Delete sn1per-logo.png

Fix install.sh: add missing packages

CHANGELOG.md

@@ -1,4 +1,49 @@
 ## CHANGELOG:
+* v4.0 - Added new command switch options for all sniper scans (see --help for details)
+* v4.0 - Added HTML formatted report for all workspaces to display screenshots, headers, reports and open ports
+* v4.0 - Added optional scan options such as --recon, --osint, --fullportonly --bruteforce, etc. to selectively enable scan modules. (see --help for details) 
+* v4.0 - Improved Yasou scan options to include existing NMap XML files
+* v4.0 - Added automatic HTML/TXT/PDF reporting for all scans by default
+* v4.0 - Updated default workspace directory to store all loot files by $TARGET name or $WORKSPACE alias
+* v4.0 - Added screenshot and header retrieval to loot storage
+* v4.0 - Updated NMAP SMB enum script
+* v3.0 - Improved performance of various sniper modes
+* v3.0 - Added Aquatone domain flyover tool
+* v3.0 - Added slurp S3 public AWS scanner
+* v3.0 - Updated Sub-domain hijacking site list
+* v3.0 - Changed look and feel of console output to help readability
+* v3.0 - Added online/offline check to implement changes to scans when in online vs. offline mode
+* v2.9 - New improved fullportonly scan mode
+* v2.9 - Added online check to see if there's an active internet connection
+* v2.9 - Changed default browser to firefox to clear up errors in loot commmand
+* v2.9 - Created uninstall.sh script to uninstall sniper
+* v2.9 - Removed automatic workspace creation per scan
+* v2.9 - Added curl timeout in update command to fix lag
+* v2.9 - Fixed minor NMap UDP scan flag issue
+* v2.9 - Added Metagoofil
+* v2.9 - Updated theharvester scan options to include more results
+* v2.8 - Improved discovery mode scan performance and output
+* v2.8 - Improved fullportonly scan performance
+* v2.8 - Improved startup performance options
+* v2.8 - Added Cansina web/file brute force tool
+* v2.8 - Added webporthttp and webporthttps modes
+* v2.8 - Added custerd software enumeration tool
+* v2.7 - Fixed issue with sniper update command and install.sh not running
+* v2.7 - Fixed errors with GooHak
+* v2.7 - Fixed syntax errors in sniper conditional statements 
+* v2.7 - Added CloudFail 
+* v2.7 - Fixed issue with [: ==: unary operator expected errors
+* v2.6 - Added Blackarch Linux support 
+* v2.6 - Added $BROWSER variable to set default browser
+* v2.5g - Updated README with update command
+* v2.5f - Fixes for various bugs reported and fixed by @ifly53e (https://github.com/1N3/Sn1per/pull/89)
+* v2.5e - Fixed issue with port 3128/tcp checks (CC. @ifly53e)
+* v2.5d - Added searchsploit option for (-v) to search all terms (CC. @ifly53e)
+* v2.5c - Added various improvements to 'discover' mode scans
+* v2.5b - Removed NMap script checks for 'fullportonly' mode
+* v2.5a - Added auto-updates to check and download new versions
+* v2.5a - Fixed issue with install.sh to resolve pip aha error
+* v2.5a - Added libxml2-utils to install.sh to meet dependencies
 * v2.5 - Added HTML report generation via sniper 'loot' command
 * v2.5 - Added automatic NMap searchsploit integration to find exploits
 * v2.5 - Added various improvements to Sn1per discovery scan mode
@@ -156,10 +201,3 @@
 * v1.4 - Added Breach-Miner for detection of breached accounts
 * v1.4 - Fixed minor errors with nmap
 * v1.4 - Removed debug output from goohak from displaying on console
-
-## FUTURE:
-* Add auto logging and reporting to all scans
-* Add HTML reporting for scans
-* Add automated Wireless attacks to Sn1per
-* Add automated MITM attacks to Sn1per
-* Add web mode port option for customized web scans

LICENSE.md

@@ -0,0 +1,2 @@
+## LICENSE:
+This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

README.md

@@ -1,35 +1,35 @@
-![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.jpg)
+![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per.jpg)
 
 ## ABOUT:
 Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. 
 
 ## DEMO VIDEO:
-[![Sn1per Demo](https://img.youtube.com/vi/nA_V_u3QZA4/0.jpg)](https://www.youtube.com/watch?v=nA_V_u3QZA4)
+[![Demo](https://asciinema.org/a/IDckE48BNSWQ8TV8yEjJjjMNm.png)](https://asciinema.org/a/IDckE48BNSWQ8TV8yEjJjjMNm)
 
 ## FEATURES:
-* Automatically collects basic recon (ie. whois, ping, DNS, etc.)
