Sn1per by 1N3@CrowdShield

CHANGELOG.md

@@ -1,4 +1,13 @@
 ## CHANGELOG:
+* v2.2 - Added auto Metasploit Pro & Zenmap GUI integration
+* v2.2 - Added Sn1per workspaces to loot directory
+* v2.1d - Added crt.sh sub-domain check
+* v2.1d - Removed blank screenshots from loot directory
+* v2.1c - Fixed issue with install.sh install directories
+* v2.1b - Added automatic Metasploit NMap xml imports for loot directory
+* v2.1b - Removed Zenmap
+* v2.1a - Separated Arachni reports for port 80/443/tcp
+* v2.1a - Fixed NMap full port scan options
 * v2.1 - Added Arachni with auto HTML web reporting (web mode only)
 * v2.1 - Added full NMap detailed port scans
 * v2.1 - Added port 4443/tcp checks
@@ -115,4 +124,4 @@
 * v1.4 - Removed debug output from goohak from displaying on console
 
 ## FUTURE:
-* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)
+* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.)

README.md

@@ -19,6 +19,8 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 * Automatically exploit remote hosts to gain remote shell access
 * Performs high level enumeration of multiple hosts
 * Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
+* Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
+* Create individual workspaces to store all scan output
 
 ## KALI LINUX INSTALL:
 ```
@@ -61,7 +63,7 @@ sniper loot
 * **NOBRUTE:** Launches a full scan against a target host/domain without brute forcing services.
 * **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
 * **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
-* **LOOT:** Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type 'sniper loot'.
+* **LOOT:** Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type 'sniper loot'.
 
 ## SAMPLE REPORT:
 https://gist.github.com/1N3/8214ec2da2c91691bcbc

install.sh

@@ -19,12 +19,19 @@ echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
 echo ""
 
 INSTALL_DIR=/usr/share/sniper
+LOOT_DIR=/usr/share/sniper/loot
 PLUGINS_DIR=/usr/share/sniper/plugins
 
 echo -e "$OKGREEN + -- --=[This script will install sniper under $INSTALL_DIR. Are you sure you want to continue?$RESET"
 read answer 
 
 mkdir -p $INSTALL_DIR 2> /dev/null
+mkdir -p $LOOT_DIR 2> /dev/null
+mkdir $LOOT_DIR/domains 2> /dev/null
+mkdir $LOOT_DIR/screenshots 2> /dev/null
+mkdir $LOOT_DIR/nmap 2> /dev/null
+mkdir $LOOT_DIR/reports 2> /dev/null
+mkdir $LOOT_DIR/output 2> /dev/null
 cp -Rf $PWD/* $INSTALL_DIR 
 cd $INSTALL_DIR
 
@@ -38,7 +45,7 @@ gem install ruby-nmap net-http-persistent mechanize text-table
 
 echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
 rm -Rf Findsploit/ BruteX/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/ testssl.sh/ SimpleEmailSpoofer/ ssh-audit/ plugins/ 2> /dev/null
-mkdir /usr/share/sniper/plugins/
+mkdir $PLUGINS_DIR
 cd $PLUGINS_DIR
 
 echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET"

sniper

@@ -1,5 +1,5 @@
 #!/bin/bash
-# + -- --=[Sn1per v2.0 by 1N3 
+# + -- --=[Sn1per v2.2 by 1N3 
 # + -- --=[http://crowdshield.com
 #
 # Sn1per - Automated Pentest Recon Tool
@@ -20,15 +20,15 @@
 # ./install.sh - Installs all dependencies. Best run from Kali Linux. 
 #
 # USAGE:
-# ./sniper <target>
-# ./sniper <target> <report>
-# ./sniper <CIDR> discover <report>
-# ./sniper <target> stealth <report>
-# ./sniper <target> port <portnum>
-# ./sniper <target> web <report>
-# ./sniper <targets.txt> airstrike <report>
-# ./sniper <targets.txt> nuke <report>
-# ./sniper loot
+# sniper <target>
+# sniper <target> <report>
+# sniper <CIDR> discover <report>
+# sniper <target> stealth <report>
+# sniper <target> port <portnum>
+# sniper <target> web <report>
+# sniper <targets.txt> airstrike <report>
+# sniper <targets.txt> nuke <report>
+# sniper loot
 #
 
 TARGET="$1"
@@ -71,8 +71,12 @@ function loot {
 	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
 	echo -e "$OKRED               /_/                 $RESET"
 	echo ""
+	echo -e "$OKORANGE + -- --=[Current workspaces..."
