Before i mentioned that you could expand the hosts in a subnet by using bash brace expansion. While that works fine, if you have a file with 40 different CIDR subnets in them it can be REALLY annoying. In walks nmap.
Nmap has a scan feature called list scan that will output the IPs to be tested. All you need to do is supply it with a range/file-with-ranges and it will output the IPs, one in a line. The output may be a little ugly so i created a quick function to parse out just the IPs