BitMaster/Sn1per
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: BitMaster:v2.0
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a
..
compare: BitMaster:v2.1
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a

3 Commits
v2.0 ... v2.1

Author SHA1 Message Date
root
24a24a65cd Sn1per by 1N3@CrowdShield 2016-10-27 11:22:10 -04:00
root
11d72969e3 Sn1per by 1N3@CrowdShield 2016-10-17 13:32:45 -04:00
root
0dd5ce9056 Sn1per by 1N3@CrowdShield 2016-10-14 16:20:42 -04:00
3 changed files with 171 additions and 40 deletions
Expand all files Collapse all files

9
CHANGELOG.md
View File

@@ -1,4 +1,13 @@
## CHANGELOG:
* v2.1 - Added Arachni with auto HTML web reporting (web mode only)
* v2.1 - Added full NMap detailed port scans
* v2.1 - Added port 4443/tcp checks
* v2.1 - Added META tag scans for web apps
* v2.1 - Removed Uniscan from web mode
* v2.1 - Removed SQLMap from web mode
* v2.0b - Added help option --help
* v2.0a - Fixed issue with ssh-audit
* v2.0a - Fixed issue with 'discover' mode
* v2.0 - Updated sub-domain takeover list
* v2.0 - Improved scan performance for stealth, airstrike and discover modes
* v2.0 - Removed jexboss due to clear screen issue with output

2
install.sh
View File

@@ -30,7 +30,7 @@ cd $INSTALL_DIR
echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
apt-get install ruby rubygems python dos2unix zenmap sslyze uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
pip install dnspython colorama tldextract urllib3 ipaddress
pip install dnspython colorama tldextract urllib3 ipaddress arachni
echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
gem install rake

