* v8.7 - Updated web file bruteforce lists
* v8.7 - Added updated Slack API integration/notifications * v8.7 - Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers
This commit is contained in:
@xer0dayz
@@ -1,6 +1,6 @@
|
||||
AUTHOR='@xer0dayz'
|
||||
VULN_NAME='Apache Solr Detected'
|
||||
URI='/'
|
||||
URI=''
|
||||
METHOD='GET'
|
||||
MATCH="Solr\ Admin"
|
||||
SEVERITY='P5 - INFO'
|
||||
|
||||
@@ -4,6 +4,6 @@ URI="/extdirect"
|
||||
METHOD='POST'
|
||||
MATCH="1787569"
|
||||
SEVERITY='P1 - CRITICAL'
|
||||
CURL_OPTS="--user-agent '' -s --insecure -L --data \"{\"action\":\"coreui_User\",\"method\":\"update\",\"data\":[{\"userId\":\"anonymous\",\"version\":\"1\",\"firstName\:\"Anonymous\",\"lastName\":\"User2\",\"email\":\"anonymous@example.org\",\"status\":\"active\",\"roles\":[\"$\\c{1337*1337\"]}],\"type\":\"rpc\",\"tid\":28}'\"
|
||||
CURL_OPTS='--user-agent '' -s --insecure -L --data \'{"action":"coreui_User","method":"update","data":[{"userId":"anonymous","version":"1","firstName":"Anonymous","lastName":"User2","email":"anonymous@example.org","status":"active","roles":["$\\c{1337*1337"]}],"type":"rpc","tid":28}\'
|
||||
SECONDARY_COMMANDS=''
|
||||
GREP_OPTIONS='-i'
|
||||
@@ -7,6 +7,6 @@ TYPE="network"
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME | awk -v AWK_TARGET="$TARGET" '$5=AWK_TARGET{print "P3 - MEDIUM, Components with Known Vulnerabilities - NMap, " $5 ", " $2 " " $3 " " $4}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$5=AWK_TARGET{print "P3 - MEDIUM, Components with Known Vulnerabilities - NMap, " $5 ", " $2 " " $3 " " $4}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
@@ -9,5 +9,5 @@ OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
TYPE='network'
|
||||
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g")" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g")" 2> /dev/null | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
|
||||
rm -f /tmp/match.out 2> /dev/null
|
||||
|
||||
@@ -5,10 +5,10 @@ OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
TYPE="network"
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
grep Critical $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P1 - CRITICAL, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep High $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P2 - HIGH, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep Medium $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P3 - MEDIUM, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep Low $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P4 - LOW, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep None $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P5 - INFO, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' | grep -v "None" >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep Critical $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P1 - CRITICAL, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep High $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P2 - HIGH, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep Medium $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P3 - MEDIUM, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep Low $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P4 - LOW, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
grep None $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P5 - INFO, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' | grep -v "None" 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
@@ -4,15 +4,15 @@ FILENAME="$LOOT_DIR/web/arachni-$TARGET-webscan-http.txt"
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
rm -f /tmp/report.txt
|
||||
touch /tmp/report.txt
|
||||
rm -f /tmp/report.txt 2> /dev/null
|
||||
touch /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
cat $FILENAME | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' | tr -d '"' > /tmp/out
|
||||
cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null
|
||||
|
||||
# DELETE FIRST LINE
|
||||
sed -i '1d' /tmp/out
|
||||
sed -i '1d' /tmp/out 2> /dev/null
|
||||
|
||||
cat /tmp/out | while read line; do
|
||||
cat /tmp/out 2> /dev/null | while read line; do
|
||||
x=$(( x+1 ))
|
||||
if [ $x -eq "1" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt
|
||||
@@ -35,5 +35,5 @@ cat /tmp/out | while read line; do
|
||||
x=0
|
||||
fi
|
||||
done
|
||||
cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
@@ -4,15 +4,15 @@ FILENAME="$LOOT_DIR/web/arachni-$TARGET-webscan-https.txt"
|
||||
OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
rm -f /tmp/report.txt
|
||||
touch /tmp/report.txt
|
||||
rm -f /tmp/report.txt 2> /dev/null
|
||||
touch /tmp/report.txt 2> /dev/null
|
||||
x=0
|
||||
cat $FILENAME | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' | tr -d '"' > /tmp/out
|
||||
cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null
|
||||
|
||||
# DELETE FIRST LINE
|
||||
sed -i '1d' /tmp/out
|
||||
sed -i '1d' /tmp/out 2> /dev/null
|
||||
|
||||
cat /tmp/out | while read line; do
|
||||
cat /tmp/out 2> /dev/null | while read line; do
|
||||
x=$(( x+1 ))
|
||||
if [ $x -eq "1" ]; then
|
||||
echo "$line," | tr -d '\n' >> /tmp/report.txt
|
||||
@@ -35,5 +35,5 @@ cat /tmp/out | while read line; do
|
||||
x=0
|
||||
fi
|
||||
done
|
||||
cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
@@ -7,6 +7,6 @@ GREP_OPTIONS='-ih'
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
@@ -7,6 +7,6 @@ GREP_OPTIONS='-ih'
|
||||
|
||||
rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTPS, https://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt
|
||||
cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
|
||||
Reference in New Issue
Block a user