BitMaster/Sn1per
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: BitMaster:v1.8c
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a
..
compare: BitMaster:v1.9
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a

10 Commits
v1.8c ... v1.9

Author SHA1 Message Date
root
d57859c833 Sn1per by 1N3@CrowdShield 2016-08-24 11:42:56 -04:00
root
5dc1231d1f Sn1per by 1N3@CrowdShield 2016-08-24 11:40:59 -04:00
root
2aa19dc194 Merge branch 'master' of https://github.com/1N3/Sniper 2016-08-24 11:36:02 -04:00
root
c28930822f Sn1per by 1N3@CrowdShield 2016-08-24 10:50:42 -04:00
1N3
7ae4c283fc Delete README.md~ 2016-08-21 15:43:10 -07:00
root
a8b96424ce Sn1per by 1N3@CrowdShield 2016-08-21 18:40:24 -04:00
root
948a2632d5 Sn1per by 1N3@CrowdShield 2016-08-21 18:32:54 -04:00
root
71a1c79989 Sn1per by 1N3@CrowdShield 2016-08-21 18:29:51 -04:00
1N3
709c33856e Merge pull request #44 from hexageek/patch-1 
Added SNMP port 162/tcp checks
 2016-08-21 15:14:03 -07:00
hexageek
c7d887115b Update sniper 2016-08-22 00:10:56 +02:00
5 changed files with 216 additions and 118 deletions
Expand all files Collapse all files

101
CHANGELOG.md Normal file
View File

@@ -0,0 +1,101 @@
## CHANGELOG:
* v1.9 - Added Ubuntu docker image for Sn1per (@menzow)
* v1.9 - Added automatic loot directory sorting for all modes
* v1.9 - Added MSSQL port 1433/tcp checks
* v1.9 - Added SNMP port 162/tcp checks (@hexageek)
* v1.9 - Added nslookup to install.sh
* v1.9 - Fixed install.sh dependency duplicates
* v1.8c - Added -A option to all NMap port scans
* v1.8c - Fixed install.sh permission issue
* v1.8c - Fixed install.sh cleanup options
* v1.8c - Added ssh-audit
* v1.8c - Added install directory (/usr/share/sniper/) to install script for universal access
* v1.8c - Fixed issue with Metasploit SSH scans
* v1.8c - Added auto-update to install.sh to automatically pull latest github release
* v1.8b - Fixed bug with NMap UDP scan options
* v1.8b - Fixed install.sh dependencies
* v1.8b - Fixed jexboss options
* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
* v1.8 - Added sub-domain hijack scans for all sub-domains
* v1.8 - Added auto explort of all sub-domains to /domains directory
* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
* v1.8 - Fixed issue with theHarvester not working with google
* v1.7g - Added email security/spoofing checks
* v1.7f - Added Zenmap XML auto-imports
* v1.7f - Added ClamAV RCE Nmap script
* v1.7e - Fixed minor issue with airstrike and nuke mode
* v1.7e - Fixed minor issues with discover mode
* v1.7e - Added minor cosmetic improvements to reports
* v1.7e - Disabled automatic brute forcing by default
* v1.7e - Added automatic brute force setting in script vars
* v1.7d - Added sslyze
* v1.7d - Added 'discover' mode for full subnet scans
* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
* v1.7c - Added plain text reporting
* v1.7c - Improved loot directory structure and sorting
* v1.7b - Fixed issue with airstrike mode not scanning correctly
* v1.7b - Improved passive recon performance
* v1.7a - Improved NMap http scan performance
* v1.7a - Removed joomscan due to verbosity issues
* v1.7 - Added uniscan web vulnerability scanner
* v1.7 - Added joomscan Joomla scanner
* v1.7 - Improved web scan performance
* v1.7 - Fixed issue with inurlbr output
* v1.7 - Added remote desktop viewing for RDP connections
* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
* v1.6e - Improved SMB scan performance/optimization added
* v1.6d - Improved NMap scan performance options
* v1.6d - Added xprobe2 OS finger printing tool
* v1.6d - Added jexbos JBoss autopwn
* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
* v1.6c - Add report mode for web scans
* v1.6c - Fixed issues with Sublist3r and theharvester
* v1.6c - Added Shocker Shellshock exploitation scanner
* v1.6b - Added Sublist3r sub-domain brute tool
* v1.6b - Added cutycapt web screenshot util
* v1.6a - Added improvements to recon phase
* v1.6a - Fixed small issue with 3rd party extension
* v1.6a - Various improvements to overall optimization of scans
* v1.6a - Added new "web" mode for full web application scans
* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
* v1.6 - Added Java de-serialization scanner
