Now I'm not advocating point and shoot ownage, that would be downright irresponsible (see db_autopwn as to why). I'm talking about data collection and aggregation to allow for quick analysis and more to the point less time on customer site.
I think the way this is going to work (if it works at all) is for each post I'm going to write about a few one liners or useful tools that can eventually be put together into one all incompassing framework, the scripts will collect all the required information, process it for use and also hopefully display it in a useful/pretty way. Kind of like a lego project that you attempt to complete over a few weeks, some weeks you might cover a lot, others nothing, maybe a few drastic revisions here and there and in the end you might never complete it, but it's the experience that counts right?
So we're going to start with a subnet, and lets for arguments sake call the subnet 10.10.10.0/24 (one I can remember throughout this series), that'll be our starting point and from here we'll start the datamining. First things first, a lot of tools don't accept CIDR notation (think onesixtyone et al) so we'll need a list of IPs. NMaps list scan comes in handy here:
nmap -sL -n 10.10.10.0/24 | grep "Nmap scan" | cut -f 5 -d " " > ~/<target_org>/targets/IPs.txt
To break that down we're using the nmap list command to produce a list of targets without actually scanning them, and then manipulating the output with grep and cut to provide only a list of IPs.
In the file structure we should save it as IPs.txt in a targets folder, something a long the lines of:
That's a good place to draw to a close on this article, It will continue...
Ninja Edit: Part 2 is located here.