 	cd $LOOT_DIR
-	echo -e "$OKORANGE + -- --=[Sorting loot directory ($LOOT_DIR)"
+	ls -lh $LOOT_DIR/workspace/
+	echo -e "$OKORANGE + -- --=[Enter a name for the workspace:"
+	read WORKSPACE
+	mkdir -p $LOOT_DIR/workspace/$WORKSPACE 2> /dev/null
 	echo -e "$OKORANGE + -- --=[Generating reports..."
 	for a in `ls sniper-*.txt 2>/dev/null`; 
 	do 
@@ -80,10 +84,44 @@ function loot {
 		sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a >> $LOOT_DIR/reports/$a
 		mv $a $LOOT_DIR/output/
 	done
+	echo -e "$OKORANGE + -- --=[Removing blank web screenshots..."
+	find /usr/share/sniper/loot/screenshots/ -size -10k -exec rm -f {} \; 2> /dev/null
 	rm -f $LOOT_DIR/.fuse_* 2> /dev/null
-	echo -e "$OKORANGE + -- --=[Opening loot directory..."
-	iceweasel $LOOT_DIR &> /dev/null &
-	zenmap -f $LOOT_DIR/nmap/ &> /dev/null &
+	echo -e "$OKORANGE + -- --=[Starting Metasploit service..."
+	/etc/init.d/metasploit start 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Importing NMap XML files into Metasploit..."
+	msfconsole -x "workspace -a $WORKSPACE; workspace $WORKSPACE; db_import $LOOT_DIR/nmap/nmap*.xml; hosts; services; exit;"
+	echo -e "$OKORANGE + -- --=[Copying loot to workspace: $WORKSPACE..."
+	cp -Rf $LOOT_DIR/screenshots/ $LOOT_DIR/workspace/$WORKSPACE/screenshots/ 2> /dev/null
+	cp -Rf $LOOT_DIR/nmap/ $LOOT_DIR/workspace/$WORKSPACE/nmap/ 2> /dev/null
+	cp -Rf $LOOT_DIR/domains/ $LOOT_DIR/workspace/$WORKSPACE/domains/ 2> /dev/null
+	cp -Rf $LOOT_DIR/output/ $LOOT_DIR/workspace/$WORKSPACE/output/ 2> /dev/null
+	cp -Rf $LOOT_DIR/reports/ $LOOT_DIR/workspace/$WORKSPACE/reports/ 2> /dev/null
+	cp -Rf $LOOT_DIR/imports/ $LOOT_DIR/workspace/$WORKSPACE/imports/ 2> /dev/null
+	cp -Rf $LOOT_DIR/notes/ $LOOT_DIR/workspace/$WORKSPACE/notes/ 2> /dev/null
+	cp -Rf $LOOT_DIR/web/ $LOOT_DIR/workspace/$WORKSPACE/web/ 2> /dev/null
+	rm -Rf $LOOT_DIR/screenshots/ 2> /dev/null
+	rm -Rf $LOOT_DIR/nmap/ 2> /dev/null
+	rm -Rf $LOOT_DIR/domains/ 2> /dev/null
+	rm -Rf $LOOT_DIR/output/ 2> /dev/null
+	rm -Rf $LOOT_DIR/reports/ 2> /dev/null
+	rm -Rf $LOOT_DIR/imports/ 2> /dev/null
+	rm -Rf $LOOT_DIR/notes/ 2> /dev/null
+	rm -Rf $LOOT_DIR/web/ 2> /dev/null
+	mkdir $LOOT_DIR/screenshots/ -p 2> /dev/null
+	mkdir $LOOT_DIR/nmap -p 2> /dev/null
+	mkdir $LOOT_DIR/domains -p 2> /dev/null
+	mkdir $LOOT_DIR/output -p 2> /dev/null
+	mkdir $LOOT_DIR/reports -p 2> /dev/null
+	mkdir $LOOT_DIR/imports -p 2> /dev/null
+	mkdir $LOOT_DIR/notes -p 2> /dev/null
+	mkdir $LOOT_DIR/web -p 2> /dev/null
+	echo -e "$OKORANGE + -- --=[Opening workspace directory..."
+	iceweasel $LOOT_DIR/workspace/$WORKSPACE 2> /dev/null &
+	echo -e "$OKORANGE + -- --=[Launching Metasploit Pro Web UI..."
