[phyrrus9]

This came up in a discord chat, and I wrote up a sample program to check nearly all of the IPv4 range for machines that respond on port 22 within 250ms. I figured that I'd share it here for you guys.
It is crude, but should be a good starting point for anyone wanting to do something similar.

https://pastebin.com/kBJ5b8P2

Code (in case the pastebin link disappears in the future)

Spoiler:

Code:

#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <errno.h>
#include <fcntl.h>
typedef union
{
        uint32_t ip_32;
        uint8_t ip[4];
} u_ip_addr;
int is_valid(u_ip_addr *addr)
{
        const int portno = 22;
        char *addr_hostname;
        int sockfd, is_connected, opt;
        struct sockaddr_in serv_addr;
        struct hostent *server;
        fd_set wait_set;
        struct timeval *timeout;

        is_connected = 0;
        timeout = malloc(sizeof(struct timeval));
        timeout->tv_sec = 0;
        timeout->tv_usec = 250000;
        addr_hostname = malloc(17);
        sprintf(addr_hostname, "%u.%u.%u.%u", addr->ip[3], addr->ip[2], addr->ip[1], addr->ip[0]);
        if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
                goto done;
        opt = fcntl(sockfd, F_GETFL, NULL);
        fcntl(sockfd, F_SETFL, opt | O_NONBLOCK);
        if ((server = gethostbyname(addr_hostname)) == NULL)
                goto done;
        bzero((char *) &serv_addr, sizeof(serv_addr));
        serv_addr.sin_family = AF_INET;
        bcopy((char *)server->h_addr, (char *)&serv_addr.sin_addr.s_addr, server->h_length);
        serv_addr.sin_port = htons(portno);
        if ((is_connected = connect(sockfd,(struct sockaddr *) &serv_addr,sizeof(serv_addr))) < 0)
        {
                if (errno == EINPROGRESS)
                {
                        printf("\r                                    \rTesting %s", addr_hostname);
                        fflush(stdout);
                        FD_ZERO(&wait_set);
                        FD_SET(sockfd, &wait_set);
                        is_connected = select(sockfd + 1, NULL, &wait_set, NULL, timeout);
                }
        }
        else
                is_connected = 1;
        close(sockfd);
done:
        free(addr_hostname);
        free(timeout);
        if (is_connected)
                printf("\r                                            \r");
        return !is_connected;
}
int main()
{
        u_ip_addr *addr;
        uint8_t first, last;
        addr = malloc(sizeof(u_ip_addr));
        for (addr->ip_32 = 0; addr->ip_32 < UINT32_MAX; ++addr->ip_32)
        {
                first = addr->ip[3];
                last = addr->ip[0];
                if ((first == 0 || first == 10 || first == 127) ||
                    (first == 169 || first == 172 || first == 192) ||
                    first == 185)
                        continue;
                if ((last == 0 || last == 1 || last == 254) ||
                    last == 255)
                        continue;
                if (addr->ip[2] == 0 || addr->ip[1] == 0)
                        continue;
                if (!is_valid(addr))
                {
                        printf("%u.%u.%u.%u\n", first, addr->ip[2], addr->ip[1], last);
                        break;
                }
        }
        free(addr);
        return 0;
}

Based on my calculations, this would take about a month to sweep through it. Multithreading could be an option, but you'd need to modify the timeout code.
Hope you enjoy.

[Mr.Kurd]

Thanks man for sharing; it will be useful for some of us for sure.