21

I'm new to bash scripting and I'm trying to get this working:

Scanning an IP range for finding devices with the port 80 open... I think it has to look like this:

#!/bin/bash
echo -----------------------------------
for ip in 192.168.0.{1,.255}; do
nmap -p80 192.168.0.1
      if #open; then
            echo "{ip} has the port 80 open"
      else
            #do nothing
fi
done
echo -----------------------------------
exit 0

I also just want to see the results like this:

-----------------------------------
192.168.0.1 has the port 80 open
192.168.0.10 has the port 80 open
192.168.0.13 has the port 80 open
192.168.0.15 has the port 80 open
-----------------------------------

(So without errors or nmap's normal outputs..)

Can someone help me for this?

ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
bananah
  • 211
  • 1
  • 2
  • 3
  • 1
    You can do this without writing a shellscript. `nmap` supports address ranges and specific port scanning, both as command line arguments. Check out the manpage, or documentation at `nmap.org`. – ire_and_curses Sep 22 '10 at 20:11
  • 1
    You should use nmap options to do what you want. However, here's a little syntax help: `for ip in 192.168.0.{1,255}` (without the extra dot) will give you 192.168.0.1 and 192.168.0.255 *only*. If you want the range from 1 to 255 inclusive, do this: `for ip in 192.168.0.{1..255}` then your `nmap` command would use this variable: `nmap -p80 "$ip"` – Dennis Williamson Sep 23 '10 at 02:12

2 Answers2

45

nmap comes with a nice output parameter -oG (grepable output) which makes parsing more easy. Also it is not necessary to iterate through all IP addresses you want to scan. nmap is netmask aware.

Your example can be written as:

nmap -p80 192.168.0.0/24 -oG - | grep 80/open

The -oG enables the grepable output, and - specifies the file to output to (in this case stdout). The pipe symbol redirects the output of nmap (stdout) to grep, which only returns lines containing 80/open in this case.

Manuel Faux
  • 2,317
  • 5
  • 24
  • 35
  • Thanks for you answers... I sadly don't get an output with your code... I just get these lines (in a shell script): mass_dns: warning: Unable to open /etc/resolv.conf. Try using--system-dns or specify valid servers with --dns servers mass_dns: warning Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers And the same lines but with an output in a Term. Problem is i want to keep the ip of the device with the open port in a var... – bananah Sep 23 '10 at 21:47
  • Is your `/etc/resolv.conf` configured correctly, say it contains at least one valid DNS server? Try using the `-n` switch of nmap, to permanently disable any (reverse) DNS lookups. What do you exacly mean by _keep the IP of the device in a variable_? What is you aim? – Manuel Faux Sep 23 '10 at 22:19
18

Try this

nmap --open -p80 192.168.0.*

The --open will only list host with port 80 open. This way you save having to check in your shell script as filtering is already done by nmap itself.

https://nmap.org/book/man-briefoptions.html

mwfearnley
  • 3,303
  • 2
  • 34
  • 35
Mohamed
  • 265
  • 3
  • 6