+	iceweasel http://localhost:3001/login 2> /dev/null &
+	echo -e "$OKORANGE + -- --=[Launching Zenmap..."
+	zenmap -f $LOOT_DIR/workspace/$WORKSPACE/nmap/ 2> /dev/null &
 	echo -e "$OKORANGE + -- --=[Done!"
 }
 
@@ -96,7 +134,7 @@ function help {
 	echo -e "$OKRED               /_/                 $RESET"
 	echo ""
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
-	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3$RESET"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3$RESET"
 	echo -e "$OKORANGE + -- --=[Usage:"
 	echo ""
 	echo ' [*] sniper <target> <report>'
@@ -133,8 +171,8 @@ if [ -z $TARGET ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e ""
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
-	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3$RESET"
-	echo -e "$OKORANGE + -- --=[Usage: sn1per <target>$RESET"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3$RESET"
+	echo -e "$OKORANGE + -- --=[Usage: sniper <target>$RESET"
 	echo ""
 	exit
 fi
@@ -220,7 +258,7 @@ if [ "$MODE" = "stealth" ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e "$RESET"
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3"
 	echo -e "$OKRED " 	
 	echo -e "$OKRED     ./\."
 	echo -e "$OKRED   ./    '\."
@@ -268,6 +306,19 @@ if [ "$MODE" = "stealth" ]; then
 		echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
 		python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
 		dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+		echo ""
+		echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
+		echo -e "$OKRED ║  ╠╦╝ ║ ╚═╗╠═╣$RESET"
+		echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
+		echo -e "$OKRED + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +$RESET"
+		echo -e "$OKBLUE"
+		curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
+		echo -e "$OKRED [+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-crt.txt"
+		cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null	
+		cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null	
+		sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
+		rm -f /tmp/curl.out 2> /dev/null	
+		echo -e "$RESET"
 		echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
 		for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot" 2>/dev/null; done;
 		echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
@@ -349,7 +400,7 @@ if [ "$MODE" = "airstrike" ]; then
 	echo -e "$OKRED               /_/                 $RESET"
 	echo -e "$RESET"
 	echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-	echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3"
+	echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3"
 
 	for a in `cat $TARGET`;
 	do
@@ -402,6 +453,19 @@ if [ "$MODE" = "airstrike" ]; then
 			echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
 			python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $a -vvv -o $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
 			dos2unix $LOOT_DIR/domains/domains-$a.txt 2>/dev/null
+			echo ""
+			echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
+			echo -e "$OKRED ║  ╠╦╝ ║ ╚═╗╠═╣$RESET"
+			echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
+			echo -e "$OKRED + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +$RESET"
+			echo -e "$OKBLUE"
+			curl -s https://crt.sh/?q=%25.$a > /tmp/curl.out && cat /tmp/curl.out | grep $a | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$a-crt.txt && cat $LOOT_DIR/domains/domains-$a-crt.txt
+			echo -e "$OKRED [+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-crt.txt"
+			cat $LOOT_DIR/domains/domains-$a-crt.txt > /tmp/curl.out 2> /dev/null	
+			cat $LOOT_DIR/domains/domains-$a.txt >> /tmp/curl.out 2> /dev/null	
+			sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$a-full.txt
+			rm -f /tmp/curl.out 2> /dev/null	
+			echo -e "$RESET"
 			echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
 			for b in `cat $LOOT_DIR/domains/domains-$a.txt 2> /dev/null`; do dig $b CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
 			echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
@@ -524,7 +588,7 @@ echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
 echo -e "$OKRED               /_/                 $RESET"
 echo -e "$RESET"
 echo -e "$OKORANGE + -- --=[http://crowdshield.com"
-echo -e "$OKORANGE + -- --=[sn1per v2.0 by 1N3"
+echo -e "$OKORANGE + -- --=[sn1per v2.2 by 1N3"
 echo -e "$RESET"
 echo -e "$OKGREEN + -- ----------------------------=[Running Nslookup]=------------------------ -- +$RESET"
 nslookup $TARGET
