Specify IP address range

Sometimes, you need to scan not a single machine but a whole range of hosts. There are several ways to specify multiple machines:

  • specify multiple IP addresses or hostnames – you simply specify IP addresses or hostnames you would like to scan in the command. Here is an example:
root@kali:~# nmap -p135 192.168.5.102 192.168.5.11
Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-04 19:40 CET
Nmap scan report for 192.168.5.102
Host is up (0.0012s latency).
PORT STATE SERVICE
135/tcp open msrpc
Nmap scan report for 192.168.5.11
Host is up (0.0013s latency).
PORT STATE SERVICE
135/tcp open msrpc
Nmap done: 2 IP addresses (2 hosts up) scanned in 0.04 seconds
  • use CIDR-style addressing – you can use the CIDR notation to specify a range of IP addresses to scan. For example, here is how we would scan the range of IP addresses 192.168.0.0 – 192.168.0.255:
root@kali:~# nmap -p135 192.168.5.0/24
Starting Nmap 7.01 ( https://nmap.org ) at 2016-03-04 19:43 CET
Nmap scan report for 192.168.5.0
Host is up (0.028s latency).
PORT STATE SERVICE
135/tcp filtered msrpc
Nmap scan report for ZyXEL.Home (192.168.5.1)
Host is up (0.15s latency).
PORT STATE SERVICE
135/tcp closed msrpc
Nmap scan report for 192.168.5.2
Host is up (0.0051s latency).
PORT STATE SERVICE
135/tcp filtered msrpc
Nmap scan report for 192.168.5.3
Host is up (0.0050s latency).
PORT STATE SERVICE
135/tcp filtered msrpc
.
.
.
  • input from list – you can generate a list of machines to scan and pass that filename to Nmap as an argument using the – iL option. Entries must be in the format accepted by Nmap on the command line and each entry must be separated by one or more spaces, tabs, or newlines.
Geek University 2021