From d879e5027ca64400e841f7778c36a809e4b10b37 Mon Sep 17 00:00:00 2001
From: xer0dayz <1n3@hushmail.com>
Date: Thu, 13 Feb 2020 13:37:01 -0700
Subject: [PATCH] Sn1per Community Edition by @xer0dayz -
 https://xerosecurity.com

---
 CHANGELOG.md         |  4 ++++
 install.sh           | 11 ++++++++++-
 modes/masswebscan.sh |  2 +-
 sniper               | 16 +++++++++-------
 4 files changed, 24 insertions(+), 9 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 15d2ad3..307b653 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,8 @@
 ## CHANGELOG:
+* v8.2 - Fixed issue with Masswebscan mode not working
+* v8.2 - Added Rails file exposure exploit CVE-2019-5418
+* v8.2 - Updated wordlist selections to fingerprint common vulnerable applications
+* v8.2 - Added h8mail compromised credentials check to OSINT (-o) mode
 * v8.2 - Added Kali XFCE start menu app & icon
 * v8.2 - Added check with insecure SSL/TLS connections
 * v8.2 - Added NMAP_OPTIONS setting in ~/.sniper.conf to configure optional NMap settings
diff --git a/install.sh b/install.sh
index 656a9c2..1248312 100755
--- a/install.sh
+++ b/install.sh
@@ -29,7 +29,15 @@ if [[ "$1" != "force" ]]; then
 	read answer
 fi
 
+if [[ $EUID -ne 0 ]]; then
+   echo "This script must be run as root"
+   exit 1
+fi
+
 mkdir -p $INSTALL_DIR 2> /dev/null
+chmod 777 -Rf $INSTALL_DIR 2> /dev/null
+chown root $INSTALL_DIR/sniper 2> /dev/null
+chmod 4777 $INSTALL_DIR/sniper 2> /dev/null
 mkdir -p $LOOT_DIR 2> /dev/null
 mkdir $LOOT_DIR/domains 2> /dev/null
 mkdir $LOOT_DIR/screenshots 2> /dev/null
@@ -163,11 +171,12 @@ cd shodan-python
 python setup.py install
 cd ..
 pip3 install spyse.py
+pip install h8mail
 echo -e "$OKORANGE + -- --=[ Setting up environment...$RESET"
 mv ~/.sniper.conf ~/.sniper.conf.old 2> /dev/null
 cp $INSTALL_DIR/sniper.conf ~/.sniper.conf 2> /dev/null
 cd $PLUGINS_DIR/BlackWidow/ && bash install.sh force 2> /dev/null
-cd $PLUGINS_DIR/BruteX/ && bash install.sh force 2> /dev/null
+cd $PLUGINS_DIR/BruteX/ && bash install.sh 2> /dev/null
 cd $PLUGINS_DIR/Findsploit/ && bash install.sh 2> /dev/null
 cd $PLUGINS_DIR/spoofcheck/ && pip install -r requirements.txt 2> /dev/null
 cd $PLUGINS_DIR/CMSmap/ && pip3 install . && python3 setup.py install
diff --git a/modes/masswebscan.sh b/modes/masswebscan.sh
index fe7837e..71dbc85 100644
--- a/modes/masswebscan.sh
+++ b/modes/masswebscan.sh
@@ -1,5 +1,5 @@
 # MASSWEB MODE #####################################################################################################
-if [[ "$MODE" = "massweb" ]]; then
+if [[ "$MODE" = "masswebscan" ]]; then
   if [[ -z "$FILE" ]]; then
     logo
     echo "You need to specify a list of targets (ie. -f <targets.txt>) to scan."
diff --git a/sniper b/sniper
index 79499f0..6f279fc 100755
--- a/sniper
+++ b/sniper
@@ -66,16 +66,16 @@ function help {
   echo ' sniper -f targets.txt -m nuke -w <WORKSPACE_ALIAS>'
   echo ""
   echo ' [*] MASS PORT SCAN MODE'
-  echo ' sniper -f targets.txt -m massportscan'
+  echo ' sniper -f targets.txt -m massportscan -w <WORKSPACE_ALIAS>'
   echo ""
   echo ' [*] MASS WEB SCAN MODE'
-  echo ' sniper -f targets.txt -m massweb'
+  echo ' sniper -f targets.txt -m massweb -w <WORKSPACE_ALIAS>'
   echo ""
   echo ' [*] MASS WEBSCAN SCAN MODE'
-  echo ' sniper -f targets.txt -m masswebscan'
+  echo ' sniper -f targets.txt -m masswebscan -w <WORKSPACE_ALIAS>'
   echo ""
   echo ' [*] MASS VULN SCAN MODE'
-  echo ' sniper -f targets.txt -m massvulnscan'
+  echo ' sniper -f targets.txt -m massvulnscan -w <WORKSPACE_ALIAS>'
   echo ""
   echo ' [*] PORT SCAN MODE'
   echo ' sniper -t <TARGET> -m port -p <PORT_NUM>'
@@ -277,7 +277,7 @@ case $key in
     read ANS
     rm -Rf /usr/share/sniper/loot/workspace/$WORKSPACE/
     echo "Workspace /usr/share/sniper/loot/workspace/$WORKSPACE/ was removed."
-    sniper -w default --reimport 
+    sniper -w default --reimport
     exit
     shift # past argument
     ;;
@@ -289,7 +289,7 @@ case $key in
     rm -f $WORKSPACE_DIR/nmap/ports-$TARGET.txt 2> /dev/null
     rm -f $WORKSPACE_DIR/web/title-*-$TARGET.txt 2> /dev/null
     rm -f $WORKSPACE_DIR/web/headers-*-$TARGET.txt 2> /dev/null
-    sniper --reimportall -w $WORKSPACE 
+    sniper --reimportall -w $WORKSPACE
     exit
     shift # past argument
     ;;
@@ -362,7 +362,9 @@ function init {
   touch $LOOT_DIR/scans/scheduled/daily.sh 2> /dev/null
   touch $LOOT_DIR/scans/scheduled/weekly.sh 2> /dev/null
   touch $LOOT_DIR/scans/scheduled/monthly.sh 2> /dev/null
-  chmod 777 -Rf $LOOT_DIR 2> /dev/null
+  chmod 777 -Rf $INSTALL_DIR 2> /dev/null
+  chown root $INSTALL_DIR/sniper 2> /dev/null
+  chmod 4777 $INSTALL_DIR/sniper 2> /dev/null
   TARGET="$(echo $TARGET | sed 's/https:\/\///g' | sed 's/http:\/\///g')"
   service postgresql start
   msfdb start 2> /dev/null > /dev/null