Skip to content

Home

Jump to bottom
Long Duck Dong edited this page Jan 31, 2022 · 1 revision

Welcome to the IPsweep wiki!

Creating a basic IP sweeper with BASH. This is my first official #BASH script that I created to automate the process to scan and collect IP addresses within a class C network. Hey everyone! As I stated in my introduction, I wanted to take some time to start demonstrating my learning path. My first documentation will be on my first bash script. Shout-out Heath Adams (The Cyber Mentor) and his Ethical Hacking course; I am currently taking his course and found the section on scripting to be extremely helpful! If you are new to cybersecurity and needing to work on your ethical hacking skills, I would suggest Heath’s Ethical Hacking course as it helped me tremendously! There is a link to his course below! What is a BASH? A bash script is a plain text file containing a series of commands. BASH (or Bourne Again SHell) is an updated version of shell and allows you to efficiently perform many tasks. For example, you can use BASH to perform operations on multiple files quickly via the command line. These commands are a mixture of commands we would normally type using “CLI” (Command Line Interface), such as ls (List contents of directory) or cp (copy), for example. “Anything you can run normally on the command line can be put into a script and it will do exactly the same thing. Similarly, anything you can put into a script can also be run normally on the command line and it will do exactly the same thing.”

Identifying the Script Below is a quick image of the bash script I am going to create to accomplish my task. The goal is to create a simple script that when we call its command and present a parameter example: ./ipsweep.sh 192.168.1 It returns IP addresses within the network we are identifying. Thus, allowing us to collect a large amount of data (IP addresses) and then save them or insert them as sanitized data. For this project, I used the following tools: • Oracle VM Virtual box • Kali Linux • Mousepad- basic text editor (pre-installed on Kali Linux) Basic script within mousepad text editor. One of the first things we need to do is find our IP address for our network. Using the “Ifconfig” command for Unix/Linux/Mac and “Ipconfig” for windows machines. Below we see that my IP address is 192.168.1.98 for my Kali machine. We want to pay attention to the first three octets (or sections) of our IP address (192.169.1) this identifies our network, and this is what we want to use when we are scanning later. ifconfig command showing my network IP 192.168.1.98. A cool ping flag I learned from Heath was the -c 1, this limits your ping to 1 count instead of a continuous ping. In security testing, this is a great little alternative as you can stop yourself from getting blocked by a target, i.e., pinging google, Google doesn’t like that, so your ping won’t last too long. You can also edit the number of ping results, if needed, by changing the 1 to whatever desired number you need. Ping command with the -c 1 flag. ping 192.168.1.98 -c 1 The above command gave us the output of one ping response. The reason we are doing this is to capture some search criteria to customize our bash script. Here, we are looking for the “64 bytes” area. We will use this as a parameter within our script to ensure when we scan, we are getting good ping results back and not clogging our results with IPs that aren’t needed. Next, we need to create a file to store our ping output. This will help us create our script. ping command with flag for 1 count and output to iplist.txt ping 192.168.1.98 -c 1 > iplist.txt Here we are pinging our address, requesting only 1 count (remember from above?), and then taking the result and putting into a new file iplist.txt. using the cat command to confirm our output. Here, we are just taking a moment to confirm our work and ensure we are on the right track. We use the “cat” command, or concatenate, which allows us to read a file. Using “cat iplist.txt” (you notice that the txt file is underlined- this is a great flag to reference as it confirms the file is a real file. If we misspelled the file name when trying to cat it, it would NOT underline!). Now, we can confirm the file did save our data correctly and we can move forward. using the grep command to get the term “64 bytes”. cat iplist.txt | grep “64 bytes” This command above allows us to build from the initial command and call for more specific data. The “grep” command allows us to search for a specific string of characters within a file or directory. Some points on this command, we are now using the “pipe” command, which allows us to do several things together, rather than enter the command individually. Pipe or the straight up and down line above the ENTER key, tells our machine that we want to run the first part of our command “cat” and then immediately run the “grep” command. Also, make note that within our grep command we also use “ “ to surround the specific string of characters we want to search, in this case “64 bytes”. Which our results are shown in the response to this command! (Noted in the above photo, 64 bytes is in red). cat command with grep and cut to pull the IP address output. cat iplist.txt | grep “64 bytes” | cut -d “ ” -f 4 Above we follow up with the “cat” and “grep” command with another command, “cut”. Cut allows us to select a specific string again from our grep search results. So, cat opens the file for us to read. Grep searches the file for what we are looking for and cut allows us to select and “copy” that search result. Take note to our cut command as we use the flag -d, which stands for delimiter, which specify a delimiter that will be used instead of the default “TAB” delimiter. Also, we see the “ ”, or quotation marks, with a space between them. We also use another flag, -f, which allows us to set a specific field, a set of fields, or a range of fields. This flag is completed with the number 4, because we want to focus on the fourth field of our results/output. Specifically, the field immediately after the IP address. Our IP address is a IPv4 address with 4 octets. Better to understand from the previous flag we just talked about, -f, 4 fields. So, the dot after 192 is our first field, the dot after 168 is our second field, the dot after 1 is our third field, and the colon (:) is our fourth field! This is important as it will ensure we are ONLY getting and saving the IP address and not the colon we grabbed earlier with our results. While this process may seem long and possibly redundant, we want to ensure our script is running properly and returning clean accurate results, thus making our work accurate. Because our earlier actions returned the IP address of 192.168.1.98:, we saved it as such, and this was pushed to the next command. The computer does not know what we are trying to accomplish and just does what its specifically told, that is why we walk this process step by step. Now, with our flag -f 4 set, our script tells the computer to take the output from “iplist.txt” and prepares it for our next step. cat command with grep, cut, and translate, to filter results. cat iplist.txt | grep “64 bytes” | cut -d “ ” -f 4 | tr -d “:” Our next step in building our script is to take the above output we got from the command “cat iplist.txt | grep “64 bytes” | cut -d “ ” -f 4", which produced the IP address and colon results (192.168.1.98:), is to ensure the computer properly removes only the colon within our results and creates a new output with just our IP address. We took our previous command and included the pipe command to tell the command to also perform “tr”, or a translate specific data from our IP address output. We included the flag -d with a parameter of “:”, which simply removes the colon from the results and returns our IP address like we need! Point of clarification/ interests. We started with the “cat” command to read our file “iplist.txt”. Each time we added a segment of commands to add to our initial request. Within your Linux environment, we use the up arrow to recall the last or previous commands we have used in the terminal we are currently in. Doing this, we can recall that last command to add the pipe and next segment of our request. Although this process seems long, when using the up arrow to add to the command, we are only taking a second or so to do this, but to explain in words and details, especially for new people to BASH or command line, I want to ensure the process is clear and understandable.

