A little tip for penetration testers to scan their own network with arping (Layer 2 discovery).
Preparation
We need arping. Therefor we can use ports to install them.
# install arping via ports
$ sudo port install arpingExample
# Syntax
$ sudo arping -c <number> <target>
# Example
$ sudo arping -c 4 192.168.0.1Usage
Now we use ARP (Address Resolution Protocol) to discover.
#!/usr/bin/env bash
# define shell options
set -e
set -u
# define magic variables
declare -r FILE_NAME=$(basename "$0")
declare -r -i NO_ARGS=84
declare -r -i BAD_ARGS=85
# usage function
function fc_usage() {
printf "Usage: %s -i <interface>" "$FILE_NAME"
}
# error function
function fc_no_args() {
printf "Error: no arguments supplied\n"
exit "$NO_ARGS"
}
# check script arguments
if [ "$#" -eq 0 ]; then
fc_no_args
fi
while getopts "i:" OPTION; do
case "$OPTION" in
i)
INTERFACE="$OPTARG";;
*)
fc_usage
exit "$BAD_ARGS";;
esac
done
PREFIX=$(ifconfig "$INTERFACE" | grep 'inet' | cut -d ' ' -f2 | sed -n 2p | cut -d '.' -f 1-3)
for addr in $(seq 1 254); do
arping -c 1 "$PREFIX"."$addr" | grep "bytes from" | cut -d " " -f 5 | cut -d "(" -f 2 | cut -d ")" -f 1 &
done