PowerShell Pinger

    I own most, if not all, of the Hak5 gear because I like to see how each product works and possibly come up with a way to prevent the attack. 

    The other day I received an email from them, went to their website, and was reminded of Bash Bunny.  I then wondered what it would take to make a Bash Bunny script to ping scan the network.  Then I wondered what it would take to do that in PowerShell, eliminating the Bunny from the equstion.  And that's where this post is headed.

    In Linux, I might not necessarily know the exact syntax for what I want to do but I probably have a good idea as to which commands I can use to do it.  I know that from ifconfig, I can get the IP address.  And with various other commands like sed, awk, cut, head, and tail, I can isolate to what I want exactly. 

    The following one-liner parses ifconfig for the subnet:

    ifconfig | grep inet | head -1 | awk '{print $2}' | awk 'BEGIN{FS="."}{print $1"."$2"."$3"."}'

    To perform this same task in PowerShell was a total mystery.  That's sort of the point though.  The idea is not to become a wizard in PowerShell but to learn commands I wouldn't normally learn.  With Linux, I just know these commands and if ever there comes a time when I actually need to do something, I at least know some commands to use.

    Without first feeding it any portion of the IP address, I want to retrieve the IP address, parse it for the first three octets, then ping the network while ignoring the errors:

    $snet = Get-WmiObject -Class Win32_IP4RouteTable |
        where { $_.destination -eq '' -and $_.mask -eq ''} |
        Sort-Object metric1 | select nexthop, metric1, interfaceindex
    $line = $snet -split "nexthop="
    $ip = $line -split ";"
    $netw = $ip[1]
    $ipoct = $netw.split(".")
    $value = ($ipoct[0]+"."+$ipoct[1]+"."+$ipoct[2])
    $start = 1
    $end = 254
    while ($start -le $end) {
        Test-connection "$value.$start" -count 1 2> $null

    It's pretty slow in the actual process of pinging but aside from that, it works like I wanted:

    You might be asking why I didn't comment my code.  That's a good question.  The answer is this -- the point here is not to make a PowerShell script for pinging, the point is to take an idea, make it happen, and learn some methods for accomplishing specific tasks. 

    If I find myself on a Linux machine without Python, without Perl, without ???, I can live off the land quite well with Bash.  Oddly, having spent a numerous years in Windows environments, I can't say the same.  That's not to say that I can't execute commands, THAT I can do!  I'm well versed in Windows commands.  But to automate would be more difficult -- mostly because Windows is heavily based on the GUI and Linux not so much.  

    If my goal was to scan the network for IP's, I'd use Nmap.  But again, if I were without Nmap, I could drop to a command line and something like this:

    for /l %i in (1,1,254) do (ping -n 1 192.168.86.%i)

    The output is messy.  PowerShell gives us a clean output.  When we look at our script, it's not complicated.  It starts with this:

    The output:

    From there, it's a matter of parsing the output and getting to what we want.

    Bottom line -- I think I want to learn to live off the land more in Windows than relying on packaged tools.  That's not to say that I want to learn how to hammer nails with a rock but if ever I should only have a rock, I can accomplish the task.  

    © 2020 sevenlayers.com