Sn1per by @Sn1perSecurity - https://sn1persecurity.com

This commit is contained in:
root 2022-12-11 16:50:18 -07:00
parent 7bcb639e3f
commit c50af967c0
28 changed files with 71 additions and 80 deletions

View File

@ -1,4 +1,6 @@
## CHANGELOG: ## CHANGELOG:
* v9.1 - Updated Nuclei sc0pe templates
* v9.1 - Fixed issue with Nuclei sc0pe parsers not working
* v9.1 - Fixed issue with GAU installer/commmand not working * v9.1 - Fixed issue with GAU installer/commmand not working
* v9.1 - Fixed issue with passive URL fetching * v9.1 - Fixed issue with passive URL fetching
* v9.1 - Fixed issue with nuclei not being installed * v9.1 - Fixed issue with nuclei not being installed

View File

@ -16,7 +16,7 @@
[![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-workspace-navigator1-3.png)](https://sn1persecurity.com/) [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-workspace-navigator1-3.png)](https://sn1persecurity.com/)
## The ultimate pentesting toolkit. ## The ultimate pentesting toolkit.
See how Sn1per can help your security team Integrate with the leading commercial and open source vulnerability scanners to scan for the latest CVEs and vulnerabilities.
[![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-workspace-report1-3.png)](https://sn1persecurity.com/) [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-workspace-report1-3.png)](https://sn1persecurity.com/)
@ -26,7 +26,7 @@ Security tools are expensive and time-consuming, but with Sn1per, you can save t
[![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-host-list3-1.png)](https://sn1persecurity.com/) [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-host-list3-1.png)](https://sn1persecurity.com/)
### Find what you can't see. ### Find what you can't see.
Hacking is a problem that's only getting worse. But, with Sn1per, you can find what you cant see—hidden assets and vulnerabilities in your environment. Integrate with the leading commercial and open source vulnerability scanners to scan for the latest CVEs and vulnerabilities. Find out quickly how hackers can attack your business or organization before its too late. Hacking is a problem that's only getting worse. But, with Sn1per, you can find what you cant see—hidden assets and vulnerabilities in your environment.
[![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-host-list2-1.png)](https://sn1persecurity.com/) [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-host-list2-1.png)](https://sn1persecurity.com/)

View File

@ -347,7 +347,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
echo -e "$OKRED RUNNING NUCLEI SCAN $RESET" echo -e "$OKRED RUNNING NUCLEI SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
nuclei -silent -t /usr/share/sniper/plugins/nuclei-templates/ -c $THREADS -target http://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-http-${TARGET}-port${PORT}.txt nuclei -silent -t /root/nuclei-templates/ -c $THREADS -target http://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-http-${TARGET}-port${PORT}.txt
fi fi
SSL="false" SSL="false"
source $INSTALL_DIR/modes/web_autopwn.sh source $INSTALL_DIR/modes/web_autopwn.sh

View File

@ -356,7 +356,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
echo -e "$OKRED RUNNING NUCLEI SCAN $RESET" echo -e "$OKRED RUNNING NUCLEI SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
nuclei -silent -t /usr/share/sniper/plugins/nuclei-templates/ -c $THREADS -target https://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-https-${TARGET}-port${PORT}.txt nuclei -silent -t /root/nuclei-templates/ -c $THREADS -target https://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-https-${TARGET}-port${PORT}.txt
fi fi
cd $INSTALL_DIR cd $INSTALL_DIR
SSL="true" SSL="true"

View File

@ -2,8 +2,8 @@ AUTHOR='@xer0dayz'
VULN_NAME='Apache Tomcat Detected' VULN_NAME='Apache Tomcat Detected'
URI='/404_DOES_NOT_EXIST' URI='/404_DOES_NOT_EXIST'
METHOD='GET' METHOD='GET'
MATCH="Apache\ Tomcat" MATCH="Apache\ Tomcat\/[0-9]?[0-9]\.[0-9]?[0-9]\.[0-9]?[0-9]"
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
CURL_OPTS="--user-agent '' -s -L --insecure" CURL_OPTS="--user-agent '' -s -L --insecure"
SECONDARY_COMMANDS='' SECONDARY_COMMANDS=''
GREP_OPTIONS='-i' GREP_OPTIONS='-o'