Now, we have a command string that does what we need, which we will use within our bash script (keeping in mind we will still be altering it as we move along, but we can easily copy/paste the command to move forward). We need to create the file “ipsweep.sh”, which the script will be saved to. This file is special by its file ending (.sh). The .sh is the extension for a scripting language commands file that contains computer program to be run by Unix shell. Command mousepad creating the ipsweep.sh file. mousepad ipsweep.sh Using the above command, we create our shell file to store our bash script. The mousepad command is a basic desktop text editor, but you can use whichever text editor you prefer. The created bash file entry point #! /bin/bash For the computer to recognize our bash script and perform our request, we must start the file off with a specific identifier called the declaration. The declaration tells the computer this is the start of the bash script and to run the following commands. We do this with the number sign # and an exclamation point! These characters together are all the “shebang” or “bang line”. There only function is to title the absolute path to the bash interpreter. After the shebang, we have the full path to the interpreter, in this case its “/bin/bash”. This is important within our Linux environment as all scripts within it execute using the interpreter stated on the first line. Below the shebang you see a multicolored line of commands, these should look familiar as we assembled this command line earlier during our initial ping activity. We have amended some of the commands by removing the “cat” command and adding the “ping” command. The reason is when we want our script to start, we want it to “ping” first, not “cat” a document. This command line will be edited a little more to configure the proper directions we need our computer to follow. Bash script file with updated command functions. Next, we see some addition words within our bash file. We have added two new lines to include some further instruction for our computer. The first line is important as it will now clarify that we want to search an IP range from .1 to .254 of the last octet. Again, remember our class C network has the first three octets of 192.168.1, the fourth octet isn’t defined yet as we want to scan the network for all the IP addresses between 192.168.1.1 to 192.168.1.254. We added the command “seq” or sequence to tell the computer to scan each IP in order, from .1 to .254. Now that we’ve told the computer to scan the different IP addresses, we need to loop this command. Why? Because our current command will just simply ping the first IP address and stop. We want the computer to ping an address, then ping the next, and so on. To do this, we are adding the following: for ip in seq 1 254; do The above line is called a “for loop”. It is telling our computer to loop through each ping and don't stop after each one. In essence, its saying “for IP (we are declaring the object as an IP address with this), in sequence 1 through 254. The sequence flag 1 254 is flanked by a specific character. This character is not an apostrophe, it is however located on the same key as your atilda mark up by the number 1 key. After this sequence flag, we use the semi colon and the word “do”. So, this “for loop” is saying for the IP address declared in sequence 1 through 254, do the following. Which below this we see our ping command. Now we are going to edit the ping flag to clarify some more detail. We want to give an argument instead of the specific IP address, to keep our coding clean. So instead of listing the specific IP address out each time, it'll simply list the argument identifier in sequence from 1 to 254. To do this, we will substitute the IP address given, 192.168.1.x, giving two different arguments here. The first argument will be for the “.x” or last octet of our IP address. This is where our sequenced numbers will be substituted during the “for loop”. The other argument will be for the first three octets, or 192.168.1. And to do this, we are going to use “$ip” to replace the x, and the dollar sign identifies the argument and IP calls back to the “for loop” command, i.e., the sequenced numbers 1 through 254. The other argument will be “$1”, which again identifies the initial IP address in which we are trying to ping its sub net, so 192.168.1 becomes $1. This creates the loop telling our computer how we want it to ping. Before we save this script and use it, we want to add an ampersand “&” to the end of our ping command just after the translate command. so, the “ping” command line will now look like this: ping -c $1.$ip | grep "64 bytes" | cut -d " " -f 4 | tr -d ":"& We finish the command off with the next line using the simple phrase “done”. This tells the computer, that is the end of my command.

