Can a Bash pro help me in breaking down this one liner?

I need help breaking down what this one liner is doing step by step
The more I look at it makes my head hurt.

shodan search --fields ip_str --limit 1000 'product:"Oracle Weblogic" port:"7001" country:"US"' | sort -u | nmap -sT -Pn -n -oG - -iL - -p 7001 | grep open | awk '{print $2}' | xargs -I % -n 1 -P 30 bash -c 'RESULT=`curl -s -I -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko0100101 Firefox/54.0" -H "Connection":"close" -H "Accept-Language":"en-US -H en;q=0.5" -H "Accept":"text/html -H application/xhtml+xml -H application/xml;q=0.9 -H */*;q=0.8" -H "Upgrade-Insecure-Requests":"1" %:7001/ws_utc/ | egrep HTTP`; echo "%: $RESULT";'

I was given this because I am working on a project to scan a very large subnet for open VNC and automatically screenshot it and the person said this one-liner could be modified to do so.

The |s separate commands, pipes also take the output of the previous command and insert it into the next command.

sort -u just removes duplicates.

nmap -sT -Pn -n -oG - -iL - -p 7001 | grep open accepts the sorted shodan results and checks if the IP exists and is active

awk prints the 2nd column of the nmap results which must be an IP

xargs takes the IP and inserts it into the curl | egrep; echo command which tries to download IP:7001/ file and then runs egrep on it for a line of text that contains HTTP

The result from curl | egrep is stored in a variable RESULT

Then RESULT is just displayed on the screen.


Thank you, I know most of it but when I hit the xargs I go completely blank.


Notice that xargs uses the -I argument to specify the replacement string %. I don’t use xargs much either, but man xargs is your friend :slight_smile:

1 Like