OvernightHacker

Root access to the overnight threat feed.

How-To

How to Automate NMAP Scans With a Bash Script on Kali Linux

Profile Pic OvernightHacker 0

>// How to Automate NMAP Scans With a Bash Script on Kali Linux

Posted on OvernightHacker.com

Okay, picture this.

You somehow yanked a peasant out of medieval England — dirt under his fingernails, no idea what electricity is — dropped him into a college penetration testing class, and then put you in a group project with him. The assignment? Write a script on a Kali Linux box that automatically runs a stealth NMAP scan on an IP address you type in.

Your peasant partner looks at the terminal like it owes him money.

You look at it too… and honestly? Same.

That’s what this article is for. We’re not assuming you know anything. We’re going from “what even is a terminal” to “I just wrote my first real hacking script.” By the end of this, you’ll have something you can actually run, save, and show off.

Let’s go.

First — Go Buy This Book

Before I teach you anything else, I’m gonna plug a book that saved me a ton of time: Linux Basics for Hackers by OccupyTheWeb (No Starch Press).

If you’re serious about getting into cybersecurity, this thing is essentially the manual nobody gives you at the door. It covers the command line, scripting, networking, file permissions — all the stuff you’re going to need, explained in a way that doesn’t make you feel like an idiot. It’s cheap. Go grab it.

Okay, plug over. Back to the terminal.

Terminal Basics — The Stuff You Actually Need

The terminal is just a text-based way to talk to your computer. No icons. No dragging stuff around. Just you, a blinking cursor, and vibes.

Here are the three commands you’re going to need before we even touch the script.

cd — Getting Around

cd stands for “change directory.” It’s how you move around your file system. Think of it like walking through folders, except you type instead of click.

cd /home/yourname/Documents

That moves you into your Documents folder. Want to go back up one level?

cd ..

Two dots means “go up.” One dot (.) means “right here where I already am.” You’ll use these constantly.

If you ever get lost and just need to go home:

cd ~

That tilde (~) is a shortcut for your home directory. Always brings you back.

Finding Where You Are

Sometimes you open a terminal and have no idea where you are. Run this:

pwd

That’s “print working directory.” It just tells you your exact location. And if you want to see what’s in that location:

ls

ls lists everything in the current folder. Add -la to see hidden files and file details:

ls -la

touch — Making a File

Here’s where things get fun. touch creates a new empty file.

touch my_script.sh

That just made a file called my_script.sh in whatever folder you’re currently in.

The .sh at the end is the file extension — it tells Linux (and you) that this is a shell script, meaning it’s a file full of commands that the terminal will run in order. Same concept as .py for Python, .js for JavaScript — the extension tells you what kind of file it is.

Now you know enough to get moving. Let’s actually build the thing.

The Script — Building It Step by Step

Make yourself a folder to keep things organized, then move into it:

mkdir scripts
cd scripts

Now create your script file:

touch stealth_scan.sh

Open it in a text editor. On Kali, nano is the easiest to start with:

nano stealth_scan.sh

Line 1 — The Shebang

The very first line of every bash script looks like this:

#!/bin/bash

That weird #! is called a shebang. It tells the system “hey, use bash to run everything in this file.” Don’t skip it. Just always start with it.

Making It Look Like Something

Let’s add a little header so it feels like a real tool when you run it:

#!/bin/bash

echo "================================"
echo "   Stealth NMAP Scanner v1.0"
echo "================================"
echo ""

echo just prints text to the terminal. That’s it. We’re using it to make the script look clean when it runs.

The Actual Prompt — Asking for the IP

Here’s the magic line. This is what asks you for input when the script runs:

read -p "Enter the IP you want to scan: " target

Breaking that down:

  • read tells the script to wait for you to type something
  • -p lets you put a message before the cursor so you know what to type
  • target is the variable name — it’s just a box that stores whatever you type

After you hit Enter on that IP address, $target holds it. You can use $target anywhere else in the script and it’ll drop your IP in.

Running the Scan

Now you use that variable. The stealth NMAP scan flag is -sS, which does a SYN scan — it sends a packet but doesn’t finish the handshake, making it quieter than a standard scan.

echo ""
echo "[*] Launching stealth scan on $target..."
echo ""

sudo nmap -sS $target

You need sudo here because SYN scanning requires raw packet access, which needs root privileges. Kali usually handles this fine, but that’s why it’s there.

⚠️ Important: Only run NMAP scans on systems and networks you have explicit permission to scan. On your own lab machines, your own network, or in a CTF environment — all good. On someone else’s stuff without permission — that’s illegal, full stop.

Saving the Output

Right now the scan just prints to your terminal and disappears. If you want to save it to a file:

output="scan_${target}_$(date +%Y%m%d_%H%M%S).txt"

echo "[*] Saving output to: $output"
echo ""

sudo nmap -sS $target | tee $output

echo ""
echo "[+] Done. Results saved to $output"

tee is a command that does two things at once — it prints the output to your screen and writes it to a file. The filename includes the IP and a timestamp so you can run scans on multiple targets and not overwrite your old results.

The Full Script

Here’s everything together:

#!/bin/bash

echo "================================"
echo "   Stealth NMAP Scanner v1.0"
echo "================================"
echo ""

read -p "Enter the IP you want to scan: " target

output="scan_${target}_$(date +%Y%m%d_%H%M%S).txt"

echo ""
echo "[*] Launching stealth scan on $target..."
echo "[*] Saving output to: $output"
echo ""

sudo nmap -sS $target | tee $output

echo ""
echo "[+] Done. Results saved to $output"

Saving and Running It

In nano, when you’re done typing:

  • Hit Ctrl + X to exit
  • Press Y to confirm saving
  • Hit Enter to keep the filename

Now you need to make the script executable. By default, Linux doesn’t just let any file run as a program — you have to give it permission:

chmod +x stealth_scan.sh

chmod changes file permissions. +x adds execute permission. Now run it:

./stealth_scan.sh

The ./ tells the terminal “run this file from the current directory.” Type your target IP when prompted, and watch your first real script do its thing.

You Actually Just Did That

Okay so — you started this article as the academic equivalent of a peasant with a keyboard, and you just wrote a working bash script that prompts for user input, runs a stealth NMAP scan, and saves the output with a timestamped filename.

That’s not nothing. That’s genuinely how this stuff starts.

From here, try messing with other NMAP flags. Add a second read prompt that asks what port range to scan. Make it loop so you can scan multiple targets. The script is yours now — break it, fix it, make it do more.

That’s what hacking is anyway.

Enjoyed this? Check out more beginner-friendly security content at OvernightHacker.com

Related Story

Leave a Reply

Your email address will not be published. Required fields are marked *