Sn1per by 1N3@CrowdShield
This commit is contained in:
root
@@ -1,4 +1,6 @@
|
||||
## CHANGELOG:
|
||||
* v2.2d - Added MongoDB checks
|
||||
* v2.2d - Improved NMap scanning options
|
||||
* v2.2c - Added CouchDB checks
|
||||
* v2.2c - Updated Sub-domain takeover list
|
||||
* v2.2b - Added fullportonly mode to do exclusive full port scans
|
||||
|
||||
133
CHANGELOG.md~
Normal file
133
CHANGELOG.md~
Normal file
@@ -0,0 +1,133 @@
|
||||
## CHANGELOG:
|
||||
* v2.2c - Added CouchDB checks
|
||||
* v2.2c - Updated Sub-domain takeover list
|
||||
* v2.2b - Added fullportonly mode to do exclusive full port scans
|
||||
* v2.2b - Fixed minor issue with Metasploit Pro not starting
|
||||
* v2.2b - Fixed minor issue with sniper loot command
|
||||
* v2.2a - Fixed minor issue with loot function
|
||||
* v2.2 - Added auto Metasploit Pro & Zenmap GUI integration
|
||||
* v2.2 - Added Sn1per workspaces to loot directory
|
||||
* v2.1d - Added crt.sh sub-domain check
|
||||
* v2.1d - Removed blank screenshots from loot directory
|
||||
* v2.1c - Fixed issue with install.sh install directories
|
||||
* v2.1b - Added automatic Metasploit NMap xml imports for loot directory
|
||||
* v2.1b - Removed Zenmap
|
||||
* v2.1a - Separated Arachni reports for port 80/443/tcp
|
||||
* v2.1a - Fixed NMap full port scan options
|
||||
* v2.1 - Added Arachni with auto HTML web reporting (web mode only)
|
||||
* v2.1 - Added full NMap detailed port scans
|
||||
* v2.1 - Added port 4443/tcp checks
|
||||
* v2.1 - Added META tag scans for web apps
|
||||
* v2.1 - Removed Uniscan from web mode
|
||||
* v2.1 - Removed SQLMap from web mode
|
||||
* v2.0b - Added help option --help
|
||||
* v2.0a - Fixed issue with ssh-audit
|
||||
* v2.0a - Fixed issue with 'discover' mode
|
||||
* v2.0 - Updated sub-domain takeover list
|
||||
* v2.0 - Improved scan performance for stealth, airstrike and discover modes
|
||||
* v2.0 - Removed jexboss due to clear screen issue with output
|
||||
* v2.0 - Auto loot directory sorting for all tools
|
||||
* v2.0 - Updated install.sh package list
|
||||
* v1.9c - Enabled BruteX automated brute force attacks
|
||||
* v1.9b - Fixed MSSQL port 1433/tcp port scan check (@hacktrack)
|
||||
* v1.9a - Removed testssl script from stealth mode scans
|
||||
* v1.9 - Added Ubuntu docker image for Sn1per (@menzow)
|
||||
* v1.9 - Added automatic loot directory sorting for all modes
|
||||
* v1.9 - Added MSSQL port 1433/tcp checks
|
||||
* v1.9 - Added SNMP port 162/tcp checks (@hexageek)
|
||||
* v1.9 - Added nslookup to install.sh
|
||||
* v1.9 - Fixed install.sh dependency duplicates
|
||||
* v1.8c - Added -A option to all NMap port scans
|
||||
* v1.8c - Fixed install.sh permission issue
|
||||
* v1.8c - Fixed install.sh cleanup options
|
||||
* v1.8c - Added ssh-audit
|
||||
* v1.8c - Added install directory (/usr/share/sniper/) to install script for universal access
|
||||
* v1.8c - Fixed issue with Metasploit SSH scans
|
||||
* v1.8c - Added auto-update to install.sh to automatically pull latest github release
|
||||
* v1.8b - Fixed bug with NMap UDP scan options
|
||||
* v1.8b - Fixed install.sh dependencies
|
||||
* v1.8b - Fixed jexboss options
|
||||
* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
|
||||
* v1.8 - Added sub-domain hijack scans for all sub-domains
|
||||
* v1.8 - Added auto explort of all sub-domains to /domains directory
|
||||
* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
|
||||
* v1.8 - Fixed issue with theHarvester not working with google
|
||||
* v1.7g - Added email security/spoofing checks
|
||||
* v1.7f - Added Zenmap XML auto-imports
|
||||
* v1.7f - Added ClamAV RCE Nmap script
|
||||
* v1.7e - Fixed minor issue with airstrike and nuke mode
|
||||
* v1.7e - Fixed minor issues with discover mode
|
||||
* v1.7e - Added minor cosmetic improvements to reports
|
||||
* v1.7e - Disabled automatic brute forcing by default
|
||||
* v1.7e - Added automatic brute force setting in script vars
|
||||
* v1.7d - Added sslyze
|
||||
* v1.7d - Added 'discover' mode for full subnet scans
|
||||
* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
|
||||
* v1.7c - Added plain text reporting
|
||||
* v1.7c - Improved loot directory structure and sorting
