Ethical Hacker Tip of the Day: Bash Portscanner [bash] [awesome++]

By /

Listen to this Post

This basic bash script will scan a /24 network that you specify and upon finding an open port (specified on the CLI) will return:

[Response Code] : <ip> : [ Server response header output ]

Running the Bash Port Scanner:

wget https://raw.githubusercontent.com/Hackertips-today/bashninja/main/bashscan.sh
chmod +x bashscan.sh
./bashscan.sh 1.1.1. 80

Example output:

[bash] : 1.1.1.1 : Server: cloudflare
[bash] : 1.1.1.2 : Server: cloudflare
[bash] : 1.1.1.4 : Server: cloudflare
[bash] : 1.1.1.3 : Server: cloudflare

You Should Know:

1. Understanding the Script Components:

!/bin/bash
if [ "$" -ne 2 ]; then
echo "Usage: $0 <base_ip_prefix> <port>"
echo "Example: $0 192.168.1 80"
exit 1
fi

2. Enhancing the Scanner with cURL:

for ip in {1..254}; do
response=$(curl -s -I -m 2 "http://$1$ip:$2" | head -n 1 | cut -d' ' -f2)
server=$(curl -s -I -m 2 "http://$1$ip:$2" | grep "Server:" | cut -d' ' -f2-)
[ -z "$response" ] || echo "[$response] : $1$ip : $server"
done

3. Parallel Scanning with GNU Parallel:

seq 1 254 | parallel -j 20 'ip={}; curl -s -I -m 2 "http://192.168.1.$ip:80"'

4. Alternative Nmap Version:

nmap -p 80 --open -oG - 192.168.1. | grep "Ports: " | cut -d" " -f2

5. Adding Service Detection:

nmap -sV -p 80 --open 192.168.1.0/24

6. HTTP Status Code Reference:

  • 200 OK
  • 301 Moved Permanently
  • 403 Forbidden
  • 404 Not Found

7. Saving Output to File:

./bashscan.sh 192.168.1 80 > scan_results.txt

8. Timing Options for Stealth:

curl --max-time 1 --connect-timeout 1

9. Checking Multiple Ports:

for port in 80 443 8080; do
./bashscan.sh 192.168.1 $port
done

10. Adding User-Agent:

curl -A "Mozilla/5.0" -s -I -m 2 "http://$1$ip:$2"

What Undercode Say:

This bash port scanner demonstrates how simple yet powerful command-line tools can be for network reconnaissance. The script combines basic networking concepts with HTTP protocol understanding. For more comprehensive scanning, tools like Nmap offer advanced features, but this bash implementation provides a lightweight alternative. Remember to always get proper authorization before scanning any network. The techniques shown here are fundamental for penetration testers and network administrators alike. Understanding HTTP response codes and server headers is crucial for web application security assessments.

Expected Output:

[bash] : 192.168.1.10 : Server: Apache/2.4.29
[bash] : 192.168.1.15 : Server: nginx/1.18.0
[bash] : 192.168.1.20 : Server: Microsoft-IIS/10.0

References:

Reported By: Activity 7314773991175450624 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: