Sn1per by 1N3CrowdShield

Blackarch support

CHANGELOG.md

@@ -1,4 +1,41 @@
 ## CHANGELOG:
+* v2.8 - Improved discovery mode scan performance and output
+* v2.8 - Improved fullportonly scan performance
+* v2.8 - Improved startup performance options
+* v2.8 - Added Cansina web/file brute force tool
+* v2.8 - Added webporthttp and webporthttps modes
+* v2.8 - Added custerd software enumeration tool
+* v2.7 - Fixed issue with sniper update command and install.sh not running
+* v2.7 - Fixed errors with GooHak
+* v2.7 - Fixed syntax errors in sniper conditional statements 
+* v2.7 - Added CloudFail 
+* v2.7 - Fixed issue with [: ==: unary operator expected errors
+* v2.6 - Added Blackarch Linux support 
+* v2.6 - Added $BROWSER variable to set default browser
+* v2.5g - Updated README with update command
+* v2.5f - Fixes for various bugs reported and fixed by @ifly53e (https://github.com/1N3/Sn1per/pull/89)
+* v2.5e - Fixed issue with port 3128/tcp checks (CC. @ifly53e)
+* v2.5d - Added searchsploit option for (-v) to search all terms (CC. @ifly53e)
+* v2.5c - Added various improvements to 'discover' mode scans
+* v2.5b - Removed NMap script checks for 'fullportonly' mode
+* v2.5a - Added auto-updates to check and download new versions
+* v2.5a - Fixed issue with install.sh to resolve pip aha error
+* v2.5a - Added libxml2-utils to install.sh to meet dependencies
+* v2.5 - Added HTML report generation via sniper 'loot' command
+* v2.5 - Added automatic NMap searchsploit integration to find exploits
+* v2.5 - Added various improvements to Sn1per discovery scan mode
+* v2.5 - Fixed issue with IIS BoF NMap script (CC. ifly53e)
+* v2.4f - Fixed issue with upper NMap port range(CC. DaveW)
+* v2.4e - Added NMap no ping switch to all scans
+* v2.4d - Fixed issue with rpcinfo install script
+* v2.4d - Fixed issue with Arachni install script
+* v2.4c - Added loot and $TARGET sanity checks (CC. @menzow)
+* v2.4b - Fixed issue with discovery scan output file (CC. @ifly53e)
+* v2.4b - Fixed issue with Intel AMT RCE port list
+* v2.4a - Added all NMap script checks via 'fullportonly' mode
+* v2.4a - Added JBoss JMX Console Beanshell Deployer WAR Upload and Deployment Metasploit exploit
+* v2.4a - Added Java RMI RCE NMap/Metasploit detection
+* v2.4a - Added INTEL-SA-00075 (Intel AMT) vulnerability NMap script
 * v2.4 - Added detection for open X11 servers
 * v2.4 - Added IIS6 Win2k3 RCE NMap script
 * v2.4 - Added option to disable Google Hacking queries via Firefox
@@ -145,6 +182,3 @@
 ## FUTURE:
 * Add auto logging and reporting to all scans
 * Add HTML reporting for scans
-* Add automated Wireless attacks to Sn1per
-* Add automated MITM attacks to Sn1per
-* Add web mode port option for customized web scans

README.md

@@ -9,17 +9,26 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 ## FEATURES:
 * Automatically collects basic recon (ie. whois, ping, DNS, etc.)
 * Automatically launches Google hacking queries against a target domain
-* Automatically enumerates open ports
-* Automatically brute forces sub-domains and DNS info
+* Automatically enumerates open ports via NMap port scanning
+* Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
 * Automatically checks for sub-domain hijacking
 * Automatically runs targeted NMap scripts against open ports
 * Automatically runs targeted Metasploit scan and exploit modules
 * Automatically scans all web applications for common vulnerabilities
-* Automatically brute forces all open services
-* Automatically exploit remote hosts to gain remote shell access
-* Performs high level enumeration of multiple hosts
+* Automatically brute forces ALL open services
+* Automatically test for anonymous FTP access
+* Automatically runs WPScan, Arachni and Nikto for all web services
+* Automatically enumerates NFS shares
+* Automatically test for anonymous LDAP access
+* Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
+* Automatically enumerate SNMP community strings, services and users
+* Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
+* Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
+* Automatically tests for open X11 servers
 * Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
+* Performs high level enumeration of multiple hosts and subnets
 * Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
+* Automatically gathers screenshots of all web sites
 * Create individual workspaces to store all scan output
 