|
||||
* v1.7b - Fixed issue with airstrike mode not scanning correctly
|
||||
* v1.7b - Improved passive recon performance
|
||||
* v1.7a - Improved NMap http scan performance
|
||||
* v1.7a - Removed joomscan due to verbosity issues
|
||||
* v1.7 - Added uniscan web vulnerability scanner
|
||||
* v1.7 - Added joomscan Joomla scanner
|
||||
* v1.7 - Improved web scan performance
|
||||
* v1.7 - Fixed issue with inurlbr output
|
||||
* v1.7 - Added remote desktop viewing for RDP connections
|
||||
* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
|
||||
* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
|
||||
* v1.6e - Improved SMB scan performance/optimization added
|
||||
* v1.6d - Improved NMap scan performance options
|
||||
* v1.6d - Added xprobe2 OS finger printing tool
|
||||
* v1.6d - Added jexbos JBoss autopwn
|
||||
* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
|
||||
* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
|
||||
* v1.6c - Add report mode for web scans
|
||||
* v1.6c - Fixed issues with Sublist3r and theharvester
|
||||
* v1.6c - Added Shocker Shellshock exploitation scanner
|
||||
* v1.6b - Added Sublist3r sub-domain brute tool
|
||||
* v1.6b - Added cutycapt web screenshot util
|
||||
* v1.6a - Added improvements to recon phase
|
||||
* v1.6a - Fixed small issue with 3rd party extension
|
||||
* v1.6a - Various improvements to overall optimization of scans
|
||||
* v1.6a - Added new "web" mode for full web application scans
|
||||
* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
|
||||
* v1.6 - Added Java de-serialization scanner
|
||||
* v1.6 - Added reporting option to output to console and text file for all scans
|
||||
* v1.6 - Added option to set Sn1per full path for universal command line access
|
||||
* v1.6 - Added in DirBuster for web file brute forcing
|
||||
* v1.6 - Fixed issue with sderr errors in TheHarvester
|
||||
* v1.5e - Removed shodan command line tool due to issues
|
||||
* v1.5e - Fixed wafwoof installation in kali 2.0
|
||||
* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
|
||||
* v1.5c - Fixed issue which broke link to sniper directory
|
||||
* v1.5b - Added Squid Proxy checks port 3128/tcp
|
||||
* v1.5b - Fixed shodan setup options in install.sh
|
||||
* v1.5b - Fixed syntax error with theHarvester in install.sh
|
||||
* v1.5a - Fixed syntax error with port 8081 checks
|
||||
* v1.5a - Added Arachni integration
|
||||
* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
|
||||
* v1.5 - Added Metasploit scan and auto-exploit modules
|
||||
* v1.5 - Added additional port checks
|
||||
* v1.5 - Added full TCP/UDP NMap XML output
|
||||
* v1.5 - Auto tune scan for either IP or hostname/domain
|
||||
* v1.4h - Added auto IP/domain name scan configurations
|
||||
* v1.4g - Added finger enumeration scripts
|
||||
* v1.4g - Fixed nmap -p 445 target issue
|
||||
* v1.4g - Fixed smtp-enum target issue
|
||||
* v1.4f - Fixed BruteX directory bug
|
||||
* v1.4e - Fixed reported errors install.sh
|
||||
* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
|
||||
* v1.4d - Fixed missing rake gem install dependency
|
||||
* v1.4c - Reordered 3rd party extensions
|
||||
* v1.4b - Fixed install.sh executable references
|
||||
* v1.4b - Fixed Yasou dependencies in install.sh
|
||||
* v1.4b - Fixed minor issues with BruteX loot directory
|
||||
* v1.4 - Added Yasou for automatic web form brute forcing
|
||||
* v1.4 - Added MassBleed for SSL vulnerability detection
|
||||
* v1.4 - Added Breach-Miner for detection of breached accounts
|
||||
* v1.4 - Fixed minor errors with nmap
|
||||
* v1.4 - Removed debug output from goohak from displaying on console
|
||||
|
||||
## FUTURE:
|
||||
* Add auto logging and reporting to all scans
|
||||
49
sniper
49
sniper
@@ -46,6 +46,7 @@ USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"
|
||||
PASS_FILE="/usr/share/brutex/wordlists/password.lst"
|
||||
DNS_FILE="/usr/share/brutex/wordlists/namelist.txt"
|
||||
SUPER_MICRO_SCAN="/usr/share/sniper/plugins/SuperMicro-Password-Scanner/supermicro_scan.sh"
|
||||
DEFAULT_PORTS="21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049"
|
||||
THREADS="30"
|
||||
OKBLUE='\033[94m'
