Home / server / Questions / 490079
Accepted
user717236
Asked: 2013-03-22 06:48:20 +0800 CST

How can I scan using nmap and Zenmap all hostnames that begin with a particular string?

  • 772

I have a number of nodes on a couple of networks whose hostnames all start with org. Some examples are:

  • orgwebsvr1
  • orgwebsvr2
  • orgwebsvr3
  • orgdbsvrmysql
  • orgdbsvrmssql
  • orgdbsvrosql

With nmap, I know that I can scan multiple targets using the IP or an external list. But I want to discover all the devices on a network that start with org. Is there such a way to write that using nmap?

Thank you.

linux

2 Answers

  1. Best Answer

    Assuming the hosts all have valid DNS entries, you can do a list scan querying the DNS for each host on your target network, then filter the output to a file and use it as target for a second nmap scan:

    nmap -sL 192.168.0.0/24 | awk '{print $5}' | grep ^org > ~/targets.txt; nmap -iL ~/targets.txt

    • 3

  2. Three routes to handle this, not related to NMAP directly.

    1. If you have an inventory system (or directory) of hosts, you should be able to query that to find your related IP addresses.
    2. Since you manage DNS assumably for this network, you should be able to access your nameserver details to find all A (host) records that match your pattern and get the associated IP addresses.
    3. Manually scan all DNS PTR (reverse) records across your IP space and find the hosts you care about using a simple regex like /^org/ (if you have reverse DNS records setup).

    In all cases, you then can pass the resulting IPs to NMAP to conduct your scan (unless you were just wanting to use NMAP for the discovery portion and not actual scans).

    • 2