Making a Python ping sweep script

In this post we are going to create a ping sweep script with Python. First I will explain what a ping sweep is and why it’s useful. Then we’ll make the ping sweep script step by step. Lastly I’ll show you a script that is made using the ‘pythonping’ module.

I’m not saying that these are the best ping sweep scripts in Python. There are probably ways to create a ping sweep in python that are faster and more optimized.


What is a ping sweep and what is it used for

A ping sweep is a technique that may be used by hackers during the reconnaissance phase of an attack. With a ping sweep you can scan a range of ip addresses and see if they are live. You are sending ICMP packets to the addresses and if you get a response you know they are live and connected to the network.

Hackers may use a ping sweep to find potential victims on a local network.


Do ping sweeps cause suspicious traffic?

Ping sweeps do cause some abnormal traffic on the network and may be recognized by an Intrusion Detection System. They do not cause any harm by themselves but do fall under ‘Active Reconnaissance’ because they involve interaction with the potential target. The chance of detection is higher within enterprise networks because they are more likely to have an intrusion detection system in place. Ping sweeps are unlikely to be detected in places like hotels or coffee shops however.


How do ping sweeps work

First a range of ip addresses is needed, for example 192.10.1.1 until 192.10.1.100. Then ICMP packets will be sent to each of the ip addresses in this range, one by one. When we receive a response from an ip address it means it is online. The script will print its address for the user.

So we know that the following elements should be present in the Python script.

  • A way to get user input for the ip range that needs to be scanned.
  • A for loop to send ping packets to each ip in the range
  • A check of the response to see if the scanned target is online

First Python ping sweep script

We are now going to create the first script. I will divide the process in small steps.

First we need to import the datetime, platform and os modules.

import modules

Now we will let the user enter the network IP address.

network ip user input

Then we split the address the user entered. Now the different parts of the IP address will be added to a list.

split the ip address

We manually add each part together again and separate it with a dot. This is so that if a user accidentally added a complete IP address it won’t be a problem. We only use the first 3 parts of the address for the network address.

combine parts to create network ip

Here we let the user enter the number of the first and the last host that need to be scanned. The last host is incremented with 1 so that the last host will be included in the scan. (By default a for loop doesn’t include the last number)

user input of first host and last host in range

Platform.system() checks the operating system the script is run on, Windows, Linux or Mac. We save the result in the ‘oper’ variable.

find operating system

The reason we saved the name of the OS is that the ping command is slightly different for Windows and Linux.

set ping command based on operating system

Save the current time and let the user know that the scan is starting.

record time before the ping sweep

Scanning the ip range

scan ip addresses in range

This is where the scanning happens. The code is a bit longer but don’t worry. Let’s look at each for loop separately.

  • First we give the range of the for loop.
  • We set the ip address to be scanned by adding the network ip and the number of the host together.
  • Then we prepare the ping command and save it in ‘command’.
  • We execute the command with os.popen() and save the response in ‘response’.
  • Then we make a list of the response with response.readlines() and save it in a variable.
send pings and save response

This was all done for one ip address.


Now comes the second for loop, still for the same ip address. This one checks if the current ip is live.

  • We go through each line in the response.
  • With count() we can see if “TTL” appears anywhere in the response. If that is the case it means we received an ‘ICMP echo reply’. This means that the target is live.
  • We print that the target is live and break this for loop.
read response to check if host is live

Now this repeats for the next ip address until every ip was scanned.


Finishing the script

We record the time at which the scan has ended. Then we subtract the start time from the end time to see the difference and know the duration of the scan. Lastly we print ‘the scanning has completed in’ + time.

record time after the ping sweep

At this stage the output is like this:

output of the first ping sweep script

Adding instructions

In python you can print a multi-line string by using triple quotes. We can use this to show some instructions when you run the script.

adding instructions

Now this is the output:

output of the first ping sweep script with instructions

Complete script:

complete first python ping sweep script

Second Python ping sweep script

We will now quickly take a look at a second script that was made using pythonping, a python module. With this script you can say how many ip addresses you want to scan and then enter them manually. They are saved in a list and then pinged one by one.

To make this script work you need to install the pythonping and art module:

  • pip install pythonping
  • pip install art

Tip: Name the script something other than ‘pythonping.py’ because if you name it that, you will get a circular import error.

Complete script:

complete python ping sweep script using pythonping

What this script does:

  • Print a nice looking title.
  • Ask how many ip addresses you want to ping.
  • Let you manually enter each ip address to ping and add them to a list (first loop).
  • Send 2 ping requests to each ip address you entered (second loop).

The output looks like this:

output second ping sweep script

Leave a Comment

Your email address will not be published. Required fields are marked *