I am trying to use nmap to ping a list of domains, i am using:
nmap -sP -iL /path/to/file/domains
The ping works fine but in the output for domains that ping was successful I get the domains ip like this:
Host 66.249.92.104 is up (0.55s latency).
Is there a way to get the output as domains instead of ips?
Assuming you didn't scrub the output (i.e. 66.249.92.104 is really one of the hosts you're probing), the problem is that there is no PTR record in DNS for the IP. That is, there is no reverse mapping from the IP -> FQDN that nmap can present in the output.
For example, here's what you get when a PTR record exists:
$ nmap -sP www.yahoo.com | grep ^Host
Warning: Hostname www.yahoo.com resolves to 2 IPs. Using 72.30.2.43.
Host ir1.fp.vip.sk1.yahoo.com (72.30.2.43) appears to be up.
I'd recommend a 2-step process such as this (although it is not as efficient since you're starting up a new nmap process for each probe, you do keep your information together):
$ cat domains
www.yahoo.com
www.google.com
$ cat nmap-keep-names.sh
#!/bin/sh
for domain in `cat $1`
do
echo Probing $domain
nmap -sP $domain 2> /dev/null \
| grep ^Host
done \
| sed '$!N;s/\n/ /' \
| sed 's/Probing //' \
| sed 's/Host.*(\(.*\)) \(.*\)/(\1) \2/'
$ ./nmap-keep-names.sh domains
www.yahoo.com (72.30.2.43) appears to be up.
www.google.com (66.102.7.104) appears to be up.
Before nmap runs you simply print out a note detailing what hostname you're probing. Then you can format the output to use the information you fed to nmap.
Note #1 - 1e100.net is a domain that Google owns. So even when a PTR record exists there's no guarantee that it's something you'd expect.)
Note #2 - I did the sed stuff at the end to clean up the output. It isn't necessary and the output is totally usable without it.