-* Automatically launches Google hacking queries against a target domain
-* Automatically enumerates open ports via NMap port scanning
-* Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
-* Automatically checks for sub-domain hijacking
-* Automatically runs targeted NMap scripts against open ports
-* Automatically runs targeted Metasploit scan and exploit modules
-* Automatically scans all web applications for common vulnerabilities
-* Automatically brute forces ALL open services
-* Automatically test for anonymous FTP access
-* Automatically runs WPScan, Arachni and Nikto for all web services
-* Automatically enumerates NFS shares
-* Automatically test for anonymous LDAP access
-* Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
-* Automatically enumerate SNMP community strings, services and users
-* Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
-* Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
-* Automatically tests for open X11 servers
-* Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
-* Performs high level enumeration of multiple hosts and subnets
-* Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
-* Automatically gathers screenshots of all web sites
-* Create individual workspaces to store all scan output
+- [x] Automatically collects basic recon (ie. whois, ping, DNS, etc.)
+- [x] Automatically launches Google hacking queries against a target domain
+- [x] Automatically enumerates open ports via NMap port scanning
+- [x] Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
+- [x] Automatically checks for sub-domain hijacking
+- [x] Automatically runs targeted NMap scripts against open ports
+- [x] Automatically runs targeted Metasploit scan and exploit modules
+- [x] Automatically scans all web applications for common vulnerabilities
+- [x] Automatically brute forces ALL open services
+- [x] Automatically test for anonymous FTP access
+- [x] Automatically runs WPScan, Arachni and Nikto for all web services
+- [x] Automatically enumerates NFS shares
+- [x] Automatically test for anonymous LDAP access
+- [x] Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
+- [x] Automatically enumerate SNMP community strings, services and users
+- [x] Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
+- [x] Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
+- [x] Automatically tests for open X11 servers
+- [x] Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
+- [x] Performs high level enumeration of multiple hosts and subnets
+- [x] Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
+- [x] Automatically gathers screenshots of all web sites
+- [x] Create individual workspaces to store all scan output
 
 ## KALI LINUX INSTALL:
 ```
@@ -38,6 +38,8 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 
 ## DOCKER INSTALL:
 
+Credits: @menzow
+
 Docker Install:
 https://github.com/menzow/sn1per-docker
 
@@ -52,30 +54,82 @@ $ docker run --rm -ti menzo/sn1per-docker sniper menzo.io
 
 ## USAGE:
 ```
-sniper <target> <report>
-sniper <target> stealth <report>
-sniper <CIDR> discover
-sniper <target> port <portnum> 
-sniper <target> fullportonly <portnum>
-sniper <target> web <report>
-sniper <target> nobrute <report>
-sniper <targets.txt> airstrike <report>
-sniper <targets.txt> nuke <report>
-sniper loot
+[*] NORMAL MODE
+sniper -t|--target <TARGET>
+
+[*] NORMAL MODE + OSINT + RECON
+sniper -t|--target <TARGET> -o|--osint -re|--recon
+
+[*] STEALTH MODE + OSINT + RECON
+sniper -t|--target <TARGET> -m|--mode stealth -o|--osint -re|--recon
+
+[*] DISCOVER MODE
+sniper -t|--target <CIDR> -m|--mode discover -w|--workspace <WORSPACE_ALIAS>
+
+[*] SCAN ONLY SPECIFIC PORT
+sniper -t|--target <TARGET> -m port -p|--port <portnum>
+
+[*] FULLPORTONLY SCAN MODE
+sniper -t|--target <TARGET> -fp|--fullportonly
+
+[*] PORT SCAN MODE
+sniper -t|--target <TARGET> -m|--mode port -p|--port <PORT_NUM>
+
+[*] WEB MODE - PORT 80 + 443 ONLY!
+sniper -t|--target <TARGET> -m|--mode web
+
+[*] HTTP WEB PORT MODE
+sniper -t|--target <TARGET> -m|--mode webporthttp -p|--port <port>
+
+[*] HTTPS WEB PORT MODE
+sniper -t|--target <TARGET> -m|--mode webporthttps -p|--port <port>
+
+[*] ENABLE BRUTEFORCE
+sniper -t|--target <TARGET> -b|--bruteforce
+
+[*] AIRSTRIKE MODE
+sniper -f|--file /full/path/to/targets.txt -m|--mode airstrike
+
+[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED
+sniper -f--file /full/path/to/targets.txt -m|--mode nuke -w|--workspace <WORKSPACE_ALIAS>
+
+[*] ENABLE LOOT IMPORTING INTO METASPLOIT
+sniper -t|--target <TARGET>
+
+[*] LOOT REIMPORT FUNCTION
+sniper -w <WORKSPACE_ALIAS> --reimport
+
+[*] UPDATE SNIPER
+sniper -u|--update
 ```
 
 ### MODES:
-* **REPORT:** Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
-* **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
+* **NORMAL:** Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
+* **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
+* **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
+* **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
 * **DISCOVER:** Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
 * **PORT:** Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
 * **FULLPORTONLY:** Performs a full detailed port scan and saves results to XML.
