Video - Creating a BASH Script for Scanning Vulnerable Ports

16 minutes
Share the link to this page
You need to have access to the item to view this lesson.
One-time Fee
List Price:  $139.99
You save:  $40
List Price:  €129.13
You save:  €36.89
List Price:  £110.03
You save:  £31.44
List Price:  CA$192.03
You save:  CA$54.87
List Price:  A$211.59
You save:  A$60.45
List Price:  S$189.02
You save:  S$54.01
List Price:  HK$1,093.71
You save:  HK$312.51
CHF 91.46
List Price:  CHF 128.06
You save:  CHF 36.59
NOK kr1,061.82
List Price:  NOK kr1,486.60
You save:  NOK kr424.77
DKK kr688.17
List Price:  DKK kr963.46
You save:  DKK kr275.29
List Price:  NZ$229.08
You save:  NZ$65.45
List Price:  د.إ514.18
You save:  د.إ146.92
List Price:  ৳16,474.51
You save:  ৳4,707.34
List Price:  ₹11,636.17
You save:  ₹3,324.85
List Price:  RM659.56
You save:  RM188.46
List Price:  ₦202,985.50
You save:  ₦58,000
List Price:  ₨39,085.72
You save:  ₨11,168.14
List Price:  ฿5,135.45
You save:  ฿1,467.37
List Price:  ₺4,513.94
You save:  ₺1,289.79
List Price:  B$720.20
You save:  B$205.78
List Price:  R2,573.67
You save:  R735.38
List Price:  Лв252.56
You save:  Лв72.16
List Price:  ₩191,210.73
You save:  ₩54,635.53
List Price:  ₪513.93
You save:  ₪146.84
List Price:  ₱8,148.95
You save:  ₱2,328.44
List Price:  ¥21,975.49
You save:  ¥6,279.16
List Price:  MX$2,337.44
You save:  MX$667.89
List Price:  QR512.15
You save:  QR146.33
List Price:  P1,899.46
You save:  P542.74
List Price:  KSh18,548.67
You save:  KSh5,300
List Price:  E£6,600.72
You save:  E£1,886.05
List Price:  ብር8,069.29
You save:  ብር2,305.67
List Price:  Kz119,054.91
You save:  Kz34,018.12
List Price:  CLP$127,353.10
You save:  CLP$36,389.20
List Price:  CN¥995.31
You save:  CN¥284.39
List Price:  RD$8,255.53
You save:  RD$2,358.89
List Price:  DA18,823.05
You save:  DA5,378.39
List Price:  FJ$317.44
You save:  FJ$90.70
List Price:  Q1,091.28
You save:  Q311.81
List Price:  GY$29,398.65
You save:  GY$8,400.21
ISK kr13,807.61
List Price:  ISK kr19,331.21
You save:  ISK kr5,523.60
List Price:  DH1,396.96
You save:  DH399.16
List Price:  L2,483.42
You save:  L709.60
List Price:  ден7,975.18
You save:  ден2,278.78
List Price:  MOP$1,129.51
You save:  MOP$322.74
List Price:  N$2,572.10
You save:  N$734.94
List Price:  C$5,169.58
You save:  C$1,477.13
List Price:  रु18,701.28
You save:  रु5,343.60
List Price:  S/524.20
You save:  S/149.78
List Price:  K545.83
You save:  K155.96
List Price:  SAR525.05
You save:  SAR150.02
List Price:  ZK3,718.29
You save:  ZK1,062.44
List Price:  L642.23
You save:  L183.50
List Price:  Kč3,193.44
You save:  Kč912.47
List Price:  Ft49,741.85
You save:  Ft14,212.97
SEK kr1,070.73
List Price:  SEK kr1,499.06
You save:  SEK kr428.33
List Price:  ARS$124,628.98
You save:  ARS$35,610.82
List Price:  Bs970.47
You save:  Bs277.29
List Price:  COP$536,293.92
You save:  COP$153,237.77
List Price:  ₡72,014.29
You save:  ₡20,576.98
List Price:  L3,470.95
You save:  L991.77
List Price:  ₲1,056,195.26
You save:  ₲301,791.63
List Price:  $U5,387.22
You save:  $U1,539.31
List Price:  zł550.04
You save:  zł157.16
Already have an account? Log In


If your script will air out, this next line of the script is saying, whatever you input for the starting IP address treated as the first IP, that becomes a variable that the end map is going to use to begin its scan, and know what range of IP addresses to scan for. So we have an echo for the starting IP address. So we're going to need an echo to tell us or to prompt us to type in the last IP address of the range. And again, we want this to be treated as a variable then n map can use and it's going to be called last IP. Next we create a variable called last IP packet, which is equal to the value after the third period in the last IP address. When a user enters the IP address into the last IP, last IP octet is equal to two five We'd then follow that up with an echo command that's going to be commented out.

