From 03526fc600087aa123b30e3038c48ea058b08f3e Mon Sep 17 00:00:00 2001 From: root Date: Sun, 6 Mar 2016 16:09:23 -0500 Subject: [PATCH] Sn1per v1.6b by 1N3 @CrowdShield --- install.sh | 5 +++-- loot/README.md | 8 +++++++- loot/nmap-192.168.1.1.xml | 6 ------ loot/nmap-bugcrowd.com.xml | 6 ------ loot/nmap-crowdshield.com.xml | 6 ------ sniper | 12 ++++++++++++ 6 files changed, 22 insertions(+), 21 deletions(-) delete mode 100644 loot/nmap-192.168.1.1.xml delete mode 100644 loot/nmap-bugcrowd.com.xml delete mode 100644 loot/nmap-crowdshield.com.xml diff --git a/install.sh b/install.sh index 552ba62..9fd0371 100644 --- a/install.sh +++ b/install.sh @@ -24,14 +24,14 @@ echo -e "$OKGREEN + -- --=[This script will install or upgrade your Sn1per insta read answer echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET" -apt-get install unicornscan waffit host whois arachni theHarvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap +apt-get install cutycapt unicornscan waffit host whois arachni theHarvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET" gem install rake gem install ruby-nmap net-http-persistent mechanize text-table echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET" -rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ +rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET" git clone https://github.com/1N3/Findsploit.git @@ -43,6 +43,7 @@ git clone https://github.com/1N3/SuperMicro-Password-Scanner git clone https://github.com/Dionach/CMSmap.git git clone https://github.com/0xsauby/yasuo.git git clone https://github.com/johndekroon/serializekiller.git +git clone https://github.com/aboul3la/Sublist3r.git echo -e "$OKORANGE + -- --=[Setting up environment...$RESET" mkdir loot 2> /dev/null diff --git a/loot/README.md b/loot/README.md index 7a645c2..d6f590d 100644 --- a/loot/README.md +++ b/loot/README.md @@ -25,6 +25,7 @@ Sn1per is an automated scanner that can be used during a penetration test to enu # ./sniper # ./sniper stealth # ./sniper port +# ./sniper web # ./sniper nobrute # ./sniper airstrike # ./sniper nuke @@ -34,6 +35,7 @@ Sn1per is an automated scanner that can be used during a penetration test to enu * REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command. * STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking * PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode. +* WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly. * NOBRUTE: Launches a full scan against a target host/domain without brute forcing services. * AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning. * NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. @@ -44,6 +46,10 @@ https://gist.github.com/1N3/8214ec2da2c91691bcbc ``` ## CHANGELOG: +* v1.6a - Added improvements to recon phase +* v1.6a - Fixed small issue with 3rd party extension +* v1.6a - Various improvements to overall optimization of scans +* v1.6a - Added new "web" mode for full web application scans * v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke * v1.6 - Added Java de-serialization scanner * v1.6 - Added reporting option to output to console and text file for all scans @@ -84,4 +90,4 @@ https://gist.github.com/1N3/8214ec2da2c91691bcbc ## FUTURE: * Add in OpenVAS integration -* Look into HTML reporting or text based output options to save scan data +* Look into HTML reporting options diff --git a/loot/nmap-192.168.1.1.xml b/loot/nmap-192.168.1.1.xml deleted file mode 100644 index b1078bb..0000000 --- a/loot/nmap-192.168.1.1.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/loot/nmap-bugcrowd.com.xml b/loot/nmap-bugcrowd.com.xml deleted file mode 100644 index ea00015..0000000 --- a/loot/nmap-bugcrowd.com.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/loot/nmap-crowdshield.com.xml b/loot/nmap-crowdshield.com.xml deleted file mode 100644 index df1fecf..0000000 --- a/loot/nmap-crowdshield.com.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - - - - diff --git a/sniper b/sniper index 4112a05..cb6dece 100644 --- a/sniper +++ b/sniper @@ -138,6 +138,7 @@ if [ "$MODE" = "stealth" ]; then dnsrecon -d $TARGET -t axfr dnsenum $TARGET -f BruteX/wordlists/namelist.txt mv -f *_ips.txt loot/ 2>/dev/null + python Sublist3r/sublist3r.py -d $TARGET -b -t 30 2>/dev/null fi echo "" echo -e "$OKGREEN################################### Running passive scans #########################$RESET" @@ -146,6 +147,7 @@ if [ "$MODE" = "stealth" ]; then whatweb http://$TARGET xsstracer $TARGET 80 sslscan --no-failed $TARGET + cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg exit fi @@ -203,6 +205,7 @@ if [ "$MODE" = "airstrike" ]; then dnsrecon -d $a -t axfr dnsenum $a -f BruteX/wordlists/namelist.txt mv -f *_ips.txt loot/ 2>/dev/null + python Sublist3r/sublist3r.py -d $TARGET -b -t 30 2>/dev/null fi echo "" echo -e "$OKGREEN################################### Running passive scans #########################$RESET" @@ -211,6 +214,7 @@ if [ "$MODE" = "airstrike" ]; then whatweb http://$a xsstracer $a 80 sslscan --no-failed $a + cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg done; exit fi @@ -280,6 +284,7 @@ then dnsrecon -d $TARGET -t axfr dnsenum $TARGET -f BruteX/wordlists/namelist.txt mv -f *_ips.txt loot/ 2>/dev/null + python Sublist3r/sublist3r.py -d $TARGET -b -t 30 2>/dev/null fi echo "" echo -e "$OKGREEN################################### Pinging host ###################################$RESET" @@ -460,6 +465,7 @@ else echo -e "$RESET" nikto -h http://$TARGET + cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg if [ "$MODE" = "web" ] then @@ -601,6 +607,7 @@ else echo "" echo -e "$RESET" nikto -h https://$TARGET + cutycapt --url=https://$TARGET --out=loot/$TARGET-port443.jpg if [ "$MODE" = "web" ] then @@ -761,6 +768,7 @@ else ./massbleed $TARGET port 8000 cd .. nikto -h http://$TARGET:8000 + cutycapt --url=http://$TARGET:8000 --out=loot/$TARGET-port8000.jpg #arachni http://$TARGET:8000 --output-only-positives fi @@ -779,6 +787,7 @@ else ./massbleed $TARGET port 8100 cd .. nikto -h http://$TARGET:8100 + cutycapt --url=http://$TARGET:8100 --out=loot/$TARGET-port8100.jpg #arachni http://$TARGET:8100 --output-only-positives fi @@ -797,6 +806,7 @@ else ./massbleed $TARGET port 8080 cd .. nikto -h http://$TARGET:8080 + cutycapt --url=http://$TARGET:8080 --out=loot/$TARGET-port8080.jpg nmap -p 8080 --script=*proxy* $TARGET #arachni http://$TARGET:8080 --output-only-positives msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;" @@ -817,6 +827,7 @@ else ./massbleed $TARGET port 8180 cd .. nikto -h http://$TARGET:8180 + cutycapt --url=http://$TARGET:8180 --out=loot/$TARGET-port8180.jpg nmap -p 8180 --script=*proxy* $TARGET #arachni http://$TARGET:8180 --output-only-positives msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8180; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;" @@ -837,6 +848,7 @@ else ./massbleed $TARGET port 8443 cd .. nikto -h https://$TARGET:8443 + cutycapt --url=https://$TARGET:8443 --out=loot/$TARGET-port8443.jpg nmap -p 8443 --script=*proxy* $TARGET #arachni https://$TARGET:8443 --output-only-positives fi