 * **WEB:** Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.   
-* **NOBRUTE:** Launches a full scan against a target host/domain without brute forcing services.
-* **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
-* **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke. 
-* **LOOT:** Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type 'sniper loot'.
+* **WEBPORTHTTP:** Launches a full HTTP web application scan against a specific host and port.
+* **WEBPORTHTTPS:** Launches a full HTTPS web application scan against a specific host and port.
+* **UPDATE:** Checks for updates and upgrades all components used by sniper.
+* **REIMPORT:** Reimport all workspace files into Metasploit and reproduce all reports.
 
 ## SAMPLE REPORT:
 https://gist.github.com/1N3/8214ec2da2c91691bcbc
 
+## LICENSE:
+This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
+
+## LOGO:
+Credit to Sponge Nutter for the original sniper penguin logo.
+
+## DONATIONS:
+Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support for sniper.
+- [x] BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum
+- [x] ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d
+- [x] LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f
+- [x] XMR 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbS3EN24xprAQ1Z5Sy5s
+- [x] ZCASH t1fsizsk2cqqJAjRoUmXJSyoVa9utYucXt7

TODO.md

@@ -1,8 +1,19 @@
 ###TODO:
 
-* Add web port scans for directed web scans
-* Add various modes (airstrike,nuke,web,etc.) for discovery scans
-* Add automatic reporting for all scans by default
-* Add Metasploit RCE exploit for MS17-010 (ETTERNALBLUE)
-* Add Metasploit RCE exploit for CVE-2016-6366 (EXTRABACON)
-* Add reporting for discover mode
+* Implement a module system for running specific commands/modules
+* Add checks to make sure all commands exist at startup. If not, refer to installer. 
+* Add command line parsing of options/modes
+
+sniper --target crowdshield.com --workspace crowdshield.com --report --bruteforce --web --recon --portscan
+sniper --target crowdshield.com --kalionly --offline --webportonly 443
+
+* Create a sniper-kali release to only use base Kali image toolsets
+* Check if there's an active internet connection, if not, run offline mode
+* Add automatic reporting and workspace creation for all scans by default
+* Add proxy support for all scans
+* Create uninstall.sh script
+* Add AWS security checks
+* Look into adding aquatone
+* Look into adding gobuster
+* Update subdomain list with aquatone list
+* Increase thread count for file/dir brute force

bin/iis-buffer-overflow.nse

@@ -161,15 +161,15 @@ Original exploit by Zhiniang Peng and Chen Wu.
 
   if status == '200' then
     -- Buffer overflow is successfully executed on the server.
-    vuln.state = vulns.STATE.EXPLOIT,
+    vuln.state = vulns.STATE.EXPLOIT
     vuln.exploit_results = response
   elseif status == '400' then
     -- Bad request error is occured because webdav is not installed.
-    vuln.state = vulns.STATE.LIKELY_VULN,
+    vuln.state = vulns.STATE.LIKELY_VULN
     vuln.exploit_results = "Server returned 400: Install webdav and try again."
   elseif status == '502' then
     -- Likely to have an error in the Server Name
-    vuln.state = vulns.STATE.LIKELY_VULN,
+    vuln.state = vulns.STATE.LIKELY_VULN
     vuln.exploit_results = "Server returned 502: Please try to change ServerName and run the exploit again"
   elseif status ~= nil then
     vuln.exploit_results = response

bin/pyText2pdf.py

@@ -0,0 +1,601 @@
+#! /usr/bin/env python
+"""
+ pyText2Pdf - Python script to convert plain text files into Adobe
+ Acrobat PDF files with support for arbitrary page breaks etc.