 ## KALI LINUX INSTALL:
@@ -53,6 +62,7 @@ sniper <target> nobrute <report>
 sniper <targets.txt> airstrike <report>
 sniper <targets.txt> nuke <report>
 sniper loot
+sniper update
 ```
 
 ### MODES:
@@ -66,6 +76,7 @@ sniper loot
 * **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
 * **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
 * **LOOT:** Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type 'sniper loot'.
+* **UPDATE:** Checks for updates and upgrades all components used by sniper.
 
 ## SAMPLE REPORT:
 https://gist.github.com/1N3/8214ec2da2c91691bcbc

TODO.md

@@ -1,3 +1,4 @@
 ###TODO:
 
+* Add proxy support for all scans
 * Add automatic reporting for all scans by default

bin/iis-buffer-overflow.nse

@@ -161,15 +161,15 @@ Original exploit by Zhiniang Peng and Chen Wu.
 
   if status == '200' then
     -- Buffer overflow is successfully executed on the server.
-    vuln.state = vulns.STATE.EXPLOIT,
+    vuln.state = vulns.STATE.EXPLOIT
     vuln.exploit_results = response
   elseif status == '400' then
     -- Bad request error is occured because webdav is not installed.
-    vuln.state = vulns.STATE.LIKELY_VULN,
+    vuln.state = vulns.STATE.LIKELY_VULN
     vuln.exploit_results = "Server returned 400: Install webdav and try again."
   elseif status == '502' then
     -- Likely to have an error in the Server Name
-    vuln.state = vulns.STATE.LIKELY_VULN,
+    vuln.state = vulns.STATE.LIKELY_VULN
     vuln.exploit_results = "Server returned 502: Please try to change ServerName and run the exploit again"
   elseif status ~= nil then
     vuln.exploit_results = response

build.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+# build script to push to github... 
+git add *
+git commit -m 'Sn1per by 1N3CrowdShield'
+git push origin master

install.sh

@@ -32,12 +32,12 @@ mkdir $LOOT_DIR/screenshots 2> /dev/null
 mkdir $LOOT_DIR/nmap 2> /dev/null
 mkdir $LOOT_DIR/reports 2> /dev/null
 mkdir $LOOT_DIR/output 2> /dev/null
-cp -Rf $PWD/* $INSTALL_DIR 
+cp -Rf $PWD/* $INSTALL_DIR 2> /dev/null
 cd $INSTALL_DIR
 
 echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
-apt-get install ruby rubygems python dos2unix zenmap sslyze uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
-pip install dnspython colorama tldextract urllib3 ipaddress arachni
+apt-get install clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
+pip install dnspython colorama tldextract urllib3 ipaddress requests
 
 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
 gem install rake
@@ -45,7 +45,7 @@ gem install ruby-nmap net-http-persistent mechanize text-table
 
 echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
 rm -Rf Findsploit/ BruteX/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/ testssl.sh/ SimpleEmailSpoofer/ ssh-audit/ plugins/ 2> /dev/null
-mkdir $PLUGINS_DIR
+mkdir $PLUGINS_DIR 2> /dev/null
 cd $PLUGINS_DIR
 mkdir -p $PLUGINS_DIR/nmap_scripts/ 2> /dev/null
 
@@ -61,12 +61,17 @@ git clone https://github.com/0xsauby/yasuo.git
 git clone https://github.com/johndekroon/serializekiller.git 
 git clone https://github.com/aboul3la/Sublist3r.git 
 git clone https://github.com/nccgroup/shocker.git 
-git clone https://github.com/drwetter/testssl.sh.git 
+git clone --depth 1 https://github.com/drwetter/testssl.sh.git 
 git clone https://github.com/lunarca/SimpleEmailSpoofer 
 git clone https://github.com/arthepsy/ssh-audit 
+git clone https://github.com/m0rtem/CloudFail.git
+git clone https://github.com/deibit/cansina
+wget https://raw.githubusercontent.com/1N3/IntruderPayloads/master/FuzzLists/dirbuster-quick.txt -O /usr/share/sniper/plugins/cansina/dirbuster-quick.txt
 wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5638.nse -O /usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
-cp $PWD/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
+wget https://raw.githubusercontent.com/xorrbit/nmap/865142904566e416944ebd6870d496c730934965/scripts/http-vuln-INTEL-SA-00075.nse -O /usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse
+cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse 2> /dev/null
 echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
+cd $PLUGINS_DIR/CloudFail/ && apt-get install python3-pip && pip3 install -r requirements.txt
 cd $PLUGINS_DIR/Findsploit/ && bash install.sh
 cd $PLUGINS_DIR/BruteX/ && bash install.sh
 cd $INSTALL_DIR 
@@ -104,6 +109,4 @@ ln -s $PLUGINS_DIR/Findsploit/compilesploit /usr/bin/compilesploit
 ln -s $PLUGINS_DIR/MassBleed/massbleed /usr/bin/massbleed
 ln -s $PLUGINS_DIR/testssl.sh/testssl.sh /usr/bin/testssl
 echo -e "$OKORANGE + -- --=[Done!$RESET"
-echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"
-
-
+echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"