Using our bash script. To ensure we have the proper rights to run this script, we are going to perform the following command real fast to clarify our rights to this: chmod +x ipsweep.sh Chmod is a command used to set the permissions of files or directories. Thus, who can read, write, or execute our IP sweep script. After performing the chmod command, we will use the next command to review and ensure we have set the proper permissions: ls -la Again, “ls -la” does the following: ls= lists the directory contents, and -la (2 part) uses “l” or long listing format and -a or all. Reviewing file permissions The above image shows our list of files in this directory. We easily see our ipsweep.sh file and review its permissions. We see we have the read/write/execute permissions for it and that is all that matters. Now we can run the IP sweep script! ./ipsweep.sh 192.168.1 ./ipsweep.sh results I did a “ifconfig” first for demonstration of my IP network address as a Proof of Concept (PoC). Then I ran the ipsweep command as shown and it returned 4 total IP addresses, 192.168.1.1, 192.168.1.42, 192.168.1.98, and 192.168.1.209. *My private network is not big and only has four devices attached, so the sweep was successful and performed the ping request, presenting the proper output! Conclusion During this exercise, I was able to create a basic script to ping my network and document the findings. This automation of my actions allows me to save time by having the computer do this basic task, instead of me having to ping each IP address separately. In a large network, this can be a great option to save time and document sanitized data. The ipsweep script gives an output, as we instructed and observed in our PoC image, of just the IP addresses found during the ping command. We can copy these and insert them with ease into another program/script, a report document, or even into a word document for later use. This is my first personal technical writing and I wanted it to be as raw, yet clear as possible. I read over my post and found areas where I could clean up text, or I could present things differently (less text, more screenshots), but I chose to keep this “as is”. I have two goals in doing this, the first is to document and demonstrate my learning path in my cybersecurity career. My second goal is to hopefully provide another view of how things work in hopes to motivate someone to learn a new skill or improve themselves for a promotion or even a career in cybersecurity. Thank you for reading over my blog and as always, I appreciate constructive criticism and feedback! I believe in always moving forward! Thank you.

Clone this wiki locally