+
+ Version 2.0
+
+ Author: Anand B Pillai <abpillai at gmail dot com>
+    
+"""
+
+# Derived from http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/189858
+
+import sys, os
+import string
+import time
+import optparse
+import re
+
+LF_EXTRA=0
+LINE_END='\015'
+# form feed character (^L)
+FF=chr(12)
+
+ENCODING_STR = """\
+/Encoding <<
+/Differences [ 0 /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /space /exclam
+/quotedbl /numbersign /dollar /percent /ampersand
+/quoteright /parenleft /parenright /asterisk /plus /comma
+/hyphen /period /slash /zero /one /two /three /four /five
+/six /seven /eight /nine /colon /semicolon /less /equal
+/greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L
+/M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft
+/backslash /bracketright /asciicircum /underscore
+/quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p
+/q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright
+/asciitilde /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef
+/dotlessi /grave /acute /circumflex /tilde /macron /breve
+/dotaccent /dieresis /.notdef /ring /cedilla /.notdef
+/hungarumlaut /ogonek /caron /space /exclamdown /cent
+/sterling /currency /yen /brokenbar /section /dieresis
+/copyright /ordfeminine /guillemotleft /logicalnot /hyphen
+/registered /macron /degree /plusminus /twosuperior
+/threesuperior /acute /mu /paragraph /periodcentered
+/cedilla /onesuperior /ordmasculine /guillemotright
+/onequarter /onehalf /threequarters /questiondown /Agrave
+/Aacute /Acircumflex /Atilde /Adieresis /Aring /AE
+/Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave
+/Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve
+/Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash
+/Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn
+/germandbls /agrave /aacute /acircumflex /atilde /adieresis
+/aring /ae /ccedilla /egrave /eacute /ecircumflex
+/edieresis /igrave /iacute /icircumflex /idieresis /eth
+/ntilde /ograve /oacute /ocircumflex /otilde /odieresis
+/divide /oslash /ugrave /uacute /ucircumflex /udieresis
+/yacute /thorn /ydieresis ]
+>>
+"""
+
+INTRO="""\
+%prog [options] filename
+
+PyText2Pdf  makes a 7-bit clean PDF file from any input file.
+
+It reads from a named file, and writes the PDF file to a file specified by
+the user, otherwise to a file with '.pdf' appended to the input file.
+
+Author: Anand B Pillai."""
+
+
+class PyText2Pdf(object):
+    """ Text2pdf converter in pure Python """
+    
+    def __init__(self):
+        # version number
+        self._version="1.3"
+        # iso encoding flag
+        self._IsoEnc=False
+        # formfeeds flag
+        self._doFFs=False
+        self._progname="PyText2Pdf"
+        self._appname = " ".join((self._progname,str(self._version)))
+        # default font
+        self._font="/Courier"
+        # default font size
+        self._ptSize=10
+        # default vert space
+        self._vertSpace=12
+        self._lines=0
+        # number of characters in a row
+        self._cols=80
+        self._columns=1
+        # page ht
+        self._pageHt=792
+        # page wd
+        self._pageWd=612
+        # input file 
+        self._ifile=""
+        # output file 
+        self._ofile=""
+        # default tab width
+        self._tab=4
+        # input file descriptor
+        self._ifs=None
+        # output file descriptor
+        self._ofs=None
+        # landscape flag
+        self._landscape=False
+        # Subject
+        self._subject = ''
+        # Author
+        self._author = ''
+        # Keywords
+        self._keywords = []
+        # Custom regexp  for page breaks
+        self._pagebreakre = None
+        
+        # marker objects
+        self._curobj = 5
+        self._pageObs = [0]
+        self._locations = [0,0,0,0,0,0]
+        self._pageNo=0
+
+        # file position marker
+        self._fpos=0
+
+    def parse_args(self):
+        
+        """ Callback function called by argument parser.
+        Helps to remove duplicate code """
+
+        if len(sys.argv)<2:
+            sys.argv.append('-h')
+            
+        parser = optparse.OptionParser(usage=INTRO)
+        parser.add_option('-o','--output',dest='outfile',help='Direct output to file OUTFILE',metavar='OUTFILE')
+        parser.add_option('-f','--font',dest='font',help='Use Postscript font FONT (must be in standard 14, default: Courier)',
+                          default='Courier')
+        parser.add_option('-I','--isolatin',dest='isolatin',help='Use ISO latin-1 encoding',default=False,action='store_true')
+        parser.add_option('-s','--size',dest='fontsize',help='Use font at PTSIZE points (default=>10)',metavar='PTSIZE',default=10)
+        parser.add_option('-v','--linespace',dest='linespace',help='Use line spacing LINESPACE (deault 12)',metavar='LINESPACE',default=12)
+        parser.add_option('-l','--lines',dest='lines',help='Lines per page (default 60, determined automatically if unspecified)',default=60, metavar=None)
+        parser.add_option('-c','--chars',dest='chars',help='Maximum characters per line (default 80)',default=80,metavar=None)
+        parser.add_option('-t','--tab',dest='tabspace',help='Spaces per tab character (default 4)',default=4,metavar=None)
