I have a number of nodes on a couple of networks whose hostnames all start with org
. Some examples are:
- orgwebsvr1
- orgwebsvr2
- orgwebsvr3
- orgdbsvrmysql
- orgdbsvrmssql
- orgdbsvrosql
With nmap, I know that I can scan multiple targets using the IP or an external list. But I want to discover all the devices on a network that start with org
. Is there such a way to write that using nmap?
Thank you.
Best Answer
Assuming the hosts all have valid DNS entries, you can do a list scan querying the DNS for each host on your target network, then filter the output to a file and use it as target for a second nmap scan:
nmap -sL 192.168.0.0/24 | awk '{print $5}' | grep ^org > ~/targets.txt; nmap -iL ~/targets.txt