Automation has been a buzz word for quite some time now, but the principles behind it are as strong as ever. For a hacker or pentester, Bash scripting is one form of automation that cannot be ignored. Virtually any command that can be run from the terminal can be scripted — and should be, in many cases — to save valuable time and effort. And a Bash script just happens to be great for recon.
Step 1: Start the Script
To get started, create a Bash script and name it whatever you like. I'll call mine recon.sh. Using your favorite text editor, make the first line look like this:
#!/bin/bash
This is called a shebang, or hashbang, and simply points to the system's interpreter for Bash.
Next, we'll make sure the user supplies input to the script, and if not, prints a usage example and exits. Use a conditional if-then block:
if [ -z "$1" ]
then echo "Usage: ./recon.sh " exit 1
fi
The $1 is the argument we will pass to the script, and the -z option returns true if the string is null. So basically, this says if no argument is passed, print the usage example and exit. The argument we'll use is an IP address.
Step 2: Scan the Host
The next section will run an Nmap scan on the host IP address we supply. First, we'll print a heading for write script automate recon