|
||||
OKRED='\033[91m'
|
||||
@@ -229,7 +230,7 @@ if [ "$MODE" = "discover" ]; then
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Checking ARP Cache]=---------------------- -- +$RESET"
|
||||
arp -a -n
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Running Port Discovery Scan]=------------- -- +$RESET"
|
||||
unicornscan $TARGET -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
|
||||
unicornscan $TARGET -p $DEFAULT_PORTS 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Current Targets]=------------------------- -- +$RESET"
|
||||
cat $LOOT_DIR/domains/sniper-ips.txt
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Launching Sn1per Scans]=------------------ -- +$RESET"
|
||||
@@ -335,9 +336,7 @@ if [ "$MODE" = "stealth" ]; then
|
||||
fi
|
||||
echo ""
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
|
||||
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
|
||||
nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
|
||||
nmap -sS -T5 --open -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
|
||||
|
||||
port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
@@ -482,7 +481,7 @@ if [ "$MODE" = "airstrike" ]; then
|
||||
fi
|
||||
echo ""
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Running port scan]=------------------- -- +$RESET"
|
||||
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a -oX $LOOT_DIR/nmap/nmap-$a.xml
|
||||
nmap -sS -T5 --open -p $DEFAULT_PORTS $a -oX $LOOT_DIR/nmap/nmap-$a.xml
|
||||
|
||||
port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
|
||||
port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
|
||||
@@ -658,9 +657,7 @@ ping -c 1 $TARGET
|
||||
echo ""
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
|
||||
if [ -z "$OPT1" ]; then
|
||||
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
|
||||
echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
|
||||
nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
|
||||
nmap -sS -T5 --open -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
|
||||
elif [ "$OPT1" == "web" ]; then
|
||||
nmap -sV -T5 -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
|
||||
else
|
||||
@@ -715,6 +712,10 @@ port_8180=`grep 'portid="8180"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_8443=`grep 'portid="8443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_8888=`grep 'portid="8888"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_10000=`grep 'portid="10000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_27017=`grep 'portid="27017"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_27018=`grep 'portid="27018"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_27019=`grep 'portid="27019"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_28017=`grep 'portid="28017"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
|
||||
|
||||
if [ -z "$port_21" ];
|
||||
@@ -1381,6 +1382,38 @@ else
|
||||
msfconsole -x "use auxiliary/admin/webmin/file_disclosure; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
|
||||
fi
|
||||
|
||||
if [ -z "$port_27017" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 27017 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 27017 opened... running tests...$RESET"
|
||||
nmap -p 27017 -T5 --script=mongodb* $TARGET
|
||||
fi
|
||||
|
||||
if [ -z "$port_27018" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 27018 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 27018 opened... running tests...$RESET"
|
||||
nmap -p 27018 -T5 --script=mongodb* $TARGET
|
||||
fi
|
||||
|
||||
if [ -z "$port_27019" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 27019 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 27019 opened... running tests...$RESET"
|
||||
nmap -p 27019 -T5 --script=mongodb* $TARGET
|
||||
fi
|
||||
|
||||
if [ -z "$port_28017" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 28017 closed... skipping.$RESET"
|
||||
else
|
||||
echo -e "$OKORANGE + -- --=[Port 28017 opened... running tests...$RESET"
|
||||
nmap -p 28017 -T5 --script=mongodb* $TARGET
|
||||
fi
|
||||
|
||||
if [ -z "$port_49152" ];
|
||||
then
|
||||
echo -e "$OKRED + -- --=[Port 49152 closed... skipping.$RESET"
|
||||
|
||||
Reference in New Issue
Block a user