This tool scans your local network to discover live hosts and checks whether specific ports are open on those hosts. The script performs the following steps:
- Discover the Local IP Address: Identifies the local IP address of the machine running the script.
- Identify the Subnet: Determines the subnet based on the local IP address.
- Scan the Subnet for Live Hosts: Uses nmap to identify live hosts within the subnet.
- Port Scanning: Checks if specified ports are open on the discovered live hosts.
go get -u github.com/Ullaakut/nmap/v2
go get -u golang.org/x/net/icmp
go get -u golang.org/x/net/ipv4
go get -u golang.org/x/net/ipv6
- Ping Scan: The script now only performs a ping scan to discover live hosts on the network without attempting to scan ports during this step.
- Port Scan: Then after discovering live hosts, the script then checks if specific ports are open on each host.
> go run net-scan.go
Local IP: 192.168.1.186
Subnet: 192.168.1.0/24
Live hosts on subnet: [192.168.1.186 192.168.1.254]
Port 53 is open on 192.168.1.254
Port 443 is open on 192.168.1.254
Port 80 is open on 192.168.1.254-
Make sure to have nmap installed on your machine & python-nmap
-
python3 -m pip install python-nmap -
Run with sudo
sudo python3 net-scan.py
Note: # nmap is needed as well. On macOS: brew install nmap, pip install python-nmap (as sudo for OS fingerprinting)
> sudo python3 net-scan.py
------------------------
subnet:10.100.100.0/24
live hosts on subnet:['10.100.100.3', '10.100.100.100', '10.100.100.150']> sudo python3 net-scan.py
subnet:192.168.1.0/24
live hosts on subnet:['192.168.1.186', '192.168.1.188', '192.168.1.254']
- Returns all hosts in the localhost subnet local
> sudo python3 net-scan.py
subnet:127.0.0.0/24
live hosts on subnet:['127.0.0.0', '127.0.0.1', '127.0.0.10', '127.0.0.100', '127.0.0.101', '127.0.0.102', '127.0.0.103', '127.0.0.104', '127.0.0.105', '127.0.0.106', '127.0.0.107', '127.0.0.108', '127.0.0.109', '127.0.0.11', '127.0.0.110', '127.0.0.111', '127.0.0.112', '127.0.0.113', '127.0.0.114', '127.0.0.115', '127.0.0.116', '127.0.0.117', '127.0.0.118', '127.0.0.119', '127.0.0.12', '127.0.0.120', '127.0.0.121', '127.0.0.122', '127.0.0.123', '127.0.0.124', '127.0.0.125', '127.0.0.126', '127.0.0.127', '127.0.0.128', '127.0.0.129', '127.0.0.13', '127.0.0.130', '127.0.0.131', '127.0.0.132', '127.0.0.133', '127.0.0.134', '127.0.0.135', '127.0.0.136', '127.0.0.137', '127.0.0.138', '127.0.0.139', '127.0.0.14', '127.0.0.140', '127.0.0.141', '127.0.0.142', '127.0.0.143', '127.0.0.144', '127.0.0.145', '127.0.0.146', '127.0.0.147', '127.0.0.148', '127.0.0.149', '127.0.0.15', '127.0.0.150', '127.0.0.151', '127.0.0.152', '127.0.0.153', '127.0.0.154', '127.0.0.155', '127.0.0.156', '127.0.0.157', '127.0.0.158', '127.0.0.159', '127.0.0.16', '127.0.0.160', '127.0.0.161', '127.0.0.162', '127.0.0.163', '127.0.0.164', '127.0.0.165', '127.0.0.166', '127.0.0.167', '127.0.0.168', '127.0.0.169