sudo(8) /path/to/masscan/bin/masscan $(dig +short | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | head -1) -p0-10001 --rate 1000 --wait 3 2> /dev/null | grep(1) -o -P '(?<=port ).*(?=/)'
execute a command as another user
sudo allows a permitted user to execute a command as the superuser or another user, as specified by the
security policy.  The real and effective uid and gid are set to match those of the target user, as
specified in the password database, and the group vector is initialized based on the group database
(unless the -P option was specified).
-p prompt   The -p (prompt) option allows you to override the default password prompt and use a custom
            one.  The following percent (`%') escapes are supported by the sudoers policy:

                   %H  expanded to the host name including the domain name (on if the machine's host name is
                       fully qualified or the fqdn option is set in sudoers(5))

                   %h  expanded to the local host name without the domain name

                   %p  expanded to the name of the user whose password is being requested (respects the rootpw,
                       targetpw and runaspw flags in sudoers(5))

                   %U  expanded to the login name of the user the command will be run as (defaults to root
                       unless the -u option is also specified)

                   %u  expanded to the invoking user's login name

                   %%  two consecutive % characters are collapsed into a single % character

                   The prompt specified by the -p option will override the system password prompt on systems
                   that support PAM unless the passprompt_override flag is disabled in sudoers.
Before a command is executed, its input and output may be redirected using a special notation interpreted
by  the  shell.   Redirection  may  also  be used to open and close files for the current shell execution
environment.  The following redirection operators may precede or appear anywhere within a simple  command
or may follow a command.  Redirections are processed in the order they appear, from left to right.

Redirecting Output
    Redirection of output causes the file whose name results from the expansion of  word  to  be  opened  for
    writing  on  file descriptor n, or the standard output (file descriptor 1) if n is not specified.  If the
    file does not exist it is created; if it does exist it is truncated to zero size.

    The general format for redirecting output is:


    If the redirection operator is >, and the noclobber option to the  set  builtin  has  been  enabled,  the
    redirection  will  fail if the file whose name results from the expansion of word exists and is a regular
    file.  If the redirection operator is >|, or the redirection operator is > and the  noclobber  option  to
    the  set  builtin  command  is  not  enabled, the redirection is attempted even if the file named by word
    A  pipeline is a sequence of one or more commands separated by one of the control operators | or |&.  The
    format for a pipeline is:

           [time [-p]] [ ! ] command [ [||&] command2 ... ]

    The standard output of command is connected  via  a  pipe  to  the  standard  input  of  command2.   This
    connection  is performed before any redirections specified by the command (see REDIRECTION below).  If |&
    is used, the standard error of command is connected to command2's standard input through the pipe; it  is
    shorthand  for  2>&1  |.   This  implicit  redirection  of  the  standard  error  is  performed after any
    redirections specified by the command.

    The return status of a pipeline is the exit status of the last command, unless  the  pipefail  option  is
    enabled.   If  pipefail  is  enabled,  the  pipeline's return status is the value of the last (rightmost)
    command to exit with a non-zero status, or zero if all commands exit successfully.  If the reserved  word
    !   precedes  a  pipeline, the exit status of that pipeline is the logical negation of the exit status as
    described above.  The shell waits for all commands in the pipeline to terminate before returning a value.

    If the time reserved word precedes a pipeline, the elapsed as well as user and system  time  consumed  by
    its execution are reported when the pipeline terminates.  The -p option changes the output format to that
    specified by POSIX.  When the shell is in posix mode, it does not recognize time as a  reserved  word  if
    the  next  token begins with a `-'.  The TIMEFORMAT variable may be set to a format string that specifies
    how the timing information should be displayed; see the description of TIMEFORMAT under  Shell  Variables

    When the shell is in posix mode, time may be followed by a newline.  In this case, the shell displays the
    total user and system time consumed by the shell and its children.  The TIMEFORMAT variable may  be  used
    to specify the format of the time information.

    Each command in a pipeline is executed as a separate process (i.e., in a subshell).
print lines matching a pattern
-o, --only-matching
       Print  only  the  matched  (non-empty) parts of a matching line, with each such part on a separate
       output line.
-P, --perl-regexp
       Interpret PATTERN as a Perl regular expression (PCRE, see below).  This is highly experimental and
       grep -P may warn of unimplemented features.
grep searches the named input FILEs (or standard input if no files are named, or if a single hyphen-minus
(-) is given as file name) for lines containing a match to the given PATTERN.  By  default,  grep  prints
the matching lines.
source manpages: sudogrep