Would be interesting to offer this script as "ptaas" penetration testing as a service. That way instead of having the script and having the potential to abuse the script (or temptation) someone would be forced to allow tracking of the IP (presumably their own or their companies) that they are doing the testing on (and you could compile statistics for use elsewhere as a condition if they got the script for free). I know companies already offer this service (we had to go through one of those for PCI) but iirc it was rather expensive. FWIW the bank that required it never followed up after the initial "you have to do this and we suggest this particular company".