200
sniper
View File

@@ -53,26 +53,15 @@ OKORANGE='\033[93m'
RESET='\e[0m'
REGEX='^[0-9]+$'
cd $INSTALL_DIR
# ENABLE/DISABLE AUTOMATIC BRUTE FORCE
# DEFAULT IS "1" (ENABLED)
AUTOBRUTE="1"
if [ -z $TARGET ]; then
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e ""
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3$RESET"
echo -e "$OKORANGE + -- --=[Usage: sn1per <target>$RESET"
echo ""
exit
fi
# ENABLE/DISABLE FULL DETAILED NMAP SCAN
# DEFAULT IS "1" (ENABLED)
FULLNMAPSCAN="1"
cd $INSTALL_DIR
function loot {
echo -e "$OKRED ____ $RESET"
@@ -98,6 +87,63 @@ function loot {
echo -e "$OKORANGE + -- --=[Done!"
}
function help {
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo ""
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3$RESET"
echo -e "$OKORANGE + -- --=[Usage:"
echo ""
echo ' [*] sniper <target> <report>'
echo ' [*] sniper <target> stealth <report>'
echo ' [*] sniper <CIDR> discover'
echo ' [*] sniper <target> port <portnum> '
echo ' [*] sniper <target> web <report>'
echo ' [*] sniper <target> nobrute <report>'
echo ' [*] sniper <targets.txt> airstrike <report>'
echo ' [*] sniper <targets.txt> nuke <report>'
echo ' [*] sniper loot'
echo ""
echo ' + -- --=[Modes:'
echo ''
echo ' + -- --=[REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append report to any sniper mode or command.'
echo ' + -- --=[STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking'
echo ' + -- --=[DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.'
echo ' + -- --=[PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.'
echo ' + -- --=[WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.'
echo ' + -- --=[NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.'
echo ' + -- --=[AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.'
echo ' + -- --=[NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.'
echo -e " + -- --=[LOOT: Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type sniper loot.$RESET"
echo ""
echo ""
}
if [ -z $TARGET ]; then
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e ""
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3$RESET"
echo -e "$OKORANGE + -- --=[Usage: sn1per <target>$RESET"
echo ""
exit
fi
if [[ $TARGET = "--help" ]]; then
help
exit
fi
if [[ ${TARGET:0:1} =~ $REGEX ]];
then
SCAN_TYPE="IP"
@@ -105,8 +151,6 @@ else
SCAN_TYPE="DOMAIN"
fi
#clear
if [ "$MODE" = "report" ]; then
sniper $TARGET | tee $LOOT_DIR/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
exit
@@ -138,7 +182,7 @@ if [ "$MODE" = "discover" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Checking ARP Cache]=---------------------- -- +$RESET"
arp -a -n
echo -e "$OKGREEN + -- ----------------------------=[Running Port Discovery Scan]=------------- -- +$RESET"
unicornscan $TARGET -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
unicornscan $TARGET -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152 2>/dev/null | awk '{print $6}' | sort -u > $LOOT_DIR/domains/sniper-ips.txt
echo -e "$OKGREEN + -- ----------------------------=[Current Targets]=------------------------- -- +$RESET"
cat $LOOT_DIR/domains/sniper-ips.txt
echo -e "$OKGREEN + -- ----------------------------=[Launching Sn1per Scans]=------------------ -- +$RESET"
@@ -220,18 +264,18 @@ if [ "$MODE" = "stealth" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
dig -x $TARGET
dnsenum $TARGET
mv -f *_ips.txt $LOOT_DIR/ 2>/dev/null
mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
python Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot" 2>/dev/null; done;
echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
python SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
fi
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
@@ -273,7 +317,21 @@ if [ "$MODE" = "stealth" ]; then
fi
echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
loot
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
echo -e ""
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
exit
fi
@@ -342,16 +400,16 @@ if [ "$MODE" = "airstrike" ]; then
dnsenum $a
mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
python Sublist3r/sublist3r.py -d $a -vvv -o $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $a -vvv -o $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
dos2unix $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
for b in `cat $LOOT_DIR/domains/domains-$a.txt 2> /dev/null`; do dig $b CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
python SimpleEmailSpoofer/spoofcheck.py $a 2>/dev/null
python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $a 2>/dev/null
fi
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running port scan]=------------------- -- +$RESET"
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a -oX $LOOT_DIR/nmap/nmap-$a.xml
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $a -oX $LOOT_DIR/nmap/nmap-$a.xml
port_80=`grep 'portid="80"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
port_443=`grep 'portid="443"' $LOOT_DIR/nmap/nmap-$a.xml | grep open`
@@ -391,7 +449,6 @@ if [ "$MODE" = "airstrike" ]; then
fi
echo -e "$OKGREEN + -- ----------------------------=[Done!]=----------------------------------- -- +$RESET"
loot
echo -e ""
echo -e ""
echo -e ""
@@ -483,14 +540,14 @@ then
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
dig -x $TARGET
dnsenum $TARGET
mv -f *_ips.txt $LOOT_DIR/ 2>/dev/null
mv -f *_ips.txt $LOOT_DIR/domains/ 2>/dev/null
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
python Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
python SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
python $PLUGINS_DIR/SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null
fi
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Pinging host]=---------------------------- -- +$RESET"
@@ -498,7 +555,7 @@ ping -c 1 $TARGET