But it's just as important as any of the other echo commands. So make sure that you get the syntax correct. We next need to be prompted for the port that we want to scan for. To do this, we're going to type in another echo command and echo face, and it's going to be enclosed enter the port to scan for. And again, we want the script to read this information as a variable called port. And now you can see with this end map command that we have added to the script, exactly how those variables are going to be read.

So anything that we input as a first IP, a last IP, or the last IP octet and or the port number is going to be looked at as a variable and end map is then going to input that information regardless of what the numbers are into its script. So that can run the scan. On a side note, when n map is done performing this scan, we want it to go ahead and output the results to a web file or a txt file called web. And we're going to go ahead and do some more cat stuff here now. So if I type in cat, space web, I'm telling it that I want you to output the contents of the web file. But first, I want you to use the grep command to filter it.

And I only want to see the contents of IP addresses that are have the port open that we scan for, and I want that input or that output sent over to another text file called web one. Now, just as we do with our previous script, we can go ahead and get cat to format that output so that it's much more readable and that's what we're doing here. And we're telling cat, I want you to format the contents that you were given for web one. And I want that information, sent over to another file called web two, and sent to the screen. And now that input, or that information that was formatted and put into the web two file can now be read when we type in cat, web two. So we're now ready to run this script.

So make sure your syntax is correct. You got no errors, everybody's got double quotes. Everything's good to go. And now you can hit Ctrl x, you can type in Y for yes, and hit enter. You can use your up arrow to find the command that will run the Port and hit Enter. And now it asks you for the starting IP address.

You can do an IF config and you can find out what your network IP is and then you Get the correct IP information for your script. This is the IP address from my network, or the network IP of it for my network. So I'm typing in 192 dot 168 dot 145 dot one, which is the starting it. And when I hit Enter, it's going to ask me for the last IP address. So I've typed in 192 dot 168 dot 145254. Because I don't really care about the broadcast for this network, that's which is two pi five.

I'm gonna go ahead and hit enter. Now it wants to know what port I want to scan for. And you can scan for any port. For instance, if you want to know if FTP is running on your network, well, then you can scan for Port 21. If you want to know if someone's got a web server running on your network, well then you can scan for Port 80. I'll go ahead and just scan for Port 80 just for grins and giggles and we'll see what happens and now starts to scan in just a few moments.

It comes back up and it tells me that it found four holes That is scanned the entire range of the IP addresses in 2.46 seconds. And it tells me that Port 80 is closed just about everywhere. So I don't see a problem with Port 80 running on my network. So the takeaway for this lab is to appreciate how useful bash scripting can be for pen testing and for hacking. We can use these scripts to help reduce our administrative burden of having to scan a large number of IP addresses, and then filter them for specific outputs such as what ports are open on what IP address, so we know that our script, our port, generated some txt file, let's go find them. So if I go up here to my files folder, and I go in to the contents of my home directory, you'll see that I have those three files that were generated by the cat and the crap.

Now, this first file is going to have some output. This has got some information about the status of ports and all that good stuff. And I can go ahead and close it out. Now remember, we told it to output any of these IP addresses that had Port 80 running on that. If you didn't have Port 80 running, then there's pretty much nothing to send over to the next text file, which was web one and web two. So when you open these up, yes, they're going to be an empty because there was no IP addresses that were running Port 80.

So just for grins and giggles, let's go back into the script. And this time, we'll run it again. And this time, I'm going to run it across meta splittable to which saw my network. Now, I don't know that many splittable tools on the network, I'm going to scan that same range of IP addresses and we're going to scan for Port 80 and we'll see what happens. So to make sure that I get a clean input, I'm going to go up in here inside of my home directory. I'm going to delete these three output files and just delete those And send it over to the trash.

And now we're going to go back over here to my terminal. Let's go ahead and clear it. And now he's my up arrow. And let's go ahead and run this script one more time. So again, it wants to start an IP address. I'll type that in, I'll hit enter.

Now it wants the last IP address. I'm going to go ahead and hit enter to that. And it wants to port so I can type in Port 80. I'll hit enter, unless you would end map comes up with this time. So this time we got a port 80 that is actually open up on the machine, one dot 30, which is my portable just for grins and giggles. And let's go see what those results look like now.

So again, here's the first output file. We got that done. Then we're going to have that sent over to web one. And there's that information. Now we're going to have it filtered. One more time sent over to web two.

And there you go. So I know that the machine with the IP address of 130 has a port 80 running on it. So imagine that I had 10s of thousands of IP addresses to scan through and look for that last txt file that we created, the web two would have just the IP addresses of the machines that were running party. And I could do the same thing for Port 21. Now, let's say that I've heard that there is a new piece of malware that is exploiting a certain port. I want to know if my network is vulnerable.

Well, what I'm going to do is I'm going to use this script, and I'm going to scan all my IP addresses for that Pacific port that that malware is looking for. That concludes this short video presentation on how we go about using bash scripting to help reduce the administrative burden of having to pen test a large number of IP ranges. If you have any questions or concerns about the video or its content or the lab, please do not hesitate to reach out and contact your instructor. Thank you and I will see you in my next video.

Sign Up


Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.