Deliverable 1. Provide a screenshot of your /24 port scan against 10.0.5.0/24 similar to the one below.
Code:
#!/bin/bashnetwork=$1port=$2echo"host,port"for ((ip=1; ip<=254; ip++)); do ipaddr="$1.$ip"timeout.1bash-c"echo >/dev/tcp/$ipaddr/$port"2>/dev/null&&echo"$ipaddr,$port"done
Output:
Output
Deliverable 3. Write a script that takes a network prefix and a specific dns server in which to perform a lookup. Assume a /24 network. Provide a screenshot similar to the one below showing the program run.
Code:
#!/bin/bashnetwork=$1name_serv=$2echo"dns resolution for $network"for ((ip=1; ip<=254; ip++)); do ipaddr="$1.$ip"nslookup $ipaddr $name_serv |grepnamedone
Output:
Deliverable 5. Use nmap to find your DNS servers. Figure out how to: skip host discovery, use a grepable output to send results to dns-servers2.txt, only scan for a single tcp port across 10.0.5.0/24, only report "open" ports, see if you can use a bash 1 or 2 liner to list the unique IP addresses that respond to DNS lookups.
Deliverable 6. The following nmap command will use -sL (list targets) while specifying a dns server. See if you can do some magic with grep and cut or awk to produce output similar to the one below. Provide a screenshot showing your modified nmap run. Note, you may have different hosts listed as our target environment changes and grows over time.
Deliverable 7. zt.txt should have some useful information, see what you can do to parse it in a manner that we have a hostname and associated ip address. Provide a screenshot similar to the one below. Note, the screenshot below is not quite perfect as not every host has an IP address.