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
if [ -z "$OPT1" ]; then
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
nmap -sS -T5 --open -p 21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,1099,1433,1524,2049,2121,3306,3310,3389,3632,4443,5432,5800,5900,6667,8000,8009,8080,8180,8443,8888,10000,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
echo -e "$OKGREEN + -- ----------------------------=[Running UDP port scan]=------------------- -- +$RESET"
nmap -sU -T5 --open -p U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049 $TARGET
elif [ "$OPT1" == "web" ]; then
@@ -542,6 +599,7 @@ port_3306=`grep 'portid="3306"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
port_3310=`grep 'portid="3310"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
port_3389=`grep 'portid="3389"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
port_3632=`grep 'portid="3632"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
port_4443=`grep 'portid="4443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
port_5800=`grep 'portid="5800"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
port_5900=`grep 'portid="5900"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open`
@@ -569,9 +627,9 @@ then
echo -e "$OKRED + -- --=[Port 22 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 22 opened... running tests...$RESET"
cd ssh-audit
cd $PLUGINS_DIR/ssh-audit
python ssh-audit.py $TARGET:22
cd ..
cd $INSTALL_DIR
nmap -A -sV -sC -T5 -p 22 --script=ssh-* $TARGET
msfconsole -x "use scanner/ssh/ssh_enumusers; setg USER_FILE "$USER_FILE"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; run; use scanner/ssh/ssh_identify_pubkeys; run; use scanner/ssh/ssh_version; run; exit;"
fi
@@ -642,6 +700,9 @@ else
echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X TRACE http://$TARGET | grep TRACE | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET | egrep -i meta --color=auto | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
curl -s --insecure -x http://$TARGET:80 -L http://crowdshield.com/.testing/openproxy.txt | tail -n 10
echo ""
@@ -697,8 +758,16 @@ else
echo ""
python $CMSMAP -t http://$TARGET/wordpress/
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
uniscan -u http://$TARGET -qweds
#echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
#uniscan -u http://$TARGET -qweds
echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null
arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives http://$TARGET
cd $INSTALL_DIR/loot/web/$TARGET/
arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip
unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip
$ARACHNI="1"
cd $INSTALL_DIR
echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
sqlmap -u "http://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
@@ -820,6 +889,9 @@ else
echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X TRACE https://$TARGET | grep TRACE
echo ""
echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET | egrep -i meta --color=auto | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
curl -x https://$TARGET:443 -L https://crowdshield.com/.testing/openproxy.txt -s --insecure | tail -n 10
echo ""
@@ -873,8 +945,20 @@ else
echo ""
python $CMSMAP -t https://$TARGET/wordpress/
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
uniscan -u https://$TARGET -qweds
#echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
#uniscan -u https://$TARGET -qweds
if [ $ARACHNI == "1" ];
then
echo -e "$OKGREEN + -- ----------------------------=[Skipping Arachni Scan]=------------------- -- +$RESET"
else
echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null
arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives https://$TARGET
cd $INSTALL_DIR/loot/web/$TARGET/
arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip
unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip
cd $INSTALL_DIR
fi
echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
sqlmap -u "https://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
@@ -1006,6 +1090,26 @@ else
msfconsole -x "setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; use unix/misc/distcc_exec; run; exit;"
fi
if [ -z "$port_8443" ];
then
echo -e "$OKRED + -- --=[Port 4443 closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port 4443 opened... running tests...$RESET"
wafw00f http://$TARGET:4443
echo ""
whatweb http://$TARGET:4443
echo ""
xsstracer $TARGET 4443
sslscan --no-failed $TARGET:4443
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET:4443
cd $PLUGINS_DIR/MassBleed
./massbleed $TARGET port 4443
cd $INSTALL_DIR
nikto -h https://$TARGET:4443
cutycapt --url=https://$TARGET:4443 --out=$LOOT_DIR/screenshots/$TARGET-port4443.jpg
nmap -A -p 4443 -T5 --script=*proxy* $TARGET
fi
if [ -z "$port_5432" ];
then
echo -e "$OKRED + -- --=[Port 5432 closed... skipping.$RESET"
@@ -1182,6 +1286,13 @@ cd $PLUGINS_DIR/yasuo
ruby yasuo.rb -r $TARGET -b all
cd $SNIPER_DIR
if [ "$FULLNMAPSCAN" = "0" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +$RESET"
else
echo -e "$OKGREEN + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +$RESET"
nmap -T5 -sV -sU -sT -A -O -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
fi
if [ "$AUTOBRUTE" = "0" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Skipping Brute Force]=-------------------- -- +$RESET"
else
@@ -1192,6 +1303,17 @@ else
rm -f scan.log
echo ""
fi
loot
cd $LOOT_DIR
echo -e "$OKORANGE + -- --=[Sorting loot directory ($LOOT_DIR)"
echo -e "$OKORANGE + -- --=[Generating reports..."
for a in `ls sniper-*.txt 2>/dev/null`;
do
echo "$a" > $LOOT_DIR/reports/$a
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a >> $LOOT_DIR/reports/$a
mv $a $LOOT_DIR/output/
done
rm -f $LOOT_DIR/.fuse_* 2> /dev/null
echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
exit 0