The Spring shell scan task (and analysis to retrieve the results) are a very similar use-case. Check the links I posted at Spring Framework RCE Vulnerability – Current BigFix Actions
Since you don’t need to scan inside archives, you can simplify the script a bit.