Automate Recon with Your Own Bash Script [Tutorial]

August 3, 2020 by 32 Comments

Get Our Premium Ethical Hacking Bundle (90% Off):

How to Write a Bash Script to Automate Reconnaissance
Full Tutorial:
Subscribe to Null Byte:
Nick’s Twitter:

Cyber Weapons Lab, Episode 179

To graduate to the big leagues and learn more about networking, you need to learn how to write your own hacking scripts. Cybersecurity specialists, hackers, pentesters, and other IT professionals can write their own scripts in many different languages, from C to Python, but the most popular by far is Bash since it’s understood natively by all Unix systems, including Linux and macOS.

So when it comes to reconnaissance, or more specifically, automating recon so you’re doing the same old thing time after time, Bash scripts are the way to go since it will have a higher degree of success.

On this episode of Cyber Weapons Lab, we’re going to show you how to write a Bash script from the group up, starting with a very basic “Hello World” script, then begin incorporating tasks such as automating Nmap scans and enumerating a local network.

This episode is based off of the Null Byte article written by drd_, To learn more, check out the article:

Follow Null Byte on:
Weekly newsletter:


32 Replies to “Automate Recon with Your Own Bash Script [Tutorial]”

  1. Hay buddy !!! Can u please explain about Linux repositories ?

  2. What laptop are u using

  3. 0xShri says:

    I don't know I want my "Kody" back

  4. 0xShri says:

    Hey is that a mechanical keyboard (used in the video)

    Which one

  5. Night Viper says:

    am I a script kiddie if I created my own super simple automated script that automates the nmap, sqlmap hydra, etc commands?

    it works like this:
    there are multiple options
    1 nmap
    2 hydra
    3 sqlmap
    I choose 1 and it'll ask me
    Target IP/Domain:
    and after that it runs nmap against the given target.
    doesn't filter out any other information, just the raw output, so yeah, super simple

  6. For anyone wondering how the script magically started to work, he left out the "then" statement. it is like:
    if x; then

  7. Okay .. did he have a serious fight with his cat or what ? 👀

  8. Evan Price says:

    Could you use vim on this?

  9. This is the real nullbyte the other one that never blinks is a clone or cyborg

  10. Luke Stone says:

    Can you do a video on rooting a smartphone with graphine os?

  11. MOVIE CLIPS says:

    how prevent from cyber attacks in windows 10 os plzz post a vedio bro

  12. hafiz alfian says:

    Where is my man? Unblinking man.

  13. kapil soni says:

    Awesome!! Thanks

  14. Raja Khurram says:

    Is there any softhearted ethical hacker who help me in learning …plzz
    Am a beginer😢

  15. Fine Wine says:

    Next up ZSH& FISH

  16. #!/usr/bin/env bash is recommended for better portability

  17. pepe perez says:

    fuck chmod, i always run scripts like this:

  18. no one says:

    U call it automate recon..??

  19. Balzan krp says:

    Getting error at line 29 😤 & you mean fi or if

  20. Hey can you do a vid of how to hack any car and control it pls ty

  21. This is shorter

    if [ ! -z "$( nmap -p 80 $1 | grep open)" ] ; then
    whatweb $1 -v > temp

  22. marc says:

    I followed but mine only shows text of PORT STATE SERVICE without the output of port numbers and its status. Can someone help?

  23. Storin t'Kel says:

    I'm sorry, but I'm kind of done with these half-assed tutorials. It's not that difficult to make video's with a bit more transparency and proper explanation. I watched the video's of Mr Blinkenlid s they were useful and seriously helped me on my way. These days I watch for the heck of it but it's gone down in quality.

  24. Dixie Normus says:

    Where did the other guy go???????

  25. I like you very much bro

  26. Are you using a Gnome Desktop Environment or Ubuntu?

  27. Spoozy says:

    it puts me Permission denied help me please

  28. Ovie Oyegwa says:

    working script below. Run with script with the target IP address


    #Start the Script

    if [ -z "$1" ]


    echo "Usage: ./ <IP>"

    exit 1


    #Scan the Host

    printf "n—– NMAP —–nn" > results

    echo "Running Nmap…"

    nmap $1 | tail -n +5 | head -n -3 >> results

    #Enumerate HTTP

    while read line


    if [[ $line == open ]] && [[ $line == http ]]


    echo "Running Gobuster…"

    gobuster dir -u $1 -w /usr/share/wordlists/dirb/common.txt -qz > temp1

    echo "Running WhatWeb…"

    whatweb $1 -v > temp2


    done < results

    #Display Result

    if [ -e temp1 ]


    printf "n—– DIRS —–nn" >> results

    cat temp1 >> results

    rm temp1


    if [ -e temp2 ]


    printf "n—– WEB —–nn" >> results

    cat temp2 >> results

    rm temp2


    cat results

  29. Ovie Oyegwa says:

    very useful script. works fine. thanks

  30. Thenga Kola says:

    what if i grep for "open" in nmap line?? like..
    nmap "$1" | grep -i "open" ???

  31. Necro Gnosis says:

    I think Cody's on new script he went from the unblinking man to the semi blinking man no0oo0o