Sometimes we need to work with multiple hosts and perform more than one scan, but having to type a list of targets in the command line with each scan is not very practical. Fortunately, Nmap supports the loading of targets from an external file.
This recipe shows how to scan the targets loaded from an external file by using Nmap.
Enter the list of targets into a text file, each separated by a new line, tab, or space(s):
$cat targets.txt 192.168.1.23 192.168.1.12
To load the targets from the file targets.txt, the following command can be used:
$ nmap -iL targets.txt
This feature can be combined with any scan option or method, except for exclusion rules set by --exclude or --exclude-file. The option flags --exclude and --exclude-file will be ignored when -iL is used.
The arguments -iL <filename> tell Nmap to load the targets from the file filename.
Nmap supports several formats in the input file. The target list contained in the input file may be separated either by spaces, tabs, or newlines. Any exclusions should be reflected in the input target file.
You can also use different target formats in the same file. In the following file, we specify an IP address and an IP range:
$ cat targets.txt 192.168.1.1 192.168.1.20-30
Target files may contain comments by using the character "#":
$ cat targets.txt # FTP servers 192.168.10.3 192.168.10.7 192.168.10.11
The Classless Inter Domain Routing (CIDR) notation (pronounced as "cider") is a compact method for specifying IP addresses and their routing suffixes. This notation gained popularity due to its granularity when compared to classful addressing because it allows subnet masks of variable length.
The CIDR notation is specified by an IP address and network suffix. The network or IP suffix represents the number of network bits. IPv4 addresses are 32 bit, so the network can be between 0 and 32. The most common suffixes are /8, /16, /24, and /32.
To visualize it, take a look at the following CIDR-to-Netmask conversion table:
|
CIDR |
Netmask |
|---|---|
|
/8 |
255.0.0.0 |
|
/16 |
255.255.0.0 |
|
/24 |
255.255.255.0 |
|
/32 |
255.255.255.255 |
For example, 192.168.1.0/24 represents the 256 IP addresses from 192.168.1.0 to 192.168.1.255. And 50.116.1.121/8 represents all the IP addresses between 50.0-255.0-255.0-255. The network suffix /32 is also valid and represents a single IP.
- The Scanning random targets recipe
- The Excluding hosts from your scans recipe in Chapter 2, Network Exploration
- The Running NSE scripts recipe in Chapter 1, Nmap Fundamentals
- The Discovering hostnames pointing to the same IP address recipe in Chapter 3, Gathering Additional Host Information
- The Scanning IPv6 addresses recipe in Chapter 2, Network Exploration
- The Collecting signatures of web servers recipe
- The Distributing a scan among several clients by using Dnmap recipe