', '127.0.0.17', '127.0.0.170', '127.0.0.171', '127.0.0.172', '127.0.0.173', '127.0.0.174', '127.0.0.175', '127.0.0.176', '127.0.0.177', '127.0.0.178', '127.0.0.179', '127.0.0.18', '127.0.0.180', '127.0.0.181', '127.0.0.182', '127.0.0.183', '127.0.0.184', '127.0.0.185', '127.0.0.186', '127.0.0.187', '127.0.0.188', '127.0.0.189', '127.0.0.19', '127.0.0.190', '127.0.0.191', '127.0.0.192', '127.0.0.193', '127.0.0.194', '127.0.0.195', '127.0.0.196', '127.0.0.197', '127.0.0.198', '127.0.0.199', '127.0.0.2', '127.0.0.20', '127.0.0.200', '127.0.0.201', '127.0.0.202', '127.0.0.203', '127.0.0.204', '127.0.0.205', '127.0.0.206', '127.0.0.207', '127.0.0.208', '127.0.0.209', '127.0.0.21', '127.0.0.210', '127.0.0.211', '127.0.0.212', '127.0.0.213', '127.0.0.214', '127.0.0.215', '127.0.0.216', '127.0.0.217', '127.0.0.218', '127.0.0.219', '127.0.0.22', '127.0.0.220', '127.0.0.221', '127.0.0.222', '127.0.0.223', '127.0.0.224', '127.0.0.225', '127.0.0.226', '127.0.0.227', '127.0.0.228', '127.0.0.229', '127.0.0.23', '127.0.0.230', '127.0.0.231', '127.0.0.232', '127.0.0.233', '127.0.0.234', '127.0.0.235', '127.0.0.236', '127.0.0.237', '127.0.0.238', '127.0.0.239', '127.0.0.24', '127.0.0.240', '127.0.0.241', '127.0.0.242', '127.0.0.243', '127.0.0.244', '127.0.0.245', '127.0.0.246', '127.0.0.247', '127.0.0.248', '127.0.0.249', '127.0.0.25', '127.0.0.250', '127.0.0.251', '127.0.0.252', '127.0.0.253', '127.0.0.254', '127.0.0.255', '127.0.0.26', '127.0.0.27', '127.0.0.28', '127.0.0.29', '127.0.0.3', '127.0.0.30', '127.0.0.31', '127.0.0.32', '127.0.0.33', '127.0.0.34', '127.0.0.35', '127.0.0.36', '127.0.0.37', '127.0.0.38', '127.0.0.39', '127.0.0.4', '127.0.0.40', '127.0.0.41', '127.0.0.42', '127.0.0.43', '127.0.0.44', '127.0.0.45', '127.0.0.46', '127.0.0.47', '127.0.0.48', '127.0.0.49', '127.0.0.5', '127.0.0.50', '127.0.0.51', '127.0.0.52', '127.0.0.53', '127.0.0.54', '127.0.0.55', '127.0.0.56', '127.0.0.57', '127.0.0.58', '127.0.0.59', '127.0.0.6', '127.0.0.60', '127.0.0.61', '127.0.0.62', '127.0.0.63', '127.0.0.64', '127.0.0.65', '127.0.0.66', '127.0.0.67', '127.0.0.68', '127.0.0.69', '127.0.0.7', '127.0.0.70', '127.0.0.71', '127.0.0.72', '127.0.0.73', '127.0.0.74', '127.0.0.75', '127.0.0.76', '127.0.0.77', '127.0.0.78', '127.0.0.79', '127.0.0.8', '127.0.0.80', '127.0.0.81', '127.0.0.82', '127.0.0.83', '127.0.0.84', '127.0.0.85', '127.0.0.86', '127.0.0.87', '127.0.0.88', '127.0.0.89', '127.0.0.9', '127.0.0.90', '127.0.0.91', '127.0.0.92', '127.0.0.93', '127.0.0.94', '127.0.0.95', '127.0.0.96', '127.0.0.97', '127.0.0.98', '127.0.0.99']nc -lk 1234 # (separate terminal)
echo "testtt" | nc <PrivateIP> 1234 # (get your private IP)
sudo nmap -sP 192.168.1.0/24
sudo nmap -sS -O -p 1-1000 192.168.1.0/24
-sS performs a TCP SYN scan, which is a common way to detect open ports.
-O enables OS detection.
-p 1-1000 scans the first 1000 ports.
## output
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https