@@ -544,6 +608,19 @@ then
 	echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +$RESET"
 	python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
 	dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
+	echo ""
+	echo -e "$OKRED ╔═╗╦═╗╔╦╗╔═╗╦ ╦$RESET"
+	echo -e "$OKRED ║  ╠╦╝ ║ ╚═╗╠═╣$RESET"
+	echo -e "$OKRED ╚═╝╩╚═ ╩o╚═╝╩ ╩$RESET"
+	echo -e "$OKRED + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +$RESET"
+	echo -e "$OKBLUE"
+	curl -s https://crt.sh/?q=%25.$TARGET > /tmp/curl.out && cat /tmp/curl.out | grep $TARGET | grep TD | sed -e 's/<//g' | sed -e 's/>//g' | sed -e 's/TD//g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt && cat $LOOT_DIR/domains/domains-$TARGET-crt.txt
+	echo -e "$OKRED [+] Domains saved to: $LOOT_DIR/domains/domains-$TARGET-crt.txt"
+	cat $LOOT_DIR/domains/domains-$TARGET-crt.txt > /tmp/curl.out 2> /dev/null	
+	cat $LOOT_DIR/domains/domains-$TARGET.txt >> /tmp/curl.out 2> /dev/null	
+	sort -u /tmp/curl.out > $LOOT_DIR/domains/domains-$TARGET-full.txt
+	rm -f /tmp/curl.out 2> /dev/null	
+	echo -e "$RESET"
 	echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET"
 	for a in `cat $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null`; do dig $a CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done;
 	echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET"
@@ -758,15 +835,12 @@ else
 		echo ""
 		python $CMSMAP -t http://$TARGET/wordpress/
 		echo ""
-		#echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
-		#uniscan -u http://$TARGET -qweds
 		echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
-		mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null
-		arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives http://$TARGET
-		cd $INSTALL_DIR/loot/web/$TARGET/
-		arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip
-		unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip
-		$ARACHNI="1"
+		mkdir -p $INSTALL_DIR/loot/web/$TARGET-http/ 2> /dev/null
+		arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-http/ --output-only-positives http://$TARGET
+		cd $INSTALL_DIR/loot/web/$TARGET-http/
+		arachni_reporter $INSTALL_DIR/loot/web/$TARGET-http/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-http/arachni.zip
+		unzip $INSTALL_DIR/loot/web/$TARGET-http/arachni.zip
 		cd $INSTALL_DIR
 		echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
 		sqlmap -u "http://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a
@@ -945,18 +1019,16 @@ else
 		echo ""
 		python $CMSMAP -t https://$TARGET/wordpress/
 		echo ""
-		#echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET"
-		#uniscan -u https://$TARGET -qweds
 		if [ $ARACHNI == "1" ];
 		then
 			echo -e "$OKGREEN + -- ----------------------------=[Skipping Arachni Scan]=------------------- -- +$RESET"
 		else
 			echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
-			mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null
-			arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives https://$TARGET
-			cd $INSTALL_DIR/loot/web/$TARGET/
-			arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip
-			unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip
+			mkdir -p $INSTALL_DIR/loot/web/$TARGET-https/ 2> /dev/null
+			arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-https/ --output-only-positives https://$TARGET
+			cd $INSTALL_DIR/loot/web/$TARGET-https/
+			arachni_reporter $INSTALL_DIR/loot/web/$TARGET-https/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-https/arachni.zip
+			unzip $INSTALL_DIR/loot/web/$TARGET-https/arachni.zip
 			cd $INSTALL_DIR
 		fi
 		echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
@@ -1290,7 +1362,7 @@ if [ "$FULLNMAPSCAN" = "0" ]; then
 	echo -e "$OKGREEN + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +$RESET"
 else
 	echo -e "$OKGREEN + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +$RESET"
-	nmap -T5 -sV -sU -sT -A -O -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
+	nmap -T4 -sV -O -v -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
 fi
 
 if [ "$AUTOBRUTE" = "0" ]; then
@@ -1304,15 +1376,6 @@ else
 	echo ""
 fi
 
-cd $LOOT_DIR
-echo -e "$OKORANGE + -- --=[Sorting loot directory ($LOOT_DIR)"
-echo -e "$OKORANGE + -- --=[Generating reports..."
-for a in `ls sniper-*.txt 2>/dev/null`; 
-do 
-	echo "$a" > $LOOT_DIR/reports/$a
-	sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a >> $LOOT_DIR/reports/$a
-	mv $a $LOOT_DIR/output/
-done
 rm -f $LOOT_DIR/.fuse_* 2> /dev/null
 
 echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"