View File

@ -2,8 +2,8 @@ AUTHOR='@xer0dayz'
VULN_NAME='PHP Info Detected 1' VULN_NAME='PHP Info Detected 1'
URI='/phpinfo.php' URI='/phpinfo.php'
METHOD='GET' METHOD='GET'
MATCH='PHP Version ' MATCH='>PHP Version \<'
SEVERITY='P4 - LOW' SEVERITY='P4 - LOW'
CURL_OPTS="--user-agent '' -s -L --insecure" CURL_OPTS="--user-agent '' -s -L --insecure"
SECONDARY_COMMANDS='' SECONDARY_COMMANDS=''
GREP_OPTIONS='-i' GREP_OPTIONS='-e'

View File

@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
VULN_NAME='VMware vCenter Unauthenticated Arbitrary File Read' VULN_NAME='VMware vCenter Unauthenticated Arbitrary File Read'
URI='/eam/vib?id=C:\\ProgramData\\VMware\\vCenterServer\\cfg\\vmware-vpx\\vcdb.properties' URI='/eam/vib?id=C:\\ProgramData\\VMware\\vCenterServer\\cfg\\vmware-vpx\\vcdb.properties'
METHOD='GET' METHOD='GET'
MATCH="dbtype|password\.ecrypted" MATCH="dbtype\ |password\.ecrypted"
SEVERITY='P2 - HIGH' SEVERITY='P2 - HIGH'
CURL_OPTS="--user-agent '' -s -L --insecure" CURL_OPTS="--user-agent '' -s -L --insecure"
SECONDARY_COMMANDS='' SECONDARY_COMMANDS=''

View File

@ -1,7 +1,8 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Interesting Domain Found' VULN_NAME='Interesting Domain Found'
FILENAME="$LOOT_DIR/domains/domains-all-sorted_NA.txt" echo "$TARGET" > /tmp/target
MATCH='admin|dev|portal|stage|prod|tst|test' FILENAME="/tmp/target"
MATCH="admin|dev|portal|stage|prod|tst|test"
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'
SEARCH='positive' SEARCH='positive'

View File

@ -1,7 +1,7 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Possible Takeover Detected' VULN_NAME='Possible Takeover Detected'
FILENAME="$LOOT_DIR/nmap/takeovers-$TARGET.txt" FILENAME="$LOOT_DIR/nmap/takeovers-$TARGET.txt"
MATCH='netlify|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|modulus|unbounce|uservoice|wpengine|cloudapp' MATCH='anima|bitly|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp|azure|trafficmanager|netifly|brandpa'
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'
SEARCH='positive' SEARCH='positive'

View File

@ -1,6 +1,7 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Component With Known Vulnerabilities - NMap' VULN_NAME='Component With Known Vulnerabilities - NMap'
FILENAME="$LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET-*.txt" FILENAME="$LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET-*.txt"
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
MATCH="vulners.com" MATCH="vulners.com"
GREP_OPTIONS='-ih' GREP_OPTIONS='-ih'
TYPE="network" TYPE="network"

View File

@ -1,7 +1,7 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Interesting Ports Found' VULN_NAME='Interesting Ports Found'
FILENAME="$LOOT_DIR/nmap/ports-$TARGET.txt" FILENAME="$LOOT_DIR/nmap/ports-$TARGET.txt"
MATCH="21\ |22\ |23\ |137\ |139\ |445\ |8080\ |8443\ |3306\ |5900\ |53\ |8081\ " MATCH="21\ |22\ |23\ |137\ |139\ |445\ |8080\ |8443\ |3306\ |5900\ |53\ |8081\ |5432\ "
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'
SECONDARY_COMMANDS='' SECONDARY_COMMANDS=''
@ -9,6 +9,15 @@ OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
TYPE='network' TYPE='network'
rm -f /tmp/match.out 2> /dev/null rm -f /tmp/match.out 2> /dev/null
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null | head -n 1 2> /dev/null > /tmp/match.out
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g")" 2> /dev/null | tee -a "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[sn1persecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
CHARS="$(wc -c /tmp/match.out 2> /dev/null | awk '{print $1}' 2> /dev/null)"
if [[ $CHARS > 0 ]]; then
echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out 2> /dev/null)" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
# /bin/bash "$INSTALL_DIR/bin/slack.sh" "[+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
#echo "•?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
else
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
fi
rm -f /tmp/match.out 2> /dev/null rm -f /tmp/match.out 2> /dev/null

