Scripting network enumeration
As a pentester, one of the most fundamental tasks is discovering which hosts are active and reachable on a network. This information is crucial for mapping out the network topology, identifying potential targets for further testing, and ensuring proper network visibility. While there are many tools available for network discovery, sometimes the simplest and most effective approach is to write your own Bash scripts. In this section, we’ll explore how to leverage Bash scripting to discover active hosts on a network.
The primary goal is to determine which IP addresses on a given network respond to network requests, indicating that a host is active and reachable at that address. The most common method for network discovery is using ICMP echo requests, also known as pings. When you ping an IP address, your machine sends an ICMP echo request packet to that address. If a host is active at that address, it will respond with an ICMP echo reply packet...
