Getting the primary IP address (plain and CIDR) on Linux and OS X, then nmap scan on the associated subnet
Posted by jpluimers on 2021/12/13
The below answer works on my Linux and OS X systems (each having multiple network adapters configured):
[WayBack] bash – How to get the primary IP address of the local machine on Linux and OS X? – Stack Overflow
ip route get 1 | awk '{print $NF;exit}'
For Linux, I have this bash function:
# note the ";exit" lists the first default route interface, as there can be multiple function nmap-fingerprint_network_of_default_interface() { default_if=$(ip route list | awk '/^default/ {print $5;exit}') default_if_cidr=$(ip -o -f inet addr show $default_if | awk '{print $4}') nmap -sP $default_if_cidr }
And for OS X this one:
# requires ipcalc function nmap-fingerprint_network_of_default_interface() { default_if=$(route -q -n get default | awk '/interface:/ {print $2;exit}') default_if_address=$(ifconfig $default_if | awk '/inet / {print $2;exit}') default_if_netmask_hex=$(ifconfig $default_if | awk '/inet / {print $4;exit}') default_if_network_bit_count=$(ipcalc --nocolor --class $default_if_address $default_if_netmask_hex) default_if_cidr=$(echo "$default_if_address/$default_if_network_bit_count") nmap -sP $default_if_cidr }
These are the variables used:
default_if: network interface of the default routedefault_if_cidr: IPv4 CIDR of the network interface of the default route (see Classless Inter-Domain Routing: CIDR notation – Wikipedia)default_if_address: IPv4 address of network interface of the default routedefault_if_netmask_hex: hexadecimal IPv4 network mask of network interface of the default routedefault_if_network_bit_count: number of set bits in the IPv4 network mask of the network interface of the default route
Links used to get the above functions:
- [WayBack] linux – How to get netmask from bash? – Unix & Linux Stack Exchange (I split the commands and results-capture over multiple lines to make it more clear what happens)
- [WayBack] linux – cut or awk command to print first field of first row – Stack Overflow
- [WayBack] macos – How to get default gateway in Mac OSX – Stack Overflow
- [Archive.is] route(8) [osx man page] indicates
-qdoes not provide output, but I found out that in practice-q -nand-nare equivalent in output.
- [Archive.is] route(8) [osx man page] indicates
- On MacOS, I converted the hexadecimal netmask to the number of set bits using [WayBack] ipcalc / ipcalc · GitLab:
A modern IPv4/IPv6 ipcalc tool, assisting in network calculations in command line and as a tool for scripts.
- [WayBack] Target Specification | Nmap Network Scanning
Nmap supports CIDR-style addressing. You can append
/to an IP address or hostname and Nmap will scan every IP address for which the first<numbits><numbits>are the same as for the reference IP or hostname given.For example,
192.168.10.0/24would scan the 256 hosts between 192.168.10.0 (binary:11000000 10101000 00001010 00000000) and 192.168.10.255 (binary:11000000 10101000 00001010 11111111), inclusive.192.168.10.40/24would scan exactly the same targets.
I might have gotten away with a pure bash solution (see [WayBack] Bash script for calculating network and broadcast addresses from ip and netmask or CIDR Notation · GitHub or my post Getting your local IPv4 addresses, netmasks and CIDRs), but the above works and is way shorter, and easier to maintain.
In stead of ipcalc, subnetcalc can do the same calculations and also supports IPv6, so that is something for a future try:
- [WayBack] GitHub – dreibh/subnetcalc: IP address calculator
- [WayBack] SubNetCalc Homepage
- [WayBack] networking – Linux Command line tool to work with netmasks / CIDR notation – Server Fault
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment