Sn1per v1.4 by 1N3@CrowdShield

2015-12-25 10:05:21 -05:00
parent 6bf6263350
commit 8c071deddd
4 changed files with 78 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-+ -- --=[Sn1per v1.4f by 1N3
+ -- --=[Sn1per v1.4g by 1N3
 + -- --=[http://crowdshield.com
 
 # Sn1per - Automated Pentest Recon Scanner
@@ -29,6 +29,9 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 https://goo.gl/96LCAg

 ## CHANGELOG:
+* v1.4g - Added finger enumeration scripts
+* v1.4g - Fixed nmap -p 445 target issue
+* v1.4g - Fixed smtp-enum target issue
 * v1.4f - Fixed BruteX directory bug
 * v1.4e - Fixed reported errors install.sh
 * v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
--- a/bin/fingertool.sh
+++ b/bin/fingertool.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# fingertool - This script will enumerate users using finger
+# SECFORCE - Antonio Quina
+
+if [ $# -eq 0 ]
+	then
+		echo "Usage: $0 <IP> [<WORDLIST>]"
+		echo "eg: $0 10.10.10.10 users.txt"
+		exit
+	else
+		IP="$1"
+fi
+
+if [ "$2" == "" ]
+	then
+		WORDLIST="/usr/share/metasploit-framework/data/wordlists/unix_users.txt"
+	else
+		WORDLIST="$2"
+fi
+
+
+for username in $(cat $WORDLIST | sort -u| uniq)
+	do output=$(finger -l $username@$IP)
+	if [[ $output == *"Directory"* ]]
+		then
+			echo "Found user: $username"
+	fi
+	done
+
+echo "Finished!"
--- a/loot/README.md
+++ b/loot/README.md
@@ -1,4 +1,4 @@
-+ -- --=[Sn1per v1.4e by 1N3
+ -- --=[Sn1per v1.4g by 1N3
 + -- --=[http://crowdshield.com
 
 # Sn1per - Automated Pentest Recon Scanner
@@ -29,6 +29,10 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 https://goo.gl/96LCAg

 ## CHANGELOG:
+* v1.4g - Added finger enumeration scripts
+* v1.4g - Fixed nmap -p 445 target issue
+* v1.4g - Fixed smtp-enum target issue
+* v1.4f - Fixed BruteX directory bug
 * v1.4e - Fixed reported errors install.sh
 * v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
 * v1.4d - Fixed missing rake gem install dependency
--- a/49
+++ b/49
@@ -77,6 +77,7 @@ dnsrecon -d $TARGET -t zonewalk
 dnsrecon -d quora.com -t axfr
 dnsenum $TARGET -f BruteX/namelist.txt
 mv -f *_ips.txt loot/ 2>/dev/null
+shodan host $TARGET
 echo ""
 echo -e "$OKGREEN################################### Pinging host ###################################$RESET"
 ping -c 1 $TARGET
@@ -91,12 +92,14 @@ port_22=`grep 'portid="22"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_23=`grep 'portid="23"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_25=`grep 'portid="25"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_53=`grep 'portid="53"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
+port_79=`grep 'portid="79"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_80=`grep 'portid="80"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_110=`grep 'portid="110"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_111=`grep 'portid="111"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_135=`grep 'portid="135"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_139=`grep 'portid="139"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_162=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
+port_389=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_443=`grep 'portid="443"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_445=`grep 'portid="445"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_512=`grep 'portid="512"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
@@ -151,8 +154,9 @@ then
 	echo -e "$OKRED+ -- --=[Port 25 closed... skipping.$RESET"
 else
 	echo -e "$OKGREEN+ -- --=[Port 25 opened... running tests...$RESET"
-	nmap -sV --script=smtp* -p 25 192.168.1.113	
+	nmap -sV --script=smtp* -p 25 $TARGET
 	smtp-user-enum -M VRFY -U $USER_FILE -t $TARGET
+	msfconsole -x "use scanner/smtp/smtp_enum; set RHOSTS "$TARGET"; run;" 
 fi

 if [ -z "$port_53" ]
@@ -160,7 +164,16 @@ then
 	echo -e "$OKRED+ -- --=[Port 53 closed... skipping.$RESET"
 else
 	echo -e "$OKGREEN+ -- --=[Port 53 opened... running tests...$RESET"
-	nmap -sV --script=dns* -p 25 192.168.1.113	
+	nmap -sV --script=dns* -p $TARGET	
+fi
+
+if [ -z "$port_79" ]
+then
+	echo -e "$OKRED+ -- --=[Port 79 closed... skipping.$RESET"
+else
+	echo -e "$OKGREEN+ -- --=[Port 79 opened... running tests...$RESET"
+	nmap -sV --script=finger* -p 79 $TARGET
+	bin/fingertool.sh $TARGET BruteX/simple-users.txt
 fi

 if [ -z "$port_80" ]
@@ -281,6 +294,14 @@ else
 	nmap -p 162 --script=snmp* $TARGET
 fi

+if [ -z "$port_389" ]
+then
+	echo -e "$OKRED+ -- --=[Port 389 closed... skipping.$RESET"
+else
+	echo -e "$OKGREEN+ -- --=[Port 389 opened... running tests...$RESET"
+	nmap -p 389 --script=ldap* $TARGET
+fi
+
 if [ -z "$port_443" ]
 then
 	echo -e "$OKRED+ -- --=[Port 443 closed... skipping.$RESET"
@@ -363,7 +384,7 @@ else
 	enum4linux $TARGET
 	python $SAMRDUMP $TARGET
 	nbtscan $TARGET
-	nmap --script=/usr/share/nmap/scripts/smb-check-vulns.nse --script=/usr/share/nmap/scripts/smb-os-discovery.nse --script=/usr/share/nmap/scripts/smb-enum-domains.nse --script=/usr/share/nmap/scripts/smb-server-stats.nse --script=/usr/share/nmap/scripts/smb-ls.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-054.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-061.nse --script=/usr/share/nmap/scripts/smb-system-info.nse --script=/usr/share/nmap/scripts/smb-enum-shares.nse --script=/usr/share/nmap/scripts/smb-enum-users.nse --script=/usr/share/nmap/scripts/smbv2-enabled.nse --script=/usr/share/nmap/scripts/smb-mbenum.nse --script-args=unsafe=1 -p 139 $TARGET
+	nmap --script=/usr/share/nmap/scripts/smb-check-vulns.nse --script=/usr/share/nmap/scripts/smb-os-discovery.nse --script=/usr/share/nmap/scripts/smb-enum-domains.nse --script=/usr/share/nmap/scripts/smb-server-stats.nse --script=/usr/share/nmap/scripts/smb-ls.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-054.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-061.nse --script=/usr/share/nmap/scripts/smb-system-info.nse --script=/usr/share/nmap/scripts/smb-enum-shares.nse --script=/usr/share/nmap/scripts/smb-enum-users.nse --script=/usr/share/nmap/scripts/smbv2-enabled.nse --script=/usr/share/nmap/scripts/smb-mbenum.nse --script-args=unsafe=1 -p 445 $TARGET
 fi

 if [ -z "$port_512" ]
@@ -398,6 +419,17 @@ else
 	amap -A $TARGET 1524
 fi

+if [ -z "$port_2049" ]
+then
+	echo -e "$OKRED+ -- --=[Port 2049 closed... skipping.$RESET"
+else
+	echo -e "$OKGREEN+ -- --=[Port 2049 opened... running tests...$RESET"
+	nmap -sV --script=nfs* -p 2049 $TARGET
+	rpcinfo -p $TARGET
+	showmount -e $TARGET
+	smbclient -L $TARGET -U " "%" "
+fi
+
 if [ -z "$port_2121" ]
 then
 	echo -e "$OKRED+ -- --=[Port 2121 closed... skipping.$RESET"
@@ -512,6 +544,7 @@ else
 	cd ..
 	nikto -h http://$TARGET:8080 
 	nmap -p 8080 --script=*proxy* $TARGET
+	
 fi

 if [ -z "$port_8180" ]
@@ -559,18 +592,14 @@ else
 fi

 echo -e "$OKGREEN################################### Running Brute Force #############################$RESET"
-cd BruteX/
+cd yasuo
+ruby yasuo.rb -r $TARGET -b all
+cd ../BruteX
 ./brutex $TARGET
 rm -f hydra.restore
 mv loot/* ../loot/
 cd ..
 echo ""
 rm -f scan.log
-echo -e "$OKGREEN################################### Running 3rd Party Extensions ####################$RESET"
-cd Breach-Miner
-python breachminer.py $TARGET
-cd ..
-cd yasuo
-ruby yasuo.rb -r $TARGET -b all
 echo -e "$OKGREEN################################### Done! ###########################################$RESET"
 exit 0