start and end time of the NMAP so I used a more complicated bash string in my xargs. Its a combo of multiple commands. Without surrounding that with bash -c it wouldn’t have been possible:
(CMD="nmap -vA {}"; echo "DATE START: date date +%s :$CMD"; eval "$CMD"; echo "DATE END: date date +%s") &> nmap-output/nmap-vA-{}.out

Monitor the output with:

while true; do date; find . -ls -type f; jobs -p; sleep 0.5; done

You will see the files grow and also you will see if the job is still running.

Now its up to you what you want to do with the results.

Leave a Reply

Your email address will not be published. Required fields are marked *