利用nmap来解析ip段

nmap支持很多中ip段的格式

~$ nmap -n -sL 10.16.1-2.3-4 | awk '/Host/{print $2}'
10.16.1.3
10.16.1.4
10.16.2.3
10.16.2.4

~$ nmap -n -sL 10.16.1-10.1 | awk '/Host/{print $2}'
10.16.1.1
10.16.2.1
10.16.3.1
10.16.4.1
10.16.5.1
10.16.6.1
10.16.7.1
10.16.8.1
10.16.9.1
10.16.10.1

-sL 列出扫描目标，不向目标发送数据，但是会做dns反向解析，可以加-n，去掉dns查询。 参考：

-sL (List Scan) . The list scan is a degenerate form of host discovery that simply lists each host of the network(s) specified, without sending any packets to the target hosts. By default, Nmap still does reverse-DNS resolution on the hosts to learn their names. It is often surprising how much useful information simple hostnames give out. For example, fw.chi is the name of one company´s Chicago firewall. Nmap also reports the total number of IP addresses at the end. The list scan is a good sanity check to ensure that you have proper IP addresses for your targets. If the hosts sport domain names you do not recognize, it is worth investigating further to prevent scanning the wrong company´s network. Since the idea is to simply print a list of target hosts, options for higher level functionality such as port scanning, OS detection, or ping scanning cannot be combined with this. If you wish to disable ping scanning while still performing such higher level functionality, read up on the -PN option.