Sn1per by 1N3CrowdShield

Blackarch support

CHANGELOG.md

@@ -1,4 +1,19 @@
 ## CHANGELOG:
+* v2.6c - Fixed errors with GooHak
+* v2.6c - Fixed syntax errors in sniper conditional statements 
+* v2.6b - Added CloudFail 
+* v2.6a - Fixed issue with [: ==: unary operator expected errors
+* v2.6 - Added Blackarch Linux support 
+* v2.6 - Added $BROWSER variable to set default browser
+* v2.5g - Updated README with update command
+* v2.5f - Fixes for various bugs reported and fixed by @ifly53e (https://github.com/1N3/Sn1per/pull/89)
+* v2.5e - Fixed issue with port 3128/tcp checks (CC. @ifly53e)
+* v2.5d - Added searchsploit option for (-v) to search all terms (CC. @ifly53e)
+* v2.5c - Added various improvements to 'discover' mode scans
+* v2.5b - Removed NMap script checks for 'fullportonly' mode
+* v2.5a - Added auto-updates to check and download new versions
+* v2.5a - Fixed issue with install.sh to resolve pip aha error
+* v2.5a - Added libxml2-utils to install.sh to meet dependencies
 * v2.5 - Added HTML report generation via sniper 'loot' command
 * v2.5 - Added automatic NMap searchsploit integration to find exploits
 * v2.5 - Added various improvements to Sn1per discovery scan mode

README.md

@@ -62,6 +62,7 @@ sniper <target> nobrute <report>
 sniper <targets.txt> airstrike <report>
 sniper <targets.txt> nuke <report>
 sniper loot
+sniper update
 ```
 
 ### MODES:
@@ -75,6 +76,7 @@ sniper loot
 * **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
 * **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
 * **LOOT:** Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type 'sniper loot'.
+* **UPDATE:** Checks for updates and upgrades all components used by sniper.
 
 ## SAMPLE REPORT:
 https://gist.github.com/1N3/8214ec2da2c91691bcbc

TODO.md

@@ -1,8 +1,7 @@
 ###TODO:
 
 * Add web port scans for directed web scans
+* Add proxy support for all scans
 * Add various modes (airstrike,nuke,web,etc.) for discovery scans
 * Add automatic reporting for all scans by default
-* Add Metasploit RCE exploit for MS17-010 (ETTERNALBLUE)
-* Add Metasploit RCE exploit for CVE-2016-6366 (EXTRABACON)
 * Add reporting for discover mode

bin/iis-buffer-overflow.nse

@@ -161,15 +161,15 @@ Original exploit by Zhiniang Peng and Chen Wu.
 
   if status == '200' then
     -- Buffer overflow is successfully executed on the server.
-    vuln.state = vulns.STATE.EXPLOIT,
+    vuln.state = vulns.STATE.EXPLOIT
     vuln.exploit_results = response
   elseif status == '400' then
     -- Bad request error is occured because webdav is not installed.
-    vuln.state = vulns.STATE.LIKELY_VULN,
+    vuln.state = vulns.STATE.LIKELY_VULN
     vuln.exploit_results = "Server returned 400: Install webdav and try again."
   elseif status == '502' then
     -- Likely to have an error in the Server Name
-    vuln.state = vulns.STATE.LIKELY_VULN,
+    vuln.state = vulns.STATE.LIKELY_VULN
     vuln.exploit_results = "Server returned 502: Please try to change ServerName and run the exploit again"
   elseif status ~= nil then
     vuln.exploit_results = response

install.sh

@@ -36,8 +36,8 @@ cp -Rf $PWD/* $INSTALL_DIR
 cd $INSTALL_DIR
 
 echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
-apt-get install ruby rubygems python dos2unix zenmap sslyze arachni rpcbind uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
-pip install dnspython colorama tldextract urllib3 ipaddress aha
+apt-get install ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
+pip install dnspython colorama tldextract urllib3 ipaddress
 
 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
 gem install rake
@@ -61,13 +61,15 @@ git clone https://github.com/0xsauby/yasuo.git
 git clone https://github.com/johndekroon/serializekiller.git 
 git clone https://github.com/aboul3la/Sublist3r.git 
 git clone https://github.com/nccgroup/shocker.git 
-git clone https://github.com/drwetter/testssl.sh.git 
+git clone --depth 1 https://github.com/drwetter/testssl.sh.git 
 git clone https://github.com/lunarca/SimpleEmailSpoofer 
 git clone https://github.com/arthepsy/ssh-audit 
+git clone https://github.com/m0rtem/CloudFail.git
 wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5638.nse -O /usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
 wget https://raw.githubusercontent.com/xorrbit/nmap/865142904566e416944ebd6870d496c730934965/scripts/http-vuln-INTEL-SA-00075.nse -O /usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse
 cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
 echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
+cd $PLUGINS_DIR/CloudFail/ && apt-get install python3-pip && pip3 install -r requirements.txt
 cd $PLUGINS_DIR/Findsploit/ && bash install.sh
 cd $PLUGINS_DIR/BruteX/ && bash install.sh
 cd $INSTALL_DIR 
@@ -105,6 +107,4 @@ ln -s $PLUGINS_DIR/Findsploit/compilesploit /usr/bin/compilesploit
 ln -s $PLUGINS_DIR/MassBleed/massbleed /usr/bin/massbleed
 ln -s $PLUGINS_DIR/testssl.sh/testssl.sh /usr/bin/testssl
 echo -e "$OKORANGE + -- --=[Done!$RESET"
-echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"
-
-
+echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"