* v1.6 - Added reporting option to output to console and text file for all scans
* v1.6 - Added option to set Sn1per full path for universal command line access
* v1.6 - Added in DirBuster for web file brute forcing
* v1.6 - Fixed issue with sderr errors in TheHarvester
* v1.5e - Removed shodan command line tool due to issues
* v1.5e - Fixed wafwoof installation in kali 2.0
* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
* v1.5c - Fixed issue which broke link to sniper directory
* v1.5b - Added Squid Proxy checks port 3128/tcp
* v1.5b - Fixed shodan setup options in install.sh
* v1.5b - Fixed syntax error with theHarvester in install.sh
* v1.5a - Fixed syntax error with port 8081 checks
* v1.5a - Added Arachni integration
* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
* v1.5 - Added Metasploit scan and auto-exploit modules
* v1.5 - Added additional port checks
* v1.5 - Added full TCP/UDP NMap XML output
* v1.5 - Auto tune scan for either IP or hostname/domain
* v1.4h - Added auto IP/domain name scan configurations
* v1.4g - Added finger enumeration scripts
* v1.4g - Fixed nmap -p 445 target issue
* v1.4g - Fixed smtp-enum target issue
* v1.4f - Fixed BruteX directory bug
* v1.4e - Fixed reported errors install.sh
* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
* v1.4d - Fixed missing rake gem install dependency
* v1.4c - Reordered 3rd party extensions
* v1.4b - Fixed install.sh executable references
* v1.4b - Fixed Yasou dependencies in install.sh
* v1.4b - Fixed minor issues with BruteX loot directory
* v1.4 - Added Yasou for automatic web form brute forcing
* v1.4 - Added MassBleed for SSL vulnerability detection
* v1.4 - Added Breach-Miner for detection of breached accounts
* v1.4 - Fixed minor errors with nmap
* v1.4 - Removed debug output from goohak from displaying on console
## FUTURE:
* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)

137
README.md
View File

@@ -1,9 +1,11 @@
# Sn1per - Automated Pentest Recon Scanner
![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.png)
## ABOUT:
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
## DEMO VIDEO:
[![Sn1per Demo](https://img.youtube.com/vi/nA_V_u3QZA4/0.jpg)](https://www.youtube.com/watch?v=nA_V_u3QZA4)
## FEATURES:
* Automatically collects basic recon (ie. whois, ping, DNS, etc.)
* Automatically launches Google hacking queries against a target domain
@@ -18,9 +20,23 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
* Performs high level enumeration of multiple hosts
* Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
## INSTALL:
## KALI LINUX INSTALL:
```
./install.sh - Installs all dependencies OR upgrades existing Sn1per installations. Best run from Kali Linux.
./install.sh
```
## DOCKER INSTALL:
Docker Install:
https://github.com/menzow/sn1per-docker
Docker Build:
https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/
Example usage:
```
$ docker pull menzo/sn1per-docker
$ docker run --rm -ti menzo/sn1per-docker sniper menzo.io
```
## USAGE:
@@ -37,113 +53,16 @@ sniper loot
```
### MODES:
* REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
* STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
* DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
* PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
* WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
* NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
* AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
* NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
* LOOT: Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type 'sniper loot'.
* **REPORT:** Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
* **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
* **DISCOVER:** Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
* **PORT:** Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
* **WEB:** Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
* **NOBRUTE:** Launches a full scan against a target host/domain without brute forcing services.
* **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
* **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
* **LOOT:** Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type 'sniper loot'.
