Ever wanted to do a ping sweep in this new network you just broke in but you don’t want (or can’t, for some reason, AVs etc…) to upload any tools? Or even in your own network but you don’t have time to install nmap for whatever reason?
Well, you can still do it by leveraging the OS built-in tools. With a for loop we can launch a ping for a whole class C in about 3 min in windows and in about 10 sec in Linux.
Linux Ping Sweep
for i in {1..254} ;do (ping -c 1 192.168.1.$i | grep "bytes from" &) ;done
What this does is a for loop from 1 to 254, $i takes the value of the current iteration so in the first one it will be 1 then 2, 3… and so on, then we tell it to call the ping command with the -c option which means only ping once otherwise it would ping forever after that we pipe the output to grep so we only see the hosts that actually responded and the & at the end send it to the background so it will launch all the pings in parallel. If we only want the ip address and not the whole line we can further filter this using cut.
Windows Ping Sweep
for /L %i in (1,1,255) do @ping -n 1 -w 200 192.168.1.%i > nul && echo 192.168.1.%i is up.
As you can see the idea is the same, -n being the equivalent of -c in Linux’s ping and -w is the timeout, then we send the output to nul and echo only if the ping command was successful (that’s what the && is for)