diff --git a/templates/active/Apache_Solr_Scanner.sh b/templates/active/Apache_Solr_Scanner.sh index b8250c8..63890ed 100644 --- a/templates/active/Apache_Solr_Scanner.sh +++ b/templates/active/Apache_Solr_Scanner.sh @@ -1,6 +1,6 @@ AUTHOR='@xer0dayz' VULN_NAME='Apache Solr Detected' -URI='/' +URI='' METHOD='GET' MATCH="Solr\ Admin" SEVERITY='P5 - INFO' diff --git a/templates/active/CVE-2020-10204_-_Sonatype_Nexus_Repository_RCE.sh b/templates/active/CVE-2020-10204_-_Sonatype_Nexus_Repository_RCE.sh index 019e6af..0cdba95 100644 --- a/templates/active/CVE-2020-10204_-_Sonatype_Nexus_Repository_RCE.sh +++ b/templates/active/CVE-2020-10204_-_Sonatype_Nexus_Repository_RCE.sh @@ -4,6 +4,6 @@ URI="/extdirect" METHOD='POST' MATCH="1787569" SEVERITY='P1 - CRITICAL' -CURL_OPTS="--user-agent '' -s --insecure -L --data \"{\"action\":\"coreui_User\",\"method\":\"update\",\"data\":[{\"userId\":\"anonymous\",\"version\":\"1\",\"firstName\:\"Anonymous\",\"lastName\":\"User2\",\"email\":\"anonymous@example.org\",\"status\":\"active\",\"roles\":[\"$\\c{1337*1337\"]}],\"type\":\"rpc\",\"tid\":28}'\" +CURL_OPTS='--user-agent '' -s --insecure -L --data \'{"action":"coreui_User","method":"update","data":[{"userId":"anonymous","version":"1","firstName":"Anonymous","lastName":"User2","email":"anonymous@example.org","status":"active","roles":["$\\c{1337*1337"]}],"type":"rpc","tid":28}\' SECONDARY_COMMANDS='' GREP_OPTIONS='-i' \ No newline at end of file diff --git a/templates/passive/network/recursive/Component_With_Known_Vulnerabilities_-_NMap.sh b/templates/passive/network/recursive/Component_With_Known_Vulnerabilities_-_NMap.sh index a0c156c..d3941af 100644 --- a/templates/passive/network/recursive/Component_With_Known_Vulnerabilities_-_NMap.sh +++ b/templates/passive/network/recursive/Component_With_Known_Vulnerabilities_-_NMap.sh @@ -7,6 +7,6 @@ TYPE="network" rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -egrep "$GREP_OPTIONS" "$MATCH" $FILENAME | awk -v AWK_TARGET="$TARGET" '$5=AWK_TARGET{print "P3 - MEDIUM, Components with Known Vulnerabilities - NMap, " $5 ", " $2 " " $3 " " $4}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$5=AWK_TARGET{print "P3 - MEDIUM, Components with Known Vulnerabilities - NMap, " $5 ", " $2 " " $3 " " $4}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt \ No newline at end of file +cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null \ No newline at end of file diff --git a/templates/passive/network/recursive/Interesting_Ports_Found.sh b/templates/passive/network/recursive/Interesting_Ports_Found.sh index d674234..a47d1af 100644 --- a/templates/passive/network/recursive/Interesting_Ports_Found.sh +++ b/templates/passive/network/recursive/Interesting_Ports_Found.sh @@ -9,5 +9,5 @@ OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g') TYPE='network' rm -f /tmp/match.out 2> /dev/null -cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/ /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null +cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/ /dev/null | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[xerosecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null rm -f /tmp/match.out 2> /dev/null diff --git a/templates/passive/network/recursive/Nessus_Import.sh b/templates/passive/network/recursive/Nessus_Import.sh index 1221ce3..c755a58 100644 --- a/templates/passive/network/recursive/Nessus_Import.sh +++ b/templates/passive/network/recursive/Nessus_Import.sh @@ -5,10 +5,10 @@ OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g') TYPE="network" rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -grep Critical $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P1 - CRITICAL, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -grep High $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P2 - HIGH, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -grep Medium $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P3 - MEDIUM, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -grep Low $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P4 - LOW, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -grep None $FILENAME | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P5 - INFO, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' | grep -v "None" >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +grep Critical $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P1 - CRITICAL, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +grep High $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P2 - HIGH, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +grep Medium $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P3 - MEDIUM, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +grep Low $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P4 - LOW, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +grep None $FILENAME 2> /dev/null | egrep "tcp|udp" | cut -d, -f4,5,6,7,8,9 | tr \" " " | tr \, " " | sort -u | awk -F ' ' '{print "P5 - INFO, " $5 ", " $2 ":" $4 ", " $6}' | grep -v 'was found to be open' | grep -v "None" 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt \ No newline at end of file +cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null \ No newline at end of file diff --git a/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTP.sh b/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTP.sh index 049124a..8a8f89e 100644 --- a/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTP.sh +++ b/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTP.sh @@ -4,15 +4,15 @@ FILENAME="$LOOT_DIR/web/arachni-$TARGET-webscan-http.txt" OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g') rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -rm -f /tmp/report.txt -touch /tmp/report.txt +rm -f /tmp/report.txt 2> /dev/null +touch /tmp/report.txt 2> /dev/null x=0 -cat $FILENAME | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' | tr -d '"' > /tmp/out +cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null # DELETE FIRST LINE -sed -i '1d' /tmp/out +sed -i '1d' /tmp/out 2> /dev/null -cat /tmp/out | while read line; do +cat /tmp/out 2> /dev/null | while read line; do x=$(( x+1 )) if [ $x -eq "1" ]; then echo "$line," | tr -d '\n' >> /tmp/report.txt @@ -35,5 +35,5 @@ cat /tmp/out | while read line; do x=0 fi done -cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt \ No newline at end of file +cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null \ No newline at end of file diff --git a/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTPS.sh b/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTPS.sh index 8786ede..eb0665a 100644 --- a/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTPS.sh +++ b/templates/passive/web/recursive/Arachni_Vulnerability_Scan_-_HTTPS.sh @@ -4,15 +4,15 @@ FILENAME="$LOOT_DIR/web/arachni-$TARGET-webscan-https.txt" OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g') rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -rm -f /tmp/report.txt -touch /tmp/report.txt +rm -f /tmp/report.txt 2> /dev/null +touch /tmp/report.txt 2> /dev/null x=0 -cat $FILENAME | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' | tr -d '"' > /tmp/out +cat $FILENAME 2> /dev/null | egrep 'Proof\:|URL\:|Severity\:|\[\+\]\ \[' | sed 's/\n//g' | awk '{print $3 " " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15}' 2> /dev/null | tr -d '"' > /tmp/out 2> /dev/null # DELETE FIRST LINE -sed -i '1d' /tmp/out +sed -i '1d' /tmp/out 2> /dev/null -cat /tmp/out | while read line; do +cat /tmp/out 2> /dev/null | while read line; do x=$(( x+1 )) if [ $x -eq "1" ]; then echo "$line," | tr -d '\n' >> /tmp/report.txt @@ -35,5 +35,5 @@ cat /tmp/out | while read line; do x=0 fi done -cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt -cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt \ No newline at end of file +cat /tmp/report.txt | awk -F',' '{print $2 ", " $1 ", " $3 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null \ No newline at end of file diff --git a/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTP.sh b/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTP.sh index 12cfa81..69e7fc6 100644 --- a/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTP.sh +++ b/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTP.sh @@ -7,6 +7,6 @@ GREP_OPTIONS='-ih' rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -egrep "$GREP_OPTIONS" "$MATCH" $FILENAME | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt \ No newline at end of file +cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null \ No newline at end of file diff --git a/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTPS.sh b/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTPS.sh index c570ba5..c59dc93 100644 --- a/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTPS.sh +++ b/templates/passive/web/recursive/Nikto_Vulnerability_Scan-HTTPS.sh @@ -7,6 +7,6 @@ GREP_OPTIONS='-ih' rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -egrep "$GREP_OPTIONS" "$MATCH" $FILENAME | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTPS, https://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20}' >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt +egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | grep -v "Target\ " | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nikto Vulnerability Scan - HTTP, http://" $50 ", " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8" " $9 " " $10 " " $11 " " $12" " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null -cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt \ No newline at end of file +cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null \ No newline at end of file