Nmap – Taking a random sample from a range of IP ranges - Is combining -iR and -iL possible?

Question

I’ve got a long list of IP address ranges. Is there a way to use nmap’s –iR or similar to take a random sample from a range of addresses. For example, something like:

    nmap -iL ip_ranges -iR 100000

Performing this scan ignores the “–iL ip_ranges” parameter, and just attempts to scan purely random hosts.

My input list looks like this:

    x.x.220.0/23
    x.x.222.0/23
    x.x.224.0/20
    x.x.0.0/16
    x.x.0.0/19
    …
    …

Answer 1

Nmap doesn't currently have this option. Here are 3 things you can do instead:

1. Use a command pipeline to do the selection for you:

   nmap -n -sL -iL ip_ranges -oG - | awk '/^Host/{print $2}' | shuf -n 100000
   

2. Use Nmap's --exclude-file option to import a list of off-limits IP ranges, then use -iR to choose how many of the remaining addresses to generate. This probably requires too much work to invert your chosen IP ranges into "exclude" ranges, but it's an option.

3. Write to dev@nmap.org and ask for this as a new feature.