Securing Enterprise Networks: Identifying Live Hosts and Vulnerable Ports for Proactive Defense

KIRAN KUMAR K
13 Aug, 2025

⚡ KinSec — End-to-End: Fast Host Discovery & Port Enumeration on 10.0.0.0/8 using Masscan

Author: Kiran Kumar K (KinSec)
Goal: Quickly discover alive hosts in 10.0.0.0/8, clean the results to a simple IP list, scan those hosts for open ports, and save clean, analysis-friendly outputs.

 Legal & Safety First

Only scan networks you own or are explicitly authorized to test.
High-speed scans can overload devices or trigger security monitoring.
Coordinate with your network team and start with conservative speeds.

 What We’ll Produce

  • alive_raw.txt — Raw Masscan discovery output

  • clean_ips.txt — One IP per line (only alive hosts)

  • alive_ports_raw.txt — Raw port scan results

  • ip_ports.txt — IP: port1,port2,... summary

  • ip_port.csv — ip,port format for Excel or SIEM

🛠 Prerequisites (Debian/Kali/Ubuntu)

sudo apt update
sudo apt install -y masscan

 Step 1 — Discover Alive Hosts

Recommended (multi-probe ping):

sudo masscan 10.0.0.0/8 --ping --rate 200000 -oG alive_raw.txt

  • --ping = ICMP + common TCP probes (works even if ICMP is blocked)

  • --rate 200000 = 200k packets/sec (start lower if unsure)

  • -oG = Greppable output

If --ping is blocked:

sudo masscan 10.0.0.0/8 -p80,443 --rate 100000 -oG alive_raw.txt

 Step 2 — Clean IP List

grep -oP '(?<=Host:\s)\d{1,3}(?:\.\d{1,3}){3}' alive_raw.txt | sort -u > clean_ips.txt

  • Extracts only IPs from Masscan output

  • clean_ips.txt will be ready for port scanning

Check:

wc -l clean_ips.txt
head clean_ips.txt

 Step 3 — Scan Open Ports on Alive Hosts

Fast, targeted ports:

PORTS="22,80,443,3389,8080,8443,445,139"
sudo masscan -iL clean_ips.txt -p${PORTS} --rate 200000 --wait 5 -oG alive_ports_raw.txt

All TCP ports (slower):

sudo masscan -iL clean_ips.txt -p0-65535 --rate 100000 --wait 10 -oG alive_ports_raw.txt

 Step 4 — Create Readable IP:Ports Summary

awk '
  /Host:/ {
    ip=""; ports_str="";
    if (match($0,/Host: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/,m)) ip=m[1];
    if (match($0,/Ports: (.*)$/,p)) ports_str=p[1];
    if (ports_str=="") next;
    n=split(ports_str,arr,",");
    out="";
    for(i=1;i<=n;i++){
      if(match(arr[i],/([0-9]+)\/open/,q)){
        if(out=="") out=q[1]; else out=out","q[1];
      }
    }
    if(out!="") print ip": "out;
  }' alive_ports_raw.txt > ip_ports.txt

 Step 5 — Create CSV (IP,Port Pairs)

awk '
  /Host:/ {
    if (match($0,/Host: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/,m)) ip=m[1];
    rest=$0;
    while (match(rest,/([0-9]+)\/open\/tcp\/\//,p)) {
      print ip "," p[1];
      rest = substr(rest, RSTART + RLENGTH);
    }
  }' alive_ports_raw.txt | sort -u > ip_port.csv

 Files & Their Purpose

  • alive_raw.txt → Raw alive host detection

  • clean_ips.txt → Alive IPs only

  • alive_ports_raw.txt → Raw open port results

  • ip_ports.txt → Human-readable IP: ports

  • ip_port.csv → CSV for analysis

⚡ One-Shot Workflow

# 1) Discovery
sudo masscan 10.0.0.0/8 --ping --rate 200000 -oG alive_raw.txt

# 2) Clean IPs
grep -oP '(?<=Host:\s)\d{1,3}(?:\.\d{1,3}){3}' alive_raw.txt | sort -u > clean_ips.txt

# 3) Enumerate ports
PORTS="22,80,443,3389,8080,8443,445,139"
sudo masscan -iL clean_ips.txt -p${PORTS} --rate 200000 --wait 5 -oG alive_ports_raw.txt

# 4) Summary file
awk '/Host:/ { ip=""; ports_str=""; if (match($0,/Host: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/,m)) ip=m[1]; if (match($0,/Ports: (.*)$/,p)) ports_str=p[1]; if (ports_str=="") next; n=split(ports_str,arr,","); out=""; for(i=1;i<=n;i++){ if(match(arr[i],/([0-9]+)\/open/,q)){ if(out=="") out=q[1]; else out=out","q[1]; }} if(out!="") print ip": "out }' alive_ports_raw.txt > ip_ports.txt

# 5) CSV file
awk '/Host:/ { if (match($0,/Host: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/,m)) ip=m[1]; rest=$0; while (match(rest,/([0-9]+)\/open\/tcp\/\//,p)) { print ip "," p[1]; rest = substr(rest, RSTART + RLENGTH); } }' alive_ports_raw.txt | sort -u > ip_port.csv

 Final Notes

  • Start with lower --rate (e.g., 50000) before increasing

  • Use --wait to avoid missing slow responses

  • If results matter for production, verify with a stateful scan (like Nmap)

  • Respect scanning policies and coordinate with SOC/NetOps


KIRAN KUMAR K

KIRAN KUMAR K

Cybersecurity enthusiast and ethical hacker with expertise in penetration testing, network security, and VAPT. Skilled in identifying vulnerabilities, securing digital systems, and working with Linux and open-source tools. Passionate about IoT security, machine learning for anomaly detection, and cloud security. Always learning and exploring new cybersecurity threats to build safer digital environments. 🚀

Previous Post
No Comment
Add Comment
comment url