+        parser.add_option('-F','--ignoreff',dest='formfeed',help='Ignore formfeed character ^L (i.e, accept formfeed characters as pagebreaks)',default=False,action='store_true')
+        parser.add_option('-P','--papersize',dest='papersize',help='Set paper size (default is letter, accepted values are "A4" or "A3")')
+        parser.add_option('-W','--width',dest='width',help='Independent paper width in points',metavar=None,default=612)
+        parser.add_option('-H','--height',dest='height',help='Independent paper height in points',metavar=None,default=792)
+        parser.add_option('-2','--twocolumns',dest='twocolumns',help='Format as two columns',metavar=None,default=False,action='store_true')
+        parser.add_option('-L','--landscape',dest='landscape',help='Format in landscape mode',metavar=None,default=False,action='store_true')
+        parser.add_option('-R','--regexp',dest='pageregexp',help='Regular expression string to determine page breaks (if supplied, this will be used to split text into pages, instead of using line count)',metavar=None)
+        parser.add_option('-S','--subject',dest='subject',help='Optional subject for the document',metavar=None)
+        parser.add_option('-A','--author',dest='author',help='Optional author for the document',metavar=None)
+        parser.add_option('-K','--keywords',dest='keywords',help='Optional list of keywords for the document (separated by commas)',metavar=None)
+        
+
+        optlist, args = parser.parse_args()
+        # print optlist.__dict__, args
+
+        if len(args)==0:
+            sys.exit('Error: input file argument missing')
+        elif len(args)>1:
+            sys.exit('Error: Too many arguments')            
+
+        self._ifile = args[0]
+        
+        d = optlist.__dict__
+        if d.get('isolatin'): self._IsoEnc=True
+        if d.get('formfeed'): self._doFFs = True
+        if d.get('twocolumns'): self._columns = 2
+        if d.get('landscape'): self._landscape = True
+
+        self._font = '/' + d.get('font')
+        psize = d.get('papersize')
+        if psize=='A4':
+            self._pageWd=595
+            self._pageHt=842
+        elif psize=='A3':
+            self._pageWd=842
+            self._pageHt=1190
+
+        fsize = int(d.get('fontsize'))
+        if fsize < 1: fsize = 1
+        self._ptSize = fsize
+
+        lspace = int(d.get('linespace'))
+        if lspace<1: lspace = 1
+        self._vertSpace = lspace
+
+        lines = int(d.get('lines'))
+        if lines<1: lines = 1
+        self._lines = int(lines)
+
+        chars = int(d.get('chars'))
+        if chars<4: chars = 4
+        self._cols = chars
+
+        tab = int(d.get('tabspace'))
+        if tab<1: tab = 1
+        self._tab = tab
+
+        w = int(d.get('width'))
+        if w<72: w=72
+        self._pageWd = w
+
+        h = int(d.get('height'))
+        if h<72: h=72
+        self._pageHt = h
+
+        # Very optional args
+        author = d.get('author')
+        if author: self._author = author
+
+        subject = d.get('subject')
+        if subject: self._subject = subject
+
+        keywords = d.get('keywords')
+        if keywords:
+            self._keywords = keywords.split(',')
+
+        pagebreak = d.get('pageregexp')
+        if pagebreak:
+            self._pagebreakre = re.compile(pagebreak, re.UNICODE|re.IGNORECASE)
+        
+        outfile = d.get('outfile')
+        if outfile: self._ofile = outfile
+        
+        if self._landscape:
+            print 'Landscape option on...'
+        if self._columns==2:
+            print 'Printing in two columns...'
+        if self._doFFs:
+            print 'Ignoring form feed character...'
+        if self._IsoEnc:
+            print 'Using ISO Latin Encoding...'
+
+        print 'Using font',self._font[1:],'size =', self._ptSize
+
+    def writestr(self, str):
+        """ Write string to output file descriptor.
+        All output operations go through this function.
+        We keep the current file position also here"""
+
+        # update current file position
+        self._fpos += len(str)
+        for x in range(0, len(str)):
+            if str[x] == '\n':
+                self._fpos += LF_EXTRA
+        try:
+            self._ofs.write(str)
+        except IOError, e:
+            print e
+            return -1
+
+        return 0
+            
+    def convert(self):
+        """ Perform the actual conversion """
+    
+        if self._landscape:
+            # swap page width & height
+            tmp = self._pageHt
+            self._pageHt = self._pageWd
+            self._pageWd = tmp
+
+        if self._lines==0:
+            self._lines = (self._pageHt - 72)/self._vertSpace
+        if self._lines < 1:
+            self._lines=1
+        
+        try:
+            self._ifs=open(self._ifile)
+        except IOError, (strerror, errno):
+            print 'Error: Could not open file to read --->', self._ifile
+            sys.exit(3)
+
+        if self._ofile=="":
+            self._ofile = os.path.splitext(self._ifile)[0] + '.pdf'
+
+        try:
+            self._ofs = open(self._ofile, 'wb')
+        except IOError, (strerror, errno):
+            print 'Error: Could not open file to write --->', self._ofile
+            sys.exit(3)
+
+        print 'Input file=>',self._ifile
+        print 'Writing pdf file',self._ofile, '...'