View File

@ -1,14 +0,0 @@
AUTHOR='@xer0dayz'
VULN_NAME='Nessus Import'
FILENAME="${LOOT_DIR}/output/nessus-report_${TARGET}_*.csv"
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
TYPE="network"
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
grep Critical $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P1 - CRITICAL, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
grep High $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P2 - HIGH, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
grep Medium $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P3 - MEDIUM, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
grep Low $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P4 - LOW, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
grep None $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P5 - INFO, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' | grep -v "None" 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Autocomplete Enabled' VULN_NAME='Autocomplete Enabled'
FILENAME="$LOOT_DIR/web/websource-$TARGET-*.txt" FILENAME="$LOOT_DIR/web/websource-htt*-$TARGET-*.txt"
MATCH='autocomplete=\"on\"' MATCH='autocomplete=\"on\"'
SEVERITY='P4 - LOW' SEVERITY='P4 - LOW'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='CORS Policy - Allow-Credentials Enabled' VULN_NAME='CORS Policy - Allow-Credentials Enabled'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
MATCH='Access-Control-Allow-Credentials: true' MATCH='Access-Control-Allow-Credentials: true'
SEVERITY='P4 - LOW' SEVERITY='P4 - LOW'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='CORS Policy - Allow-Origin Wildcard' VULN_NAME='CORS Policy - Allow-Origin Wildcard'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
MATCH='Access-Control-Allow-Origin: *' MATCH='Access-Control-Allow-Origin: *'
SEVERITY='P4 - LOW' SEVERITY='P4 - LOW'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -1,12 +1,10 @@
if [ "$SSL" = "false" ]; then if [ "$SSL" = "false" ]; then
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Clear-Text Protocol - HTTP' VULN_NAME='Clear-Text Protocol - HTTP'
FILENAME="$LOOT_DIR/web/headers-http-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-http-$TARGET-*.txt"
MATCH="200\ OK" MATCH="200\ OK"
SEVERITY='P2 - HIGH' SEVERITY='P2 - HIGH'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'
SEARCH='positive' SEARCH='positive'
SECONDARY_COMMANDS='' SECONDARY_COMMANDS=''
else
break
fi fi

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Drupal Detected' VULN_NAME='Drupal Detected'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
MATCH="X\-Generator\:\ Drupal\ " MATCH="X\-Generator\:\ Drupal\ "
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Expired SSL Certificate' VULN_NAME='Expired SSL Certificate'
FILENAME="$LOOT_DIR/web/curldebug-$TARGET.txt" FILENAME="$LOOT_DIR/web/curldebug-$TARGET-*.txt"
MATCH='certificate has expired' MATCH='certificate has expired'
SEVERITY='P3 - MEDIUM' SEVERITY='P3 - MEDIUM'
GREP_OPTIONS='' GREP_OPTIONS=''

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Fortinet FortiGate SSL VPN Panel Passive Detection' VULN_NAME='Fortinet FortiGate SSL VPN Panel Passive Detection'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
MATCH="Server\:\ xxxxxxxx-xxxxx" MATCH="Server\:\ xxxxxxxx-xxxxx"
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Insecure Cookie - HTTPOnly Not Set' VULN_NAME='Insecure Cookie - HTTPOnly Not Set'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
MATCH='Set-Cookie' MATCH='Set-Cookie'
SEVERITY='P3 - MEDIUM' SEVERITY='P3 - MEDIUM'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Insecure Cookie - Secure Not Set' VULN_NAME='Insecure Cookie - Secure Not Set'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
MATCH='Set-Cookie' MATCH='Set-Cookie'
SEVERITY='P3 - MEDIUM' SEVERITY='P3 - MEDIUM'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -1,10 +1,8 @@
if [ "$SSL" = "true" ]; then AUTHOR='@xer0dayz'
AUTHOR='@xer0dayz' VULN_NAME='Weak SSL TLS Protocols'
VULN_NAME='Weak SSL TLS Protocols' FILENAME="$LOOT_DIR/web/sslscan-$TARGET.txt $LOOT_DIR/web/sslscan-$TARGET-*.txt"
FILENAME="$LOOT_DIR/web/sslscan-$TARGET.txt" MATCH="SSLv* enabled"
MATCH=' SSLv' SEVERITY='P2 - HIGH'
SEVERITY='P2 - HIGH' GREP_OPTIONS='-i'
GREP_OPTIONS='-i' SEARCH='positive'
SEARCH='positive' SECONDARY_COMMANDS=''
SECONDARY_COMMANDS=''
fi