## SAMPLE REPORT:
```
https://gist.github.com/1N3/8214ec2da2c91691bcbc
```
## CHANGELOG:
* v1.8c - Added -A option to all NMap port scans
* v1.8c - Fixed install.sh permission issue
* v1.8c - Fixed install.sh cleanup options
* v1.8c - Added ssh-audit
* v1.8c - Added install directory (/usr/share/sniper/) to install script for universal access
* v1.8c - Fixed issue with Metasploit SSH scans
* v1.8c - Added auto-update to install.sh to automatically pull latest github release
* v1.8b - Fixed bug with NMap UDP scan options
* v1.8b - Fixed install.sh dependencies
* v1.8b - Fixed jexboss options
* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy)
* v1.8 - Added sub-domain hijack scans for all sub-domains
* v1.8 - Added auto explort of all sub-domains to /domains directory
* v1.8 - Added additional stealth and airstrike checks for port 80 and 443
* v1.8 - Fixed issue with theHarvester not working with google
* v1.7g - Added email security/spoofing checks
* v1.7f - Added Zenmap XML auto-imports
* v1.7f - Added ClamAV RCE Nmap script
* v1.7e - Fixed minor issue with airstrike and nuke mode
* v1.7e - Fixed minor issues with discover mode
* v1.7e - Added minor cosmetic improvements to reports
* v1.7e - Disabled automatic brute forcing by default
* v1.7e - Added automatic brute force setting in script vars
* v1.7d - Added sslyze
* v1.7d - Added 'discover' mode for full subnet scans
* v1.7d - Added verbosity to scan tasks to separate sub-tasks better
* v1.7c - Added plain text reporting
* v1.7c - Improved loot directory structure and sorting
* v1.7b - Fixed issue with airstrike mode not scanning correctly
* v1.7b - Improved passive recon performance
* v1.7a - Improved NMap http scan performance
* v1.7a - Removed joomscan due to verbosity issues
* v1.7 - Added uniscan web vulnerability scanner
* v1.7 - Added joomscan Joomla scanner
* v1.7 - Improved web scan performance
* v1.7 - Fixed issue with inurlbr output
* v1.7 - Added remote desktop viewing for RDP connections
* v1.7 - Added experimental Metasploit exploit for Apache Struts RCE (CVE-2016-3081)
* v1.6e - Added reporting option for nobrute mode (CC. @mero01)
* v1.6e - Improved SMB scan performance/optimization added
* v1.6d - Improved NMap scan performance options
* v1.6d - Added xprobe2 OS finger printing tool
* v1.6d - Added jexbos JBoss autopwn
* v1.6d - Merged fix for theharvester package (CC. @RubenRocha)
* v1.6d - Merged fix for SuperMicroScanner (CC. @mero01)
* v1.6c - Add report mode for web scans
* v1.6c - Fixed issues with Sublist3r and theharvester
* v1.6c - Added Shocker Shellshock exploitation scanner
* v1.6b - Added Sublist3r sub-domain brute tool
* v1.6b - Added cutycapt web screenshot util
* v1.6a - Added improvements to recon phase
* v1.6a - Fixed small issue with 3rd party extension
* v1.6a - Various improvements to overall optimization of scans
* v1.6a - Added new "web" mode for full web application scans
* v1.6 - Added 4 new modes including: stealth, port, airstrike and nuke
* v1.6 - Added Java de-serialization scanner
* v1.6 - Added reporting option to output to console and text file for all scans
* v1.6 - Added option to set Sn1per full path for universal command line access
* v1.6 - Added in DirBuster for web file brute forcing
* v1.6 - Fixed issue with sderr errors in TheHarvester
* v1.5e - Removed shodan command line tool due to issues
* v1.5e - Fixed wafwoof installation in kali 2.0
* v1.5d - Fixed minor issues with port 513/tmp and 514/tcp checks
* v1.5c - Fixed issue which broke link to sniper directory
* v1.5b - Added Squid Proxy checks port 3128/tcp
* v1.5b - Fixed shodan setup options in install.sh
* v1.5b - Fixed syntax error with theHarvester in install.sh
* v1.5a - Fixed syntax error with port 8081 checks
* v1.5a - Added Arachni integration
* v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
* v1.5 - Added Metasploit scan and auto-exploit modules
* v1.5 - Added additional port checks
* v1.5 - Added full TCP/UDP NMap XML output
* v1.5 - Auto tune scan for either IP or hostname/domain
