diff --git a/CHANGELOG.md b/CHANGELOG.md index 9814fc2..39aee16 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ## CHANGELOG: +* v2.4b - Fixed issue with discovery scan output file (CC. @ifly53e) +* v2.4b - Fixed issue with Intel AMT RCE port list * v2.4a - Added all NMap script checks via 'fullportonly' mode * v2.4a - Added JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Metasploit exploit * v2.4a - Added Java RMI RCE NMap/Metasploit detection diff --git a/sniper b/sniper index 01c6439..6270ec1 100644 --- a/sniper +++ b/sniper @@ -97,7 +97,7 @@ USER_FILE="/usr/share/brutex/wordlists/simple-users.txt" PASS_FILE="/usr/share/brutex/wordlists/password.lst" DNS_FILE="/usr/share/brutex/wordlists/namelist.txt" SUPER_MICRO_SCAN="/usr/share/sniper/plugins/SuperMicro-Password-Scanner/supermicro_scan.sh" -DEFAULT_PORTS="21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,623,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,16992,27017,27018,27019,28017,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049" +DEFAULT_PORTS="21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,623,624,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,16992,27017,27018,27019,28017,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049" THREADS="30" OKBLUE='\033[94m' OKRED='\033[91m' @@ -272,7 +272,7 @@ if [ "$MODE" = "discover" ]; then arp -a -n echo -e "$OKGREEN + -- ----------------------------=[Running Port Discovery Scan]=------------- -- +$RESET" unicornscan -p $DEFAULT_PORTS $TARGET 2>/dev/null | awk '{print $6}' | sort -u >> $LOOT_DIR/domains/sniper-ips.txt - sort -u $LOOT_DIR/domains/sniper_ips.txt > $LOOT_DIR/domains/sniper-ips.txt + sort -u $LOOT_DIR/domains/sniper-ips.txt > $LOOT_DIR/domains/sniper-ips.txt echo -e "$OKGREEN + -- ----------------------------=[Current Targets]=------------------------- -- +$RESET" cat $LOOT_DIR/domains/sniper-ips.txt echo -e "$OKGREEN + -- ----------------------------=[Launching Sn1per Scans]=------------------ -- +$RESET" @@ -732,6 +732,7 @@ port_512=`grep 'portid="512"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_513=`grep 'portid="513"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_514=`grep 'portid="514"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_623=`grep 'portid="623"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` +port_624=`grep 'portid="624"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_1099=`grep 'portid="1099"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_1433=`grep 'portid="1433"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_1524=`grep 'portid="1524"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` @@ -1184,6 +1185,15 @@ else nmap -A -sV -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 623 $TARGET fi +if [ -z "$port_624" ]; +then + echo -e "$OKRED + -- --=[Port 624 closed... skipping.$RESET" +else + echo -e "$OKORANGE + -- --=[Port 624 opened... running tests...$RESET" + amap $TARGET 624 -A + nmap -A -sV -T5 --script=/usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse -p 624 $TARGET +fi + if [ -z "$port_1099" ]; then echo -e "$OKRED + -- --=[Port 1099 closed... skipping.$RESET"