The example that follows demonstrates how a Bash script can be used to sequence multiple tasks together. In this case, the analysis of an Nmap greppable output file is performed, and then the information identified by that task is used to execute an NSE script against distinct systems. Specifically, the first task will determine what systems are running a service on TCP port 445 and will then run the following scripts against each of those systems:

• smb-vuln-conficker
• smb-vuln-cve2009-3103
• smb-vuln-ms06-025
• smb-vuln-ms07-029
• smb-vuln-regsvc-dos
• smb-vuln-ms08-067

Let's examine the following Bash script:

#! /bin/bash

if [ ! $1 ]; then echo "Usage: #./script <file>"; exit; fi

file=$1

for x in $(grep open $file | grep 445 | cut -d " " -f 2); 
do 
 nmap --script smb-vuln-conficker.nse -p 445 $x --script-args=unsafe=1;
 nmap --script smb-vuln-cve2009-3103.nse -p 445 $x --script-args=unsafe=1;
 nmap --script smb-vuln-ms06-025.nse -p 445 $x --script-args=unsafe=1;
 nmap --script smb-vuln-ms07-029.nse -p 445 $x --script-args=unsafe=1;
 nmap --script smb-vuln-regsvc-dos.nse -p 445 $x --script-args=unsafe=1;
 nmap --script smb-vuln-ms08-067.nse -p 445 $x --script-args=unsafe=1;
done

1. To ensure that the functionality of the script is understood, we will address each line in sequence:
   • The first few lines are similar to the script that was discussed in the previous recipe. The first line points to the Bash interpreter, the second line checks that arguments are provided, and the third line assigns input values to easily understood variable names.
   • The body of the script is quite different though. A for loop is used to cycle through a list of IP addresses that is acquired by means of a grep function. The list of IP addresses output from the grep function corresponds to all systems that have a service running on TCP port 445. For each of these IP addresses, the NSE script is then executed.
   • By only running this script on systems that had previously been identified to have a service running on TCP port 445, the time required to run the NSE scan is drastically reduced:

2. By executing the script without any arguments, the script will output the usage description. This description indicates that the filename of an existing Nmap greppable output file should be supplied. When the Nmap output file is supplied, the script quickly analyzes the file to find any systems with a service on TCP port 445, then runs the NSE scripts on each of those systems, and outputs the results to the terminal:

3. Scrolling through the terminal output, we can see that the target machine is vulnerable to the MS08-67 exploit:

In the example provided, the script is passed to the netscan.txt output file. After a quick analysis of the file, the script determines that two systems are running services on port 445. Each of these services was then scanned with the scripts listed before, and the output was generated in the terminal.