* v1.4h - Added auto IP/domain name scan configurations
* v1.4g - Added finger enumeration scripts
* v1.4g - Fixed nmap -p 445 target issue
* v1.4g - Fixed smtp-enum target issue
* v1.4f - Fixed BruteX directory bug
* v1.4e - Fixed reported errors install.sh
* v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
* v1.4d - Fixed missing rake gem install dependency
* v1.4c - Reordered 3rd party extensions
* v1.4b - Fixed install.sh executable references
* v1.4b - Fixed Yasou dependencies in install.sh
* v1.4b - Fixed minor issues with BruteX loot directory
* v1.4 - Added Yasou for automatic web form brute forcing
* v1.4 - Added MassBleed for SSL vulnerability detection
* v1.4 - Added Breach-Miner for detection of breached accounts
* v1.4 - Fixed minor errors with nmap
* v1.4 - Removed debug output from goohak from displaying on console
## FUTURE:
* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)

BIN
Sn1per-logo.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 474 KiB

After

Width:  |  Height:  |  Size: 68 KiB

4
install.sh
View File

@@ -29,7 +29,7 @@ cp -Rf $PWD/* $INSTALL_DIR
cd $INSTALL_DIR
echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
apt-get install dos2unix zenmap sslyze joomscan uniscan xprobe2 cutycapt unicornscan waffit host whois arachni theharvester dnsenum dirb dnsrecon curl nmap php5 php5-curl wapiti hydra iceweasel wpscan sqlmap arachni w3af golismero nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb python nbtscan sslscan amap
apt-get install ruby nslookup rubygems python dos2unix zenmap sslyze uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php5 php5-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
pip install dnspython colorama tldextract urllib3 ipaddress
echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
@@ -37,7 +37,7 @@ gem install rake
gem install ruby-nmap net-http-persistent mechanize text-table
echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ CrackMapExec/ serializekiller/
rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/
echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET"
git clone https://github.com/1N3/Findsploit.git

92
sniper
View File

@@ -1,5 +1,5 @@
#!/bin/bash
# + -- --=[Sn1per v1.8 by 1N3
# + -- --=[Sn1per v1.9 by 1N3
# + -- --=[http://crowdshield.com
#
# Sn1per - Automated Pentest Recon Tool
@@ -69,7 +69,7 @@ if [ -z $TARGET ]; then
echo -e "$OKRED /_/ $RESET"
echo -e ""
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3$RESET"
echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3$RESET"
echo -e "$OKORANGE + -- --=[Usage: sn1per <target>$RESET"
echo ""
exit
@@ -160,6 +160,21 @@ fi
if [ "$MODE" = "web" ]; then
if [ "$OPT1" = "report" ]; then
./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
cd $PWD/loot/
echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
mkdir reports/ -p 2> /dev/null
echo -e "$OKORANGE + -- --=[Generating reports..."
for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
mv $PWD/report-* $PWD/reports/ 2> /dev/null
mkdir $PWD/screenshots/ -p 2> /dev/null
mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
mkdir $PWD/nmap -p 2> /dev/null
mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
mkdir $PWD/domains -p 2> /dev/null
mv $PWD/domains-* $PWD/domains/ 2> /dev/null
mkdir $PWD/output -p 2> /dev/null
mv $PWD/sniper-* $PWD/output 2> /dev/null
rm -f $PWD/.fuse_* 2> /dev/null
exit
fi
fi
@@ -177,7 +192,7 @@ if [ "$MODE" = "stealth" ]; then
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3"
echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
echo -e "$OKRED "
echo -e "$OKRED ./\."
echo -e "$OKRED ./ '\."
@@ -253,6 +268,21 @@ if [ "$MODE" = "stealth" ]; then
cutycapt --url=https://$TARGET --out=loot/$TARGET-port443.jpg
echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$TARGET-port443.jpg"
echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
cd $PWD/loot/
echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
mkdir reports/ -p 2> /dev/null
echo -e "$OKORANGE + -- --=[Generating reports..."
