Network Scan

Automatic Network Scan


Here's a very simple bash script I made myself. It is designed to automate the configuration and execution of port scans on a specified domain or IP address. The code is written to be run on Linux systems and requires the Nmap package to function correctly.


Mandatory arguments:

-t, --target <TARGET_IP>     #The IP address of the target to scan.
-d, --domain <DOMAIN_NAME>   #The domain name of the target to scan.

Optional arguments:

-nc, --no-colors             #Disable console coloring.


./ -t -d
./ -t -d --no-colors


The main goal for this script is to automate the process of enumeration and recon that is run every time, and instead focus our attention on real pentesting.

Manual Network Scan


Nmap large scan

nmap -sVC -sS -sU -T4 -p- <IP_RANGE> -oG output.txt

Grep nmap output to search for live hosts

grep Up ping-sweep.txt | cut -d " " -f 2

Search for nse script for nmap:

cd /usr/share/nmap/scripts/
head -n 5 script.db
cat script.db  | grep '"vuln"\|"exploit"'

Use --script vuln to run all scripts in the "vuln" category against a target in the PWK labs:

sudo nmap --script vuln


Netcat UDP scan

nc -nv -u -z -w 1 1-65535

Netcat TCP scan

nc -nvv -w 1 -z 1-65535



sudo masscan -p80 --rate=1000 -e tap0 --router-ip

Last updated