+        self.writeheader()
+        self.writepages()
+        self.writerest()
+
+        print 'Wrote file', self._ofile
+        self._ifs.close()
+        self._ofs.close()
+        return 0
+
+    def writeheader(self):
+        """Write the PDF header"""
+
+        ws = self.writestr
+
+        title = self._ifile
+        
+        t=time.localtime()
+        timestr=str(time.strftime("D:%Y%m%d%H%M%S", t))
+        ws("%PDF-1.4\n")
+        self._locations[1] = self._fpos
+        ws("1 0 obj\n")
+        ws("<<\n")
+
+        buf = "".join(("/Creator (", self._appname, " By Anand B Pillai )\n"))
+        ws(buf)
+        buf = "".join(("/CreationDate (", timestr, ")\n"))
+        ws(buf)
+        buf = "".join(("/Producer (", self._appname, "(\\251 Anand B Pillai))\n"))
+        ws(buf)
+        if self._subject:
+            title = self._subject
+            buf = "".join(("/Subject (",self._subject,")\n"))
+            ws(buf)
+        if self._author:
+            buf = "".join(("/Author (",self._author,")\n"))
+            ws(buf)
+        if self._keywords:
+            buf = "".join(("/Keywords (",' '.join(self._keywords),")\n"))
+            ws(buf)
+
+        if title:
+            buf = "".join(("/Title (", title, ")\n"))
+            ws(buf)
+
+        ws(">>\n")
+        ws("endobj\n")
+    
+        self._locations[2] = self._fpos
+
+        ws("2 0 obj\n")
+        ws("<<\n")
+        ws("/Type /Catalog\n")
+        ws("/Pages 3 0 R\n")
+        ws(">>\n")
+        ws("endobj\n")
+        
+        self._locations[4] = self._fpos
+        ws("4 0 obj\n")
+        ws("<<\n")
+        buf = "".join(("/BaseFont ", str(self._font), " /Encoding /WinAnsiEncoding /Name /F1 /Subtype /Type1 /Type /Font >>\n"))
+        ws(buf)
+    
+        if self._IsoEnc:
+            ws(ENCODING_STR)
+            
+        ws(">>\n")
+        ws("endobj\n")
+        
+        self._locations[5] = self._fpos
+        
+        ws("5 0 obj\n")
+        ws("<<\n")
+        ws("  /Font << /F1 4 0 R >>\n")
+        ws("  /ProcSet [ /PDF /Text ]\n")
+        ws(">>\n")
+        ws("endobj\n")
+    
+    def startpage(self):
+        """ Start a page of data """
+
+        ws = self.writestr
+        
+        self._pageNo += 1
+        self._curobj += 1
+
+        self._locations.append(self._fpos)
+        self._locations[self._curobj]=self._fpos
+    
+        self._pageObs.append(self._curobj)
+        self._pageObs[self._pageNo] = self._curobj
+        
+        buf = "".join((str(self._curobj), " 0 obj\n"))
+
+        ws(buf)
+        ws("<<\n")
+        ws("/Type /Page\n")
+        ws("/Parent 3 0 R\n")
+        ws("/Resources 5 0 R\n")
+
+        self._curobj += 1
+        buf = "".join(("/Contents ", str(self._curobj), " 0 R\n"))
+        ws(buf)
+        ws(">>\n")
+        ws("endobj\n")
+        
+        self._locations.append(self._fpos)
+        self._locations[self._curobj] = self._fpos
+
+        buf = "".join((str(self._curobj), " 0 obj\n"))
+        ws(buf)
+        ws("<<\n")
+        
+        buf = "".join(("/Length ", str(self._curobj + 1), " 0 R\n"))
+        ws(buf)
+        ws(">>\n")
+        ws("stream\n")
+        strmPos = self._fpos
+    
+        ws("BT\n");
+        buf = "".join(("/F1 ", str(self._ptSize), " Tf\n"))
+        ws(buf)
+        buf = "".join(("1 0 0 1 50 ", str(self._pageHt - 40), " Tm\n"))
+        ws(buf)
+        buf = "".join((str(self._vertSpace), " TL\n"))
+        ws(buf)
+    
+        return strmPos
+
+    def endpage(self, streamStart):
+        """End a page of data """
+        
+        ws = self.writestr
+
+        ws("ET\n")
+        streamEnd = self._fpos
+        ws("endstream\n")
+        ws("endobj\n")
+    
+        self._curobj += 1
+        self._locations.append(self._fpos)
+        self._locations[self._curobj] = self._fpos
+    
+        buf = "".join((str(self._curobj), " 0 obj\n"))
+        ws(buf)
+        buf = "".join((str(streamEnd - streamStart), '\n'))
+        ws(buf)
+        ws('endobj\n')
+    
+    def writepages(self):
+        """Write pages as PDF"""
+        
+        ws = self.writestr
+
+        beginstream=0
+        lineNo, charNo=0,0
+        ch, column=0,0
+        padding,i=0,0
+        atEOF=0
+        linebuf = ''
+        
+        while not atEOF:
+            beginstream = self.startpage()
+            column=1
+            
+            while column <= self._columns:
+                column += 1
+                atFF=0
+                atBOP=0
+                lineNo=0
+                # Special flag for regexp page break
+                pagebreak = False
+                
+                while lineNo < self._lines and not atFF and not atEOF and not pagebreak:
+                    linebuf = ''
+                    lineNo += 1
+                    ws("(")
+                    charNo=0
+                    
+                    while charNo < self._cols:
+                        charNo += 1
+                        ch = self._ifs.read(1)
+                        cond = ((ch != '\n') and not(ch==FF and self._doFFs) and (ch != ''))
+                        if not cond:
+                            # See if this dude matches the pagebreak regexp
+                            if self._pagebreakre and self._pagebreakre.search(linebuf.strip()):
+                                pagebreak = True
+                                
+                            linebuf = ''
+                            break
+                        else:
+                            linebuf = linebuf + ch
+
+                        if ord(ch) >= 32 and ord(ch) <= 127:
+                            if ch == '(' or ch == ')' or ch == '\\':
+                                ws("\\")
+                            ws(ch)
+                        else:
+                            if ord(ch) == 9:
+                                padding =self._tab - ((charNo - 1) % self._tab)
+                                for i in range(padding):
+                                    ws(" ")
+                                charNo += (padding -1)
+                            else:
+                                if ch != FF:
+                                    # write \xxx form for dodgy character
+                                    buf = "".join(('\\', ch))
+                                    ws(buf)
+                                else:
+                                    # dont print anything for a FF
+                                    charNo -= 1
+
+                    ws(")'\n")
+                    if ch == FF:
+                        atFF=1
+                    if lineNo == self._lines:
+                        atBOP=1
+                        
+                    if atBOP:
+                        pos=0
+                        ch = self._ifs.read(1)
+                        pos= self._ifs.tell()
+                        if ch == FF:
+                            ch = self._ifs.read(1)
+                            pos=self._ifs.tell()
+                        # python's EOF signature
+                        if ch == '':
+                            atEOF=1
+                        else:
+                            # push position back by one char
+                            self._ifs.seek(pos-1)
+
+                    elif atFF:
+                        ch = self._ifs.read(1)
+                        pos=self._ifs.tell()
+                        if ch == '':
+                            atEOF=1
+                        else:
+                            self._ifs.seek(pos-1)
+
+                if column < self._columns:
+                    buf = "".join(("1 0 0 1 ",
+                                   str((self._pageWd/2 + 25)),
+                                   " ",
+                                   str(self._pageHt - 40),
+                                   " Tm\n"))
+                    ws(buf)
+
+            self.endpage(beginstream)
+
+    def writerest(self):
+        """Finish the file"""
+
+        ws = self.writestr
+        self._locations[3] = self._fpos
+    
+        ws("3 0 obj\n")
+        ws("<<\n")
+        ws("/Type /Pages\n")
+        buf = "".join(("/Count ", str(self._pageNo), "\n"))
+        ws(buf)
+        buf = "".join(("/MediaBox [ 0 0 ", str(self._pageWd), " ", str(self._pageHt), " ]\n"))
+        ws(buf)
+        ws("/Kids [ ")
+    
+        for i in range(1, self._pageNo+1):
+            buf = "".join((str(self._pageObs[i]), " 0 R "))
+            ws(buf)
+
+        ws("]\n")
+        ws(">>\n")
+        ws("endobj\n")
+        
+        xref = self._fpos
+        ws("xref\n")
+        buf = "".join(("0 ", str((self._curobj) + 1), "\n"))
+        ws(buf)
+        buf = "".join(("0000000000 65535 f ", str(LINE_END)))
+        ws(buf)
+
+        for i in range(1, self._curobj + 1):
+            val = self._locations[i]
+            buf = "".join((string.zfill(str(val), 10), " 00000 n ", str(LINE_END)))
+            ws(buf)
+
+        ws("trailer\n")
+        ws("<<\n")
+        buf = "".join(("/Size ", str(self._curobj + 1), "\n"))
+        ws(buf)
+        ws("/Root 2 0 R\n")
+        ws("/Info 1 0 R\n")
+        ws(">>\n")
+        
+        ws("startxref\n")
+        buf = "".join((str(xref), "\n"))
+        ws(buf)
+        ws("%%EOF\n")
+        
+
+def main():
+    
+    pdfclass=PyText2Pdf()
+    pdfclass.parse_args()
+    pdfclass.convert()
+
+if __name__ == "__main__":
+    main()

build.sh

@@ -1,5 +0,0 @@
-#!/bin/bash
-# build script to push to github... 
-git add *
-git commit -m 'Sn1per by 1N3CrowdShield'
-git push origin master

install.sh

@@ -32,20 +32,28 @@ mkdir $LOOT_DIR/screenshots 2> /dev/null
 mkdir $LOOT_DIR/nmap 2> /dev/null
 mkdir $LOOT_DIR/reports 2> /dev/null
 mkdir $LOOT_DIR/output 2> /dev/null
-cp -Rf $PWD/* $INSTALL_DIR 
+mkdir $LOOT_DIR/osint 2> /dev/null
+cp -Rf $PWD/* $INSTALL_DIR 2> /dev/null
 cd $INSTALL_DIR
 
 echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
-apt-get install ruby rubygems python dos2unix zenmap sslyze arachni rpcbind uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
-pip install dnspython colorama tldextract urllib3 ipaddress aha
+<<<<<<< HEAD
+apt-get install eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt unicornscan host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
+apt-get install waffit 2> /dev/null
+=======
+apt-get install xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt unicornscan host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap nfs-common wafw00f
+>>>>>>> f450b78b5f346ea41df0cf44a70092a0d6fc9050
+pip install dnspython colorama tldextract urllib3 ipaddress requests
+curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
 
 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
+gem install aquatone
 gem install rake
 gem install ruby-nmap net-http-persistent mechanize text-table
 
 echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
 rm -Rf Findsploit/ BruteX/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/ testssl.sh/ SimpleEmailSpoofer/ ssh-audit/ plugins/ 2> /dev/null
-mkdir $PLUGINS_DIR
+mkdir $PLUGINS_DIR 2> /dev/null
 cd $PLUGINS_DIR
 mkdir -p $PLUGINS_DIR/nmap_scripts/ 2> /dev/null
 
@@ -61,13 +69,22 @@ git clone https://github.com/0xsauby/yasuo.git
 git clone https://github.com/johndekroon/serializekiller.git 
 git clone https://github.com/aboul3la/Sublist3r.git 
 git clone https://github.com/nccgroup/shocker.git 
-git clone https://github.com/drwetter/testssl.sh.git 
+git clone --depth 1 https://github.com/drwetter/testssl.sh.git 
 git clone https://github.com/lunarca/SimpleEmailSpoofer 
 git clone https://github.com/arthepsy/ssh-audit 
+git clone https://github.com/m0rtem/CloudFail.git
+git clone https://github.com/deibit/cansina
+git clone https://github.com/1N3/jexboss.git
+wget https://github.com/bbb31/slurp/releases/download/1.3/slurp.zip
+unzip slurp.zip
+rm -f slurp.zip
+wget https://github.com/michenriksen/aquatone/blob/master/subdomains.lst -O /usr/share/sniper/plugins/Sublist3r/subdomains.lst
+wget https://raw.githubusercontent.com/1N3/IntruderPayloads/master/FuzzLists/dirbuster-quick.txt -O /usr/share/sniper/plugins/cansina/dirbuster-quick.txt
 wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5638.nse -O /usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
 wget https://raw.githubusercontent.com/xorrbit/nmap/865142904566e416944ebd6870d496c730934965/scripts/http-vuln-INTEL-SA-00075.nse -O /usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse
-cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
+cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse 2> /dev/null
 echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
+cd $PLUGINS_DIR/CloudFail/ && apt-get install python3-pip && pip3 install -r requirements.txt
 cd $PLUGINS_DIR/Findsploit/ && bash install.sh
 cd $PLUGINS_DIR/BruteX/ && bash install.sh
 cd $INSTALL_DIR 
@@ -104,7 +121,7 @@ ln -s $PLUGINS_DIR/Findsploit/copysploit /usr/bin/copysploit
 ln -s $PLUGINS_DIR/Findsploit/compilesploit /usr/bin/compilesploit
 ln -s $PLUGINS_DIR/MassBleed/massbleed /usr/bin/massbleed
 ln -s $PLUGINS_DIR/testssl.sh/testssl.sh /usr/bin/testssl
+msfdb init 
+msfdb start
 echo -e "$OKORANGE + -- --=[Done!$RESET"
 echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"
-
-

uninstall.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+# Uninstall script for sn1per
+#
+# VARS
+OKBLUE='\033[94m'
+OKRED='\033[91m'
+OKGREEN='\033[92m'
+OKORANGE='\033[93m'
+RESET='\e[0m'
+
+echo -e "$OKRED                ____               $RESET"
+echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"
+echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
+echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
+echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
+echo -e "$OKRED               /_/                 $RESET"
+echo -e "$RESET"
+echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
+echo ""
+
+INSTALL_DIR=/usr/share/sniper
+
+echo -e "$OKGREEN + -- --=[This script will uninstall sniper and remove ALL files under $INSTALL_DIR. Are you sure you want to continue?$RESET"
+read answer 
+
+rm -Rf /usr/share/sniper/
+rm -f /usr/bin/sniper
+
+echo -e "$OKORANGE + -- --=[Done!$RESET"
+echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"