Many of the Nmap Scripting Engine (NSE) scripts are only applicable if there is a service running on a given port. Consider the usage of the following scripts:

• smb-vuln-conficker
• smb-vuln-cve2009-3103
• smb-vuln-ms06-025
• smb-vuln-ms07-029
• smb-vuln-regsvc-dos
• smb-vuln-ms08-067

These scripts will evaluate SMB services running on TCP port 445 for common service vulnerabilities. If these scripts were executed across an entire network, it would have to redo the task of determining whether port 445 is open and whether the SMB service is accessible on each target system. This is a task that has probably already been accomplished during the scanning phase of the assessment. Bash scripting can be used to leverage existing Nmap greppable output files to run service-specific NSE scripts only against systems that are running those services. In this recipe, we will demonstrate how a script can be used to determine hosts 
that are running a service on TCP 445 from previous scan results and then run the previously mentioned scripts against only those systems.