2
1
The following 2 questions have been useful for finding hosts on a target network:
- http://superuser.com/q/311019/45927
- http://security.stackexchange.com/q/36198/35859
However, answers in both questions assume I know the network address and mask (subnet, I guess?) in advance (192.168.0.0/24, 172.18.72.0/24, etc).
How can I find hosts on any/all connected networks without specifying the subnet in advance?
I know I can list the network devices using ip address show
(Arch Linux), ifconfig
(*nix, OS X), or ipconfig
(Windows) depending on the operating system.
Furthermore, Is there a reliable way to do it across operating systems? From Linux to OS X to Windows?
You listed all the tools you need already. ifconfig/ipconfig would be the way to get the IP/subnet mask across all networks, and you can filter it down with batch/bash, but you'd likely need something like python or perl to manage the return strings and run them through nmap. The basic answer is to use a scripting language. – MaQleod – 2013-12-18T03:06:01.363
Drat, I was hoping to take the easy way out and find an already finished implementation. I also didn't think it was normal for parsing ifconfig/ipconfig input. I was hoping to drive something like
netsh
on Windows. – Ehtesh Choudhury – 2013-12-18T03:17:02.093