View File

@ -1,13 +1,9 @@
if [ "$SSL" = "true" ]; then AUTHOR='@xer0dayz'
AUTHOR='@xer0dayz' VULN_NAME='Insecure SSL TLS Connection CN Mismatch'
VULN_NAME='Insecure SSL TLS Connection CN Mismatch' FILENAME="$LOOT_DIR/web/curldebug-$TARGET.txt"
FILENAME="$LOOT_DIR/web/curldebug-$TARGET.txt" MATCH='failed to verify the legitimacy of the server'
MATCH='failed to verify the legitimacy of the server' SEVERITY='P3 - MEDIUM'
SEVERITY='P3 - MEDIUM' GREP_OPTIONS='-i'
GREP_OPTIONS='-i' SEARCH='positive'
SEARCH='positive' SECONDARY_COMMANDS=''
SECONDARY_COMMANDS='' URI="/"
URI="/"
else
break
fi

View File

@ -1,7 +1,7 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Interesting Title Found' VULN_NAME='Interesting Title Found'
FILENAME="$LOOT_DIR/web/title-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/title-htt*-$TARGET-*.txt"
MATCH='admin|dev|portal' MATCH='admin|dev|portal|login|sign|signup|registration|account'
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'
SEARCH='positive' SEARCH='positive'

View File

@ -1,18 +1,18 @@
if [ "$SSL" = "false" ]; then if [ "$SSL" = "false" ]; then
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Server Header Disclosure - HTTP' VULN_NAME='Server Header Disclosure - HTTP'
FILENAME="$LOOT_DIR/web/headers-http-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-http-$TARGET-*.txt"
MATCH="Server\:" MATCH="Server\:"
SEVERITY='P4 - LOW' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'
SEARCH='positive' SEARCH='positive'
SECONDARY_COMMANDS='' SECONDARY_COMMANDS=''
else else
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='Server Header Disclosure - HTTPS' VULN_NAME='Server Header Disclosure - HTTPS'
FILENAME="$LOOT_DIR/web/headers-https-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-https-$TARGET-*.txt"
MATCH="Server\:" MATCH="Server\:"
SEVERITY='P4 - LOW' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'
SEARCH='positive' SEARCH='positive'
SECONDARY_COMMANDS='' SECONDARY_COMMANDS=''

View File

@ -1,6 +1,6 @@
AUTHOR='@xer0dayz' AUTHOR='@xer0dayz'
VULN_NAME='X-Powered-By Header Found' VULN_NAME='X-Powered-By Header Found'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt" FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
MATCH='X-Powered-By' MATCH='X-Powered-By'
SEVERITY='P5 - INFO' SEVERITY='P5 - INFO'
GREP_OPTIONS='-i' GREP_OPTIONS='-i'

View File

@ -6,14 +6,14 @@ GREP_OPTIONS='-ih'
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[critical\]" MATCH="\[critical\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P1 - CRITICAL, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P1 - CRITICAL, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[high\]" MATCH="\[high\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P2 - HIGH, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P2 - HIGH, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[medium\]" MATCH="\[medium\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P3 - MEDIUM, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P3 - MEDIUM, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[low\]" MATCH="\[low\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[info\]" MATCH="\[info\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P5 - INFO, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P5 - INFO, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null

View File

@ -6,14 +6,14 @@ GREP_OPTIONS='-ih'
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[critical\]" MATCH="\[critical\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P1 - CRITICAL, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P1 - CRITICAL, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[high\]" MATCH="\[high\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P2 - HIGH, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P2 - HIGH, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[medium\]" MATCH="\[medium\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P3 - MEDIUM, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P3 - MEDIUM, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[low\]" MATCH="\[low\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
MATCH="\[info\]" MATCH="\[info\]"
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P5 - INFO, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P5 - INFO, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null