Active Information Gathering

This phase is an important step in penetration testing and involves contact between the pen tester and the actual target.

Port Scanning

A simple bash script to grab open ports with nmap and then scan those ports more aggressively:

#!/bin/bash
echo Grabbing ports...
ports=$(nmap -p- --min-rate 1000 -T4 $1 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)  
echo Ports grabbed!
echo Scanning...
nmap -sC -sV -Pn -p $ports $1 $2 $3

Example:

portscan 192.168.0.1 -oX nmap.xml