Writing Bash Scripts for Nmap Automation

Introduction

Nmap (Network Mapper) is one of the most powerful and widely used network scanning tools available. It allows administrators and security professionals to discover hosts, detect open ports, identify services, and even uncover vulnerabilities. However, manually running Nmap commands repeatedly can be inefficient, especially when scanning multiple networks or automating routine security assessments. This is where Bash scripting comes in.

By leveraging Bash scripts, you can automate Nmap scans, schedule them, and even parse their outputs for actionable insights. This article provides a comprehensive guide to writing Bash scripts for Nmap automation, covering the basics, advanced scripting techniques, and practical use cases.

Prerequisites

Before diving into scripting, ensure you have the following:

• A Linux or macOS system (Windows users can use WSL or Cygwin)
• Nmap installed (sudo apt install nmap for Debian-based systems, brew install nmap for macOS)
• Basic knowledge of Bash scripting and command-line usage

Getting Started with Bash Scripting and Nmap

A simple Nmap scan to check for open ports on a target system looks like this:

nmap -sS -p 22,80,443 192.168.1.1

To automate this scan in a Bash script, create a new file called nmap_scan.sh:

#!/bin/bash

# Define the target IP or range
TARGET="192.168.1.1"

# Run the Nmap scan
nmap -sS -p 22,80,443 $TARGET

Make the script executable:

chmod +x nmap_scan.sh

Run the script:

./nmap_scan.sh

This simple script runs a SYN scan on ports 22, 80, and 443 for a predefined target.

Automating Multiple Target Scanning

If you need to scan multiple targets from a list, modify your script to read targets from a file:

#!/bin/bash

# Check if the user provided a file
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 target_list.txt"
    exit 1
fi

TARGET_FILE=$1

# Loop through each target in the file and scan it
while IFS= read -r TARGET; do
    echo "Scanning $TARGET..."
    nmap -sS -p 22,80,443 "$TARGET"
done < "$TARGET_FILE"

Now, create a targets.txt file:

192.168.1.1
192.168.1.2
192.168.1.3

Run the script:

./nmap_scan.sh targets.txt

This automates scanning multiple targets with a single execution.

Saving and Parsing Scan Results

To save scan results to a file for later analysis:

#!/bin/bash

OUTPUT_FILE="nmap_results.txt"
echo "Starting Nmap Scan" > $OUTPUT_FILE

while IFS= read -r TARGET; do
    echo "Scanning $TARGET..." | tee -a $OUTPUT_FILE
    nmap -sS -p 22,80,443 "$TARGET" | tee -a $OUTPUT_FILE
    echo "----------------------------------" | tee -a $OUTPUT_FILE

done < "$1"

Use tee to both print and save output to a file.

Scheduling Automated Scans with Cron Jobs

To run your script at scheduled intervals, use a cron job.

Edit the cron table:

crontab -e

Add the following line to run the script daily at 2 AM:

0 2 * * * /path/to/nmap_scan.sh /path/to/targets.txt

Save and exit. Your scans will now run automatically.

Advanced Techniques: Custom Nmap Scripts

Nmap allows scripting with the Nmap Scripting Engine (NSE). You can invoke NSE scripts from Bash for advanced security analysis:

#!/bin/bash

nmap --script=vulners -sV -p 80,443 192.168.1.1

To scan for common vulnerabilities with NSE:

nmap --script=vulscan/vulscan.nse -sV 192.168.1.1

Conclusion

Automating Nmap scans with Bash scripting saves time, improves efficiency, and ensures consistency in security assessments. From basic target scanning to advanced automation with scheduling and result parsing, Bash scripts can enhance the usability of Nmap significantly. With further customization, you can integrate Nmap with logging, alerting, and reporting systems for a complete security monitoring solution.

Now that you have a strong foundation, consider expanding your scripts to include:

• Email notifications for critical vulnerabilities
• Integration with SIEM tools
• More advanced NSE script automation

By mastering Bash scripting for Nmap, you take a step toward better security and network management automation.