for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
mv $PWD/report-* $PWD/reports/ 2> /dev/null
mkdir $PWD/screenshots/ -p 2> /dev/null
mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
mkdir $PWD/nmap -p 2> /dev/null
mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
mkdir $PWD/domains -p 2> /dev/null
mv $PWD/domains-* $PWD/domains/ 2> /dev/null
mkdir $PWD/output -p 2> /dev/null
mv $PWD/sniper-* $PWD/output 2> /dev/null
rm -f $PWD/.fuse_* 2> /dev/null
exit
fi
@@ -269,7 +299,7 @@ if [ "$MODE" = "airstrike" ]; then
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3"
echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
for a in `cat $TARGET`;
do
@@ -350,6 +380,21 @@ if [ "$MODE" = "airstrike" ]; then
cutycapt --url=https://$a --out=loot/$a-port443.jpg
echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$a-port443.jpg"
echo -e "$OKGREEN + -- ----------------------------=[Done!]=----------------------------------- -- +$RESET"
cd $PWD/loot/
echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
mkdir reports/ -p 2> /dev/null
echo -e "$OKORANGE + -- --=[Generating reports..."
for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
mv $PWD/report-* $PWD/reports/ 2> /dev/null
mkdir $PWD/screenshots/ -p 2> /dev/null
mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
mkdir $PWD/nmap -p 2> /dev/null
mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
mkdir $PWD/domains -p 2> /dev/null
mv $PWD/domains-* $PWD/domains/ 2> /dev/null
mkdir $PWD/output -p 2> /dev/null
mv $PWD/sniper-* $PWD/output 2> /dev/null
rm -f $PWD/.fuse_* 2> /dev/null
echo -e ""
echo -e ""
echo -e ""
@@ -425,7 +470,7 @@ echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sn1per v1.8 by 1N3"
echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
echo -e "$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Running Nslookup]=------------------------ -- +$RESET"
nslookup $TARGET
@@ -482,6 +527,7 @@ port_110=`grep 'portid="110"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_111=`grep 'portid="111"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_135=`grep 'portid="135"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_139=`grep 'portid="139"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_161=`grep 'portid="161"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_162=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_389=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_443=`grep 'portid="443"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
@@ -490,6 +536,7 @@ port_512=`grep 'portid="512"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_513=`grep 'portid="513"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_514=`grep 'portid="514"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_1099=`grep 'portid="1099"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_1433=`grep 'portid="1099"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_1524=`grep 'portid="1524"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_2049=`grep 'portid="2049"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
port_2121=`grep 'portid="2121"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
@@ -715,12 +762,21 @@ else
msfconsole -x "use auxiliary/scanner/smb/pipe_auditor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; exit;"
fi
if [ -z "$port_161" ];
then
echo -e "$OKRED + -- --=[Port 161 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 161 opened... running tests...$RESET"
for a in `cat BruteX/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
nmap -sU -p 161 --script=snmp* $TARGET
fi
if [ -z "$port_162" ];
then
echo -e "$OKRED + -- --=[Port 162 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 162 opened... running tests...$RESET"
for a in `cat BruteX/wordlists/snmp-community-strings.txt`; do snmpwalk $TARGET -c $a; done;
for a in `cat BruteX/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
nmap -A -p 162 --script=snmp* $TARGET
fi
@@ -882,6 +938,14 @@ else
amap $TARGET 514 -A
fi
if [ -z "$port_1433" ];
then
echo -e "$OKRED + -- --=[Port 1433 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 1433 opened... running tests...$RESET"
nmap -A -sV -T5 --script=mssql* -p 1433 $TARGET
fi
if [ -z "$port_2049" ];
then
echo -e "$OKRED + -- --=[Port 2049 closed... skipping.$RESET"
@@ -1142,6 +1206,20 @@ else
echo ""
rm -f scan.log
fi
./sniper loot
cd $PWD/loot/
echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
mkdir reports/ -p 2> /dev/null
echo -e "$OKORANGE + -- --=[Generating reports..."
for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
mv $PWD/report-* $PWD/reports/ 2> /dev/null
mkdir $PWD/screenshots/ -p 2> /dev/null
mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
mkdir $PWD/nmap -p 2> /dev/null
mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
mkdir $PWD/domains -p 2> /dev/null
mv $PWD/domains-* $PWD/domains/ 2> /dev/null
mkdir $PWD/output -p 2> /dev/null
mv $PWD/sniper-* $PWD/output 2> /dev/null
rm -f $PWD/.fuse_* 2> /dev/null
echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
exit 0