I've just got a request for a simple subnetscanner, under the condition,
that nothing can be installed on the target machine. So I've quickly put
a Windows batchscript together which does the job. It's not as fast as
NMAP & co, but you can be 99% sure that your AV doesn't catch this
file.
To start the script, just paste the code below in a file (*.bat) and
open a cmd to run it (see below).
subnet_scan.bat
Which will print you the ip's in their numeric order OR
subnet_scan.bat | sort
Which will sort the hosts by their status (UP / down) (note, you won't see any output, until the script has finished, so be patient).
The sorted (sample) output looks like this:
down -- 192.168.0.1
down -- 192.168.0.10
down -- 192.168.0.100
down -- 192.168.0.101
down -- 192.168.0.102
down -- 192.168.0.103
down -- 192.168.0.104
up -- 192.168.0.105
up -- 192.168.0.106
So here's the code:
@ECHO OFF
REM
#########################################################
REM # Author: Raphael Hoegger
REM # Source: http://pfuender.net/?p=42
REM # License: This file is licensed under the GPL v2.
REM # Latest change: 2010.06.24 11:16:42 CEST
REM # Version: 1.1
REM
#########################################################
REM define the ping-timeout in miliseconds
set TIMEOUT=50
REM define the subnet (only put the first three octects like
"192.168.0." , 4th will be generated. Actually only the 4th octect will
be generated, the others are fixed)
set IPSUBNET=192.168.0.
REM first and last IP of the subnet to scan
set IPFIRST=0
set IPLAST=254
:loop
set /a IPFIRST+=1
if %IPFIRST% gtr %IPLAST% goto :END
REM errorcode = 1 --> NOTRUNNING /// errorcode = 0 --> UP
ping -n 1 -w %TIMEOUT% %IPSUBNET%%IPFIRST% >null
if %ERRORLEVEL% NEQ 0 goto NOTRUNNING
if %ERRORLEVEL% = 0 goto UP
goto :loop
:UP
echo up -- %IPSUBNET%%IPFIRST%
goto :loop
:NOTRUNNING
echo down -- %IPSUBNET%%IPFIRST%
goto :loop
:END
Cheers,
Raphi