I'm sure there's a more efficient way of putting something like this
together, but... oh well. Results of the scan are reported into
./bips.results
note: this script has two parts.
--- bips.sh ---
#!/bin/bash
# find broadcast ip's that reply with 30+ dupes.
# i decided to make this script into two sections. when running this make
# sure both parts are in the same directory.
if [ $# != 1 ]; then
echo "$0 <domain - ie: college.edu>"
else
host -l $1 | grep 'has address' | cut -d' ' -f4 > $1.ips
cat $1.ips | cut -d'.' -f1-3 | sort |\
awk '{ print echo ""$1".255" }' > $1.tmp
cat $1.tmp | uniq | awk '{ print "./chekdup.sh "$1"" }' > $1.ping
rm -f $1.ips $1.tmp
chmod 700 $1.ping
./$1.ping
rm $1.ping
fi
--- chekdup.sh ---
#!/bin/bash
# this checks possible broadcast ip's for a given amount of icmp echo
# replies.
ping -c 2 $1 > $1.out
if
cat $1.out | grep dupl > /dev/null
then
export DUPES="`cat $1.out | grep dupl | cut -d'+' -f2 | cut -d' ' -f1`"
else
export DUPES=1
fi
if [ $DUPES -gt 30 ]; then
echo "$1 had $DUPES dupes" >> bips.results
rm -f $1.out
else
rm -f $1.out
fi