`

variables are set 5. If they are, this means we’ve parsed the output

correctly and can finish the script by printing the IP address and the

operating system type.

To understand why we parse the output the way we do using

grep, awk and sed, run the following command in a separate

terminal:

$ sudo nmap -O 172.16.10.0/24 -oG -

--snip--

Host: 172.16.10.10 () Ports: 8081/open/tcp//blackice-icecap/// Ignored State: closed (999) OS:

Linux 4.15 - 5.6 Seq Index: 258 IP ID Seq: All zeros

--snip--

As you can see, the output is separated by whitespaces. The IP

address is found immediately after the first space, and the operating

system type comes after the word OS: but before the word Seq,

which is why we needed to extract the text between these two. You

can do this parsing in other ways, too, such as with regular

expressions; this is just one of way of achieving the task.

You can download the script at https://github.com/dolevf/Black-

Hat-Bash/blob/master/ch04/os_detection.sh. Save and run it using

the following command (Listing 4-17).

$ ./os_detection.sh 172.16.10.0/24

Running an OS Detection Scan against 172.16.10.0/24...

IP: 172.16.10.10 OS: Linux 4.15 - 5.6

IP: 172.16.10.11 OS: Linux 4.15 - 5.6

IP: 172.16.10.12 OS: Linux 4.15 - 5.6

IP: 172.16.10.13 OS: Linux 4.15 - 5.6

IP: 172.16.10.1 OS: Linux 2.6.32

Listing 4-17

An operating system detection script that shows only the IP addresses and the operating system

At this point, we’ve identified a couple of HTTP servers, an FTP

server, and an SSH server. Let’s take a closer look at the HTTP

servers.

Analyzing Websites with Wappalyzer

Wappalyzer is a technology-detection tool tailored to web

applications. It has a rich database of signatures for detecting the

software running on the remote target, including web frameworks,

web servers, databases, operating systems, content management

Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks