Sn1per by 1N3@CrowdShield

2018-01-04 21:57:07 -05:00 · 2017-12-12 21:02:17 -05:00 · 2017-11-23 11:11:18 -05:00
6 changed files with 630 additions and 294 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,10 @@
 ## CHANGELOG:
+* v3.0 - Improved performance of various sniper modes
+* v3.0 - Added Aquatone domain flyover tool
+* v3.0 - Added slurp S3 public AWS scanner
+* v3.0 - Updated Sub-domain hijacking site list
+* v3.0 - Changed look and feel of console output to help readability
+* v3.0 - Added online/offline check to implement changes to scans when in online vs. offline mode
 * v2.9 - New improved fullportonly scan mode
 * v2.9 - Added online check to see if there's an active internet connection
 * v2.9 - Changed default browser to firefox to clear up errors in loot commmand
@@ -187,7 +193,3 @@
 * v1.4 - Added Breach-Miner for detection of breached accounts
 * v1.4 - Fixed minor errors with nmap
 * v1.4 - Removed debug output from goohak from displaying on console
-
-## FUTURE:
-* Add auto logging and reporting to all scans
-* Add HTML reporting for scans
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -0,0 +1,2 @@
+## LICENSE:
+This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
--- a/README.md
+++ b/README.md
@@ -7,29 +7,29 @@ Sn1per is an automated scanner that can be used during a penetration test to enu
 [![Sn1per Demo](https://img.youtube.com/vi/nA_V_u3QZA4/0.jpg)](https://www.youtube.com/watch?v=nA_V_u3QZA4)

 ## FEATURES:
-* Automatically collects basic recon (ie. whois, ping, DNS, etc.)
-* Automatically launches Google hacking queries against a target domain
-* Automatically enumerates open ports via NMap port scanning
-* Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
-* Automatically checks for sub-domain hijacking
-* Automatically runs targeted NMap scripts against open ports
-* Automatically runs targeted Metasploit scan and exploit modules
-* Automatically scans all web applications for common vulnerabilities
-* Automatically brute forces ALL open services
-* Automatically test for anonymous FTP access
-* Automatically runs WPScan, Arachni and Nikto for all web services
-* Automatically enumerates NFS shares
-* Automatically test for anonymous LDAP access
-* Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
-* Automatically enumerate SNMP community strings, services and users
-* Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
-* Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
-* Automatically tests for open X11 servers
-* Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
-* Performs high level enumeration of multiple hosts and subnets
-* Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
-* Automatically gathers screenshots of all web sites
-* Create individual workspaces to store all scan output
+- [x] Automatically collects basic recon (ie. whois, ping, DNS, etc.)
+- [x] Automatically launches Google hacking queries against a target domain
+- [x] Automatically enumerates open ports via NMap port scanning
+- [x] Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
+- [x] Automatically checks for sub-domain hijacking
+- [x] Automatically runs targeted NMap scripts against open ports
+- [x] Automatically runs targeted Metasploit scan and exploit modules
+- [x] Automatically scans all web applications for common vulnerabilities
+- [x] Automatically brute forces ALL open services
+- [x] Automatically test for anonymous FTP access
+- [x] Automatically runs WPScan, Arachni and Nikto for all web services
+- [x] Automatically enumerates NFS shares
+- [x] Automatically test for anonymous LDAP access
+- [x] Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
+- [x] Automatically enumerate SNMP community strings, services and users
+- [x] Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
+- [x] Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
+- [x] Automatically tests for open X11 servers
+- [x] Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
+- [x] Performs high level enumeration of multiple hosts and subnets
+- [x] Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
+- [x] Automatically gathers screenshots of all web sites
+- [x] Create individual workspaces to store all scan output

 ## KALI LINUX INSTALL:
 ```
@@ -85,3 +85,13 @@ sniper update
 ## SAMPLE REPORT:
 https://gist.github.com/1N3/8214ec2da2c91691bcbc

+## LICENSE:
+This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
+
+## DONATIONS:
+Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support for sniper.
+- [x] BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum
+- [x] ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d
+- [x] LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f
+- [x] XMR 4JUdGzvrMFDWrUUwY3toJATSeNwjn54LkCnKBPRzDuhzi5vSepHfUckJNxRL2gjkNrSqtCoRUrEDAgRwsQvVCjZbS3EN24xprAQ1Z5Sy5s
+- [x] ZCASH t1fsizsk2cqqJAjRoUmXJSyoVa9utYucXt7
--- a/TODO.md
+++ b/TODO.md
@@ -1,5 +1,7 @@
 ###TODO:

+* Implement a module system for running specific commands/modules
+* Add checks to make sure all commands exist at startup. If not, refer to installer. 
 * Add command line parsing of options/modes

 sniper --target crowdshield.com --workspace crowdshield.com --report --bruteforce --web --recon --portscan
@@ -10,4 +12,8 @@ sniper --target crowdshield.com --kalionly --offline --webportonly 443
 * Add automatic reporting and workspace creation for all scans by default
 * Add proxy support for all scans
 * Create uninstall.sh script
-* Add AWS security checks
+* Add AWS security checks
+* Look into adding aquatone
+* Look into adding gobuster
+* Update subdomain list with aquatone list
+* Increase thread count for file/dir brute force
--- a/install.sh
+++ b/install.sh
@@ -41,6 +41,7 @@ apt-get install xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenm
 pip install dnspython colorama tldextract urllib3 ipaddress requests

 echo -e "$OKORANGE + -- --=[Installing gem dependencies...$RESET"
+gem install aquatone
 gem install rake
 gem install ruby-nmap net-http-persistent mechanize text-table

@@ -67,6 +68,10 @@ git clone https://github.com/lunarca/SimpleEmailSpoofer
 git clone https://github.com/arthepsy/ssh-audit 
 git clone https://github.com/m0rtem/CloudFail.git
 git clone https://github.com/deibit/cansina
+wget https://github.com/bbb31/slurp/releases/download/1.3/slurp.zip
+unzip slurp.zip
+rm -f slurp.zip
+wget https://github.com/michenriksen/aquatone/blob/master/subdomains.lst -O /usr/share/sniper/plugins/Sublist3r/subdomains.lst
 wget https://raw.githubusercontent.com/1N3/IntruderPayloads/master/FuzzLists/dirbuster-quick.txt -O /usr/share/sniper/plugins/cansina/dirbuster-quick.txt
 wget https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5638.nse -O /usr/share/nmap/scripts/http-vuln-cve2017-5638.nse
 wget https://raw.githubusercontent.com/xorrbit/nmap/865142904566e416944ebd6870d496c730934965/scripts/http-vuln-INTEL-SA-00075.nse -O /usr/share/nmap/scripts/http-vuln-INTEL-SA-00075.nse
--- a/843
+++ b/843
Author	SHA1	Message	Date
root	c405ee0b57	Sn1per by 1N3@CrowdShield	2018-01-04 21:57:07 -05:00
root	6a414347c9	Sn1per by 1N3@CrowdShield	2017-12-12 21:02:17 -05:00
root	c5c874d33d	Sn1per by 1N3@CrowdShield	2017